npm - @azure/identity - Versions diffs - 4.6.0 → 4.6.1-alpha.20250116.2 - Mend

@azure/identity 4.6.0 → 4.6.1-alpha.20250116.2

Files changed (1115) hide show

package/dist/commonjs/constants.js ADDED Viewed

@@ -0,0 +1,78 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_TOKEN_CACHE_NAME = exports.CACHE_NON_CAE_SUFFIX = exports.CACHE_CAE_SUFFIX = exports.ALL_TENANTS = exports.DefaultAuthority = exports.DefaultAuthorityHost = exports.AzureAuthorityHosts = exports.DefaultTenantId = exports.DeveloperSignOnClientId = exports.SDK_VERSION = void 0;
+/**
+ * Current version of the `@azure/identity` package.
+ */
+exports.SDK_VERSION = `4.6.1`;
+/**
+ * The default client ID for authentication
+ * @internal
+ */
+// TODO: temporary - this is the Azure CLI clientID - we'll replace it when
+// Developer Sign On application is available
+// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9
+exports.DeveloperSignOnClientId = "04b07795-8ddb-461a-bbee-02f9e1bf7b46";
+/**
+ * The default tenant for authentication
+ * @internal
+ */
+exports.DefaultTenantId = "common";
+/**
+ * A list of known Azure authority hosts
+ */
+var AzureAuthorityHosts;
+(function (AzureAuthorityHosts) {
+    /**
+     * China-based Azure Authority Host
+     */
+    AzureAuthorityHosts["AzureChina"] = "https://login.chinacloudapi.cn";
+    /**
+     * Germany-based Azure Authority Host
+     *
+     * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.
+     *
+     * */
+    AzureAuthorityHosts["AzureGermany"] = "https://login.microsoftonline.de";
+    /**
+     * US Government Azure Authority Host
+     */
+    AzureAuthorityHosts["AzureGovernment"] = "https://login.microsoftonline.us";
+    /**
+     * Public Cloud Azure Authority Host
+     */
+    AzureAuthorityHosts["AzurePublicCloud"] = "https://login.microsoftonline.com";
+})(AzureAuthorityHosts || (exports.AzureAuthorityHosts = AzureAuthorityHosts = {}));
+/**
+ * @internal
+ * The default authority host.
+ */
+exports.DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;
+/**
+ * @internal
+ * The default environment host for Azure Public Cloud
+ */
+exports.DefaultAuthority = "login.microsoftonline.com";
+/**
+ * @internal
+ * Allow acquiring tokens for any tenant for multi-tentant auth.
+ */
+exports.ALL_TENANTS = ["*"];
+/**
+ * @internal
+ */
+exports.CACHE_CAE_SUFFIX = "cae";
+/**
+ * @internal
+ */
+exports.CACHE_NON_CAE_SUFFIX = "nocae";
+/**
+ * @internal
+ *
+ * The default name for the cache persistence plugin.
+ * Matches the constant defined in the cache persistence package.
+ */
+exports.DEFAULT_TOKEN_CACHE_NAME = "msal.cache";
+//# sourceMappingURL=constants.js.map

package/dist/commonjs/constants.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAElC;;GAEG;AACU,QAAA,WAAW,GAAG,OAAO,CAAC;AAEnC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AAC1F,QAAA,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACU,QAAA,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,mCAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACU,QAAA,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACU,QAAA,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACU,QAAA,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACU,QAAA,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACU,QAAA,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACU,QAAA,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `4.6.1`;\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n /**\n * China-based Azure Authority Host\n */\n AzureChina = \"https://login.chinacloudapi.cn\",\n /**\n * Germany-based Azure Authority Host\n *\n * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n *\n * */\n AzureGermany = \"https://login.microsoftonline.de\",\n /**\n * US Government Azure Authority Host\n */\n AzureGovernment = \"https://login.microsoftonline.us\",\n /**\n * Public Cloud Azure Authority Host\n */\n AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/**\n * @internal\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/**\n * @internal\n * The default environment host for Azure Public Cloud\n */\nexport const DefaultAuthority = \"login.microsoftonline.com\";\n\n/**\n * @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n */\nexport const ALL_TENANTS: string[] = [\"*\"];\n\n/**\n * @internal\n */\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/**\n * @internal\n */\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/**\n * @internal\n *\n * The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}

package/dist/commonjs/credentials/authorityValidationOptions.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/**
+ * Provides options to configure how the Identity library
+ * does authority validation during authentication requests
+ * to Microsoft Entra ID.
+ */
+export interface AuthorityValidationOptions {
+    /**
+     * The field determines whether instance discovery is performed when attempting to authenticate.
+     * Setting this to `true` will completely disable both instance discovery and authority validation.
+     * As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.
+     * This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.
+     * The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.
+     */
+    disableInstanceDiscovery?: boolean;
+}
+//# sourceMappingURL=authorityValidationOptions.d.ts.map

package/dist/commonjs/credentials/authorityValidationOptions.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"authorityValidationOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorityValidationOptions.ts"],"names":[],"mappings":"AAGA;;;;GAIG;AACH,MAAM,WAAW,0BAA0B;IACzC;;;;;;OAMG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;CACpC"}

package/dist/commonjs/credentials/authorityValidationOptions.js ADDED Viewed

@@ -0,0 +1,5 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=authorityValidationOptions.js.map

package/dist/commonjs/credentials/authorityValidationOptions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"authorityValidationOptions.js","sourceRoot":"","sources":["../../../src/credentials/authorityValidationOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Provides options to configure how the Identity library\n * does authority validation during authentication requests\n * to Microsoft Entra ID.\n */\nexport interface AuthorityValidationOptions {\n /**\n * The field determines whether instance discovery is performed when attempting to authenticate.\n * Setting this to `true` will completely disable both instance discovery and authority validation.\n * As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.\n * This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.\n * The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.\n */\n disableInstanceDiscovery?: boolean;\n}\n"]}

package/dist/commonjs/credentials/authorizationCodeCredential.d.ts ADDED Viewed

@@ -0,0 +1,73 @@
+import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
+import type { AuthorizationCodeCredentialOptions } from "./authorizationCodeCredentialOptions.js";
+/**
+ * Enables authentication to Microsoft Entra ID using an authorization code
+ * that was obtained through the authorization code flow, described in more detail
+ * in the Microsoft Entra ID documentation:
+ *
+ * https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow
+ */
+export declare class AuthorizationCodeCredential implements TokenCredential {
+    private msalClient;
+    private disableAutomaticAuthentication?;
+    private authorizationCode;
+    private redirectUri;
+    private tenantId?;
+    private additionallyAllowedTenantIds;
+    private clientSecret?;
+    /**
+     * Creates an instance of AuthorizationCodeCredential with the details needed
+     * to request an access token using an authentication that was obtained
+     * from Microsoft Entra ID.
+     *
+     * It is currently necessary for the user of this credential to initiate
+     * the authorization code flow to obtain an authorization code to be used
+     * with this credential.  A full example of this flow is provided here:
+     *
+     * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts
+     *
+     * @param tenantId - The Microsoft Entra tenant (directory) ID or name.
+     *                 'common' may be used when dealing with multi-tenant scenarios.
+     * @param clientId - The client (application) ID of an App Registration in the tenant.
+     * @param clientSecret - A client secret that was generated for the App Registration
+     * @param authorizationCode - An authorization code that was received from following the
+                                authorization code flow.  This authorization code must not
+                                have already been used to obtain an access token.
+     * @param redirectUri - The redirect URI that was used to request the authorization code.
+                          Must be the same URI that is configured for the App Registration.
+     * @param options - Options for configuring the client which makes the access token request.
+     */
+    constructor(tenantId: string | "common", clientId: string, clientSecret: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
+    /**
+     * Creates an instance of AuthorizationCodeCredential with the details needed
+     * to request an access token using an authentication that was obtained
+     * from Microsoft Entra ID.
+     *
+     * It is currently necessary for the user of this credential to initiate
+     * the authorization code flow to obtain an authorization code to be used
+     * with this credential.  A full example of this flow is provided here:
+     *
+     * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts
+     *
+     * @param tenantId - The Microsoft Entra tenant (directory) ID or name.
+     *                 'common' may be used when dealing with multi-tenant scenarios.
+     * @param clientId - The client (application) ID of an App Registration in the tenant.
+     * @param authorizationCode - An authorization code that was received from following the
+                                authorization code flow.  This authorization code must not
+                                have already been used to obtain an access token.
+     * @param redirectUri - The redirect URI that was used to request the authorization code.
+                          Must be the same URI that is configured for the App Registration.
+     * @param options - Options for configuring the client which makes the access token request.
+     */
+    constructor(tenantId: string | "common", clientId: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
+    /**
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                TokenCredential implementation might make.
+     */
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
+}
+//# sourceMappingURL=authorizationCodeCredential.d.ts.map

package/dist/commonjs/credentials/authorizationCodeCredential.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"authorizationCodeCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAKtF,OAAO,KAAK,EAAE,kCAAkC,EAAE,MAAM,yCAAyC,CAAC;AAUlG;;;;;;GAMG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,8BAA8B,CAAC,CAAU;IACjD,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,YAAY,CAAC,CAAS;IAE9B;;;;;;;;;;;;;;;;;;;;;OAqBG;gBAED,QAAQ,EAAE,MAAM,GAAG,QAAQ,EAC3B,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,iBAAiB,EAAE,MAAM,EACzB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,kCAAkC;IAE9C;;;;;;;;;;;;;;;;;;;;OAoBG;gBAED,QAAQ,EAAE,MAAM,GAAG,QAAQ,EAC3B,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EACzB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,kCAAkC;IA2C9C;;;;;;;OAOG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;CA0B/F"}

package/dist/commonjs/credentials/authorizationCodeCredential.js ADDED Viewed

@@ -0,0 +1,64 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationCodeCredential = void 0;
+const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
+const tenantIdUtils_js_2 = require("../util/tenantIdUtils.js");
+const logging_js_1 = require("../util/logging.js");
+const scopeUtils_js_1 = require("../util/scopeUtils.js");
+const tracing_js_1 = require("../util/tracing.js");
+const msalClient_js_1 = require("../msal/nodeFlows/msalClient.js");
+const logger = (0, logging_js_1.credentialLogger)("AuthorizationCodeCredential");
+/**
+ * Enables authentication to Microsoft Entra ID using an authorization code
+ * that was obtained through the authorization code flow, described in more detail
+ * in the Microsoft Entra ID documentation:
+ *
+ * https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow
+ */
+class AuthorizationCodeCredential {
+    /**
+     * @hidden
+     * @internal
+     */
+    constructor(tenantId, clientId, clientSecretOrAuthorizationCode, authorizationCodeOrRedirectUri, redirectUriOrOptions, options) {
+        (0, tenantIdUtils_js_2.checkTenantId)(logger, tenantId);
+        this.clientSecret = clientSecretOrAuthorizationCode;
+        if (typeof redirectUriOrOptions === "string") {
+            // the clientId+clientSecret constructor
+            this.authorizationCode = authorizationCodeOrRedirectUri;
+            this.redirectUri = redirectUriOrOptions;
+            // in this case, options are good as they come
+        }
+        else {
+            // clientId only
+            this.authorizationCode = clientSecretOrAuthorizationCode;
+            this.redirectUri = authorizationCodeOrRedirectUri;
+            this.clientSecret = undefined;
+            options = redirectUriOrOptions;
+        }
+        // TODO: Validate tenant if provided
+        this.tenantId = tenantId;
+        this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
+        this.msalClient = (0, msalClient_js_1.createMsalClient)(clientId, tenantId, Object.assign(Object.assign({}, options), { logger, tokenCredentialOptions: options !== null && options !== void 0 ? options : {} }));
+    }
+    /**
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                TokenCredential implementation might make.
+     */
+    async getToken(scopes, options = {}) {
+        return tracing_js_1.tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
+            const tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, newOptions, this.additionallyAllowedTenantIds);
+            newOptions.tenantId = tenantId;
+            const arrayScopes = (0, scopeUtils_js_1.ensureScopes)(scopes);
+            return this.msalClient.getTokenByAuthorizationCode(arrayScopes, this.redirectUri, this.authorizationCode, this.clientSecret, Object.assign(Object.assign({}, newOptions), { disableAutomaticAuthentication: this.disableAutomaticAuthentication }));
+        });
+    }
+}
+exports.AuthorizationCodeCredential = AuthorizationCodeCredential;
+//# sourceMappingURL=authorizationCodeCredential.js.map

package/dist/commonjs/credentials/authorizationCodeCredential.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"authorizationCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAGlC,+DAGkC;AAElC,+DAAyD;AACzD,mDAAsD;AACtD,yDAAqD;AACrD,mDAAmD;AAEnD,mEAAmE;AAEnE,MAAM,MAAM,GAAG,IAAA,6BAAgB,EAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;GAMG;AACH,MAAa,2BAA2B;IAmEtC;;;OAGG;IACH,YACE,QAA2B,EAC3B,QAAgB,EAChB,+BAAuC,EACvC,8BAAsC,EACtC,oBAA6E,EAC7E,OAA4C;QAE5C,IAAA,gCAAa,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChC,IAAI,CAAC,YAAY,GAAG,+BAA+B,CAAC;QAEpD,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE,CAAC;YAC7C,wCAAwC;YACxC,IAAI,CAAC,iBAAiB,GAAG,8BAA8B,CAAC;YACxD,IAAI,CAAC,WAAW,GAAG,oBAAoB,CAAC;YACxC,8CAA8C;QAChD,CAAC;aAAM,CAAC;YACN,gBAAgB;YAChB,IAAI,CAAC,iBAAiB,GAAG,+BAA+B,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,8BAAwC,CAAC;YAC5D,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;YAC9B,OAAO,GAAG,oBAA0D,CAAC;QACvE,CAAC;QAED,oCAAoC;QACpC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,IAAA,sDAAmC,EACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,IAAA,gCAAgB,EAAC,QAAQ,EAAE,QAAQ,kCAChD,OAAO,KACV,MAAM,EACN,sBAAsB,EAAE,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,IACrC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,QAAQ,GAAG,IAAA,4CAAyB,EACxC,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE/B,MAAM,WAAW,GAAG,IAAA,4BAAY,EAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,UAAU,CAAC,2BAA2B,CAChD,WAAW,EACX,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,iBAAiB,EACtB,IAAI,CAAC,YAAY,kCAEZ,UAAU,KACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IAEtE,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;CACF;AA9ID,kEA8IC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport type { AuthorizationCodeCredentialOptions } from \"./authorizationCodeCredentialOptions.js\";\nimport { checkTenantId } from \"../util/tenantIdUtils.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\n\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID using an authorization code\n * that was obtained through the authorization code flow, described in more detail\n * in the Microsoft Entra ID documentation:\n *\n * https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow\n */\nexport class AuthorizationCodeCredential implements TokenCredential {\n private msalClient: MsalClient;\n private disableAutomaticAuthentication?: boolean;\n private authorizationCode: string;\n private redirectUri: string;\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private clientSecret?: string;\n\n /**\n * Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Microsoft Entra ID.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Microsoft Entra tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n /**\n * Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Microsoft Entra ID.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Microsoft Entra tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n /**\n * @hidden\n * @internal\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecretOrAuthorizationCode: string,\n authorizationCodeOrRedirectUri: string,\n redirectUriOrOptions: string | AuthorizationCodeCredentialOptions | undefined,\n options?: AuthorizationCodeCredentialOptions,\n ) {\n checkTenantId(logger, tenantId);\n this.clientSecret = clientSecretOrAuthorizationCode;\n\n if (typeof redirectUriOrOptions === \"string\") {\n // the clientId+clientSecret constructor\n this.authorizationCode = authorizationCodeOrRedirectUri;\n this.redirectUri = redirectUriOrOptions;\n // in this case, options are good as they come\n } else {\n // clientId only\n this.authorizationCode = clientSecretOrAuthorizationCode;\n this.redirectUri = authorizationCodeOrRedirectUri as string;\n this.clientSecret = undefined;\n options = redirectUriOrOptions as AuthorizationCodeCredentialOptions;\n }\n\n // TODO: Validate tenant if provided\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n this.msalClient = createMsalClient(clientId, tenantId, {\n ...options,\n logger,\n tokenCredentialOptions: options ?? {},\n });\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n );\n newOptions.tenantId = tenantId;\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalClient.getTokenByAuthorizationCode(\n arrayScopes,\n this.redirectUri,\n this.authorizationCode,\n this.clientSecret,\n {\n ...newOptions,\n disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n },\n );\n },\n );\n }\n}\n"]}

package/dist/commonjs/credentials/authorizationCodeCredentialOptions.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
+/**
+ * Options for the {@link AuthorizationCodeCredential}
+ */
+export interface AuthorizationCodeCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
+}
+//# sourceMappingURL=authorizationCodeCredentialOptions.d.ts.map

package/dist/commonjs/credentials/authorizationCodeCredentialOptions.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"authorizationCodeCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,kCACf,SAAQ,iCAAiC,EACvC,0BAA0B;CAAG"}

package/dist/commonjs/credentials/authorizationCodeCredentialOptions.js ADDED Viewed

@@ -0,0 +1,5 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=authorizationCodeCredentialOptions.js.map

package/dist/commonjs/credentials/authorizationCodeCredentialOptions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"authorizationCodeCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link AuthorizationCodeCredential}\n */\nexport interface AuthorizationCodeCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n AuthorityValidationOptions {}\n"]}

package/dist/commonjs/credentials/azureApplicationCredential.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import type { AzureApplicationCredentialOptions } from "./azureApplicationCredentialOptions.js";
+import { ChainedTokenCredential } from "./chainedTokenCredential.js";
+/**
+ * Provides a default {@link ChainedTokenCredential} configuration that should
+ * work for most applications that use the Azure SDK.
+ */
+export declare class AzureApplicationCredential extends ChainedTokenCredential {
+    /**
+     * Creates an instance of the AzureApplicationCredential class.
+     *
+     * The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration that should
+     * work for most applications deployed on Azure. The following credential types will be tried, in order:
+     *
+     * - {@link EnvironmentCredential}
+     * - {@link ManagedIdentityCredential}
+     *
+     * Consult the documentation of these credential types for more information
+     * on how they attempt authentication.
+     *
+     * @param options - Optional parameters. See {@link AzureApplicationCredentialOptions}.
+     */
+    constructor(options?: AzureApplicationCredentialOptions);
+}
+//# sourceMappingURL=azureApplicationCredential.d.ts.map

package/dist/commonjs/credentials/azureApplicationCredential.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"azureApplicationCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredential.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAChG,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE;;;GAGG;AACH,qBAAa,0BAA2B,SAAQ,sBAAsB;IACpE;;;;;;;;;;;;;OAaG;gBACS,OAAO,CAAC,EAAE,iCAAiC;CAOxD"}

package/dist/commonjs/credentials/azureApplicationCredential.js ADDED Viewed

@@ -0,0 +1,36 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AzureApplicationCredential = void 0;
+const defaultAzureCredential_js_1 = require("./defaultAzureCredential.js");
+const chainedTokenCredential_js_1 = require("./chainedTokenCredential.js");
+/**
+ * Provides a default {@link ChainedTokenCredential} configuration that should
+ * work for most applications that use the Azure SDK.
+ */
+class AzureApplicationCredential extends chainedTokenCredential_js_1.ChainedTokenCredential {
+    /**
+     * Creates an instance of the AzureApplicationCredential class.
+     *
+     * The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration that should
+     * work for most applications deployed on Azure. The following credential types will be tried, in order:
+     *
+     * - {@link EnvironmentCredential}
+     * - {@link ManagedIdentityCredential}
+     *
+     * Consult the documentation of these credential types for more information
+     * on how they attempt authentication.
+     *
+     * @param options - Optional parameters. See {@link AzureApplicationCredentialOptions}.
+     */
+    constructor(options) {
+        const credentialFunctions = [
+            defaultAzureCredential_js_1.createEnvironmentCredential,
+            defaultAzureCredential_js_1.createDefaultManagedIdentityCredential,
+        ];
+        super(...credentialFunctions.map((createCredentialFn) => createCredentialFn(options)));
+    }
+}
+exports.AzureApplicationCredential = AzureApplicationCredential;
+//# sourceMappingURL=azureApplicationCredential.js.map

package/dist/commonjs/credentials/azureApplicationCredential.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"azureApplicationCredential.js","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAElC,2EAGqC;AAGrC,2EAAqE;AAErE;;;GAGG;AACH,MAAa,0BAA2B,SAAQ,kDAAsB;IACpE;;;;;;;;;;;;;OAaG;IACH,YAAY,OAA2C;QACrD,MAAM,mBAAmB,GAAG;YAC1B,uDAA2B;YAC3B,kEAAsC;SACvC,CAAC;QACF,KAAK,CAAC,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IACzF,CAAC;CACF;AAtBD,gEAsBC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport {\n createDefaultManagedIdentityCredential,\n createEnvironmentCredential,\n} from \"./defaultAzureCredential.js\";\n\nimport type { AzureApplicationCredentialOptions } from \"./azureApplicationCredentialOptions.js\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential.js\";\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications that use the Azure SDK.\n */\nexport class AzureApplicationCredential extends ChainedTokenCredential {\n /**\n * Creates an instance of the AzureApplicationCredential class.\n *\n * The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications deployed on Azure. The following credential types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link ManagedIdentityCredential}\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n *\n * @param options - Optional parameters. See {@link AzureApplicationCredentialOptions}.\n */\n constructor(options?: AzureApplicationCredentialOptions) {\n const credentialFunctions = [\n createEnvironmentCredential,\n createDefaultManagedIdentityCredential,\n ];\n super(...credentialFunctions.map((createCredentialFn) => createCredentialFn(options)));\n }\n}\n"]}

package/dist/commonjs/credentials/azureApplicationCredentialOptions.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
+/**
+ * Provides options to configure the {@link AzureApplicationCredential} class.
+ */
+export interface AzureApplicationCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions {
+    /**
+     * Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.
+     * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.
+     */
+    managedIdentityClientId?: string;
+}
+//# sourceMappingURL=azureApplicationCredentialOptions.d.ts.map

package/dist/commonjs/credentials/azureApplicationCredentialOptions.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"azureApplicationCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,iCACf,SAAQ,iCAAiC,EACvC,4BAA4B;IAC9B;;;OAGG;IACH,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC"}

package/dist/commonjs/credentials/azureApplicationCredentialOptions.js ADDED Viewed

@@ -0,0 +1,5 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=azureApplicationCredentialOptions.js.map

package/dist/commonjs/credentials/azureApplicationCredentialOptions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"azureApplicationCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Provides options to configure the {@link AzureApplicationCredential} class.\n */\nexport interface AzureApplicationCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions {\n /**\n * Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.\n * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.\n */\n managedIdentityClientId?: string;\n}\n"]}

package/dist/commonjs/credentials/azureCliCredential.d.ts ADDED Viewed

@@ -0,0 +1,64 @@
+import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
+import type { AzureCliCredentialOptions } from "./azureCliCredentialOptions.js";
+/**
+ * Mockable reference to the CLI credential cliCredentialFunctions
+ * @internal
+ */
+export declare const cliCredentialInternals: {
+    /**
+     * @internal
+     */
+    getSafeWorkingDir(): string;
+    /**
+     * Gets the access token from Azure CLI
+     * @param resource - The resource to use when getting the token
+     * @internal
+     */
+    getAzureCliAccessToken(resource: string, tenantId?: string, subscription?: string, timeout?: number): Promise<{
+        stdout: string;
+        stderr: string;
+        error: Error | null;
+    }>;
+};
+/**
+ * This credential will use the currently logged-in user login information
+ * via the Azure CLI ('az') commandline tool.
+ * To do so, it will read the user access token and expire time
+ * with Azure CLI command "az account get-access-token".
+ */
+export declare class AzureCliCredential implements TokenCredential {
+    private tenantId?;
+    private additionallyAllowedTenantIds;
+    private timeout?;
+    private subscription?;
+    /**
+     * Creates an instance of the {@link AzureCliCredential}.
+     *
+     * To use this credential, ensure that you have already logged
+     * in via the 'az' tool using the command "az login" from the commandline.
+     *
+     * @param options - Options, to optionally allow multi-tenant requests.
+     */
+    constructor(options?: AzureCliCredentialOptions);
+    /**
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                TokenCredential implementation might make.
+     */
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
+    /**
+     * Parses the raw JSON response from the Azure CLI into a usable AccessToken object
+     *
+     * @param rawResponse - The raw JSON response from the Azure CLI
+     * @returns An access token with the expiry time parsed from the raw response
+     *
+     * The expiryTime of the credential's access token, in milliseconds, is calculated as follows:
+     *
+     * When available, expires_on (introduced in Azure CLI v2.54.0) will be preferred. Otherwise falls back to expiresOn.
+     */
+    private parseRawResponse;
+}
+//# sourceMappingURL=azureCliCredential.d.ts.map

package/dist/commonjs/credentials/azureCliCredential.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"azureCliCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureCliCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAStF,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAMhF;;;GAGG;AACH,eAAO,MAAM,sBAAsB;IACjC;;OAEG;yBACkB,MAAM;IAW3B;;;;OAIG;qCAES,MAAM,aACL,MAAM,iBACF,MAAM,YACX,MAAM,GACf,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;KAAE,CAAC;CAkCpE,CAAC;AAIF;;;;;GAKG;AACH,qBAAa,kBAAmB,YAAW,eAAe;IACxD,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,OAAO,CAAC,CAAS;IACzB,OAAO,CAAC,YAAY,CAAC,CAAS;IAE9B;;;;;;;OAOG;gBACS,OAAO,CAAC,EAAE,yBAAyB;IAe/C;;;;;;;OAOG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,WAAW,CAAC;IAoEvB;;;;;;;;;OASG;IACH,OAAO,CAAC,gBAAgB;CA+BzB"}