npm - @azure/identity - Versions diffs - 4.7.1-alpha.20250218.5 → 4.7.1-alpha.20250220.3 - Mend

@azure/identity 4.7.1-alpha.20250218.5 → 4.7.1-alpha.20250220.3

Files changed (64) hide show

package/dist/commonjs/msal/browserFlows/msalBrowserCommon.d.ts CHANGED Viewed

@@ -1,106 +1,19 @@
-import type * as msalBrowser from "@azure/msal-browser";
-import type { AccessToken, GetTokenOptions } from "@azure/core-auth";
-import type { AuthenticationRecord, MsalResult } from "../types.js";
-import type { CredentialLogger } from "../../util/logging.js";
-import type { MsalFlow, MsalFlowOptions } from "./flows.js";
-import type { BrowserLoginStyle } from "../../credentials/interactiveBrowserCredentialOptions.js";
+import type { MsalBrowserFlowOptions } from "./msalBrowserOptions.js";
+import type { AccessToken } from "@azure/core-auth";
+import type { AuthenticationRecord } from "../types.js";
 import type { CredentialFlowGetTokenOptions } from "../credentials.js";
-import type { LogPolicyOptions } from "@azure/core-rest-pipeline";
-import type { MultiTenantTokenCredentialOptions } from "../../credentials/multiTenantTokenCredentialOptions.js";
 /**
- * Union of the constructor parameters that all MSAL flow types take.
- * Some properties might not be used by some flow types.
- */
-export interface MsalBrowserFlowOptions extends MsalFlowOptions {
-    tokenCredentialOptions: MultiTenantTokenCredentialOptions;
-    redirectUri?: string;
-    loginStyle: BrowserLoginStyle;
-    loginHint?: string;
-    /**
-     * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.
-     */
-    loggingOptions?: LogPolicyOptions & {
-        /**
-         * Allows logging account information once the authentication flow succeeds.
-         */
-        allowLoggingAccountIdentifiers?: boolean;
-        /**
-         * Allows logging personally identifiable information for customer support.
-         */
-        enableUnsafeSupportLogging?: boolean;
-    };
-}
-/**
- * The common methods we use to work with the MSAL browser flows.
+ * Methods that are used by InteractiveBrowserCredential
  * @internal
  */
-export interface MsalBrowserFlow extends MsalFlow {
-    login(scopes?: string[]): Promise<AuthenticationRecord | undefined>;
-    handleRedirect(): Promise<AuthenticationRecord | undefined>;
+export interface MsalBrowserClient {
+    getActiveAccount(): Promise<AuthenticationRecord | undefined>;
+    getToken(scopes: string[], options: CredentialFlowGetTokenOptions): Promise<AccessToken>;
 }
 /**
- * Generates a MSAL configuration that generally works for browsers
+ * Uses MSAL Browser 2.X for browser authentication,
+ * which uses the [Auth Code Flow](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).
  * @internal
  */
-export declare function defaultBrowserMsalConfig(options: MsalBrowserFlowOptions): msalBrowser.Configuration;
-/**
- * MSAL partial base client for the browsers.
- *
- * It completes the input configuration with some default values.
- * It also provides with utility protected methods that can be used from any of the clients,
- * which includes handlers for successful responses and errors.
- *
- * @internal
- */
-export declare abstract class MsalBrowser implements MsalBrowserFlow {
-    protected loginStyle: BrowserLoginStyle;
-    protected clientId: string;
-    protected tenantId: string;
-    protected additionallyAllowedTenantIds: string[];
-    protected authorityHost?: string;
-    protected account: AuthenticationRecord | undefined;
-    protected msalConfig: msalBrowser.Configuration;
-    protected disableAutomaticAuthentication?: boolean;
-    protected app?: msalBrowser.IPublicClientApplication;
-    protected logger: CredentialLogger;
-    constructor(options: MsalBrowserFlowOptions);
-    /**
-     * In the browsers we don't need to init()
-     */
-    init(): Promise<void>;
-    /**
-     * Attempts to handle a redirection request the least amount of times possible.
-     */
-    abstract handleRedirect(): Promise<AuthenticationRecord | undefined>;
-    /**
-     * Clears MSAL's cache.
-     */
-    logout(): Promise<void>;
-    /**
-     * Uses MSAL to retrieve the active account.
-     */
-    abstract getActiveAccount(): Promise<AuthenticationRecord | undefined>;
-    /**
-     * Uses MSAL to trigger a redirect or a popup login.
-     */
-    abstract login(scopes?: string | string[]): Promise<AuthenticationRecord | undefined>;
-    /**
-     * Attempts to retrieve a token from cache.
-     */
-    abstract getTokenSilent(scopes: string[]): Promise<AccessToken>;
-    /**
-     * Attempts to retrieve the token in the browser.
-     */
-    protected abstract doGetToken(scopes: string[]): Promise<AccessToken>;
-    /**
-     * Attempts to retrieve an authenticated token from MSAL.
-     */
-    getToken(scopes: string[], options?: CredentialFlowGetTokenOptions): Promise<AccessToken>;
-    /**
-     * Handles the MSAL authentication result.
-     * If the result has an account, we update the local account reference.
-     * If the token received is invalid, an error will be thrown depending on what's missing.
-     */
-    protected handleResult(scopes: string | string[], result?: MsalResult, getTokenOptions?: GetTokenOptions): AccessToken;
-}
+export declare function createMsalBrowserClient(options: MsalBrowserFlowOptions): MsalBrowserClient;
 //# sourceMappingURL=msalBrowserCommon.d.ts.map

package/dist/commonjs/msal/browserFlows/msalBrowserCommon.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"msalBrowserCommon.d.ts","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":"~~AAGA~~,OAAO,KAAK,~~KAAK~~,~~WAAW~~,MAAM,~~qBAAqB~~,CAAC;~~AAExD~~,OAAO,KAAK,EAAE,WAAW,~~EAAE~~,~~eAAe,EAAE,~~MAAM,kBAAkB,CAAC;AACrE,OAAO,KAAK,EAAE,oBAAoB,~~EAAE~~,~~UAAU,EAAE,~~MAAM,aAAa,CAAC;AAEpE,OAAO,KAAK,EAAE,~~gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAE9D,OAAO,KAAK,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAQ5D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,0DAA0D,CAAC;AAClG,OAAO,KAAK,EAAE,~~6BAA6B,EAAE,MAAM,mBAAmB,CAAC;~~AAEvE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wDAAwD,CAAC;AAEhH~~;;;GAGG;AACH,MAAM,WAAW,~~sBAAuB,SAAQ,eAAe;IAC7D,sBAAsB,EAAE,iCAAiC,CAAC;IAC1D,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,~~iBAAiB~~,CAAC~~;~~IAC9B~~,~~SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,cAAc,CAAC,EAAE,~~gBAAgB,GAAG;QAClC;;WAEG;QACH,8BAA8B,CAAC,EAAE,OAAO,CAAC;QACzC;;WAEG;QACH,0BAA0B,CAAC,EAAE,OAAO,CAAC;KACtC,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,eAAgB,SAAQ,QAAQ;IAC/C,KAAK,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,CAAC;IACpE,cAAc,IAAI,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,CAAC;~~CAC7D;AAED;;;GAGG;AACH~~,~~wBAAgB,wBAAwB,CACtC,OAAO,EAAE,sBAAsB,GAC9B,WAAW,CAAC,aAAa,CAc3B;AAED;;;;;;;;GAQG;AACH,8BAAsB,WAAY,YAAW,eAAe;IAC1D,SAAS,CAAC,UAAU,EAAE,iBAAiB,CAAC;IACxC,SAAS,CAAC,~~QAAQ,~~EAAE,MAAM,~~CAAC~~;IAC3B~~,~~SAAS,CAAC,QAAQ,EAAE,~~MAAM,~~CAAC;IAC3B,SAAS,CAAC,4BAA4B,~~EAAE,MAAM,EAAE,~~CAAC;IACjD,SAAS,CAAC,aAAa,CAAC,~~EAAE,~~MAAM,CAAC;IACjC,SAAS,CAAC,~~OAAO,EAAE,~~oBAAoB~~,GAAG,~~SAAS~~,CAAC~~;IACpD~~,~~SAAS,CAAC,UAAU,EAAE,~~WAAW,CAAC,~~aAAa,~~CAAC;~~IAChD,SAAS,CAAC,8BAA8B,CAAC,EAAE,OAAO,CAAC~~;~~IACnD,SAAS,CAAC,GAAG,CAAC,EAAE,WAAW,CAAC,wBAAwB,CAAC~~;~~IACrD~~,~~SAAS~~,~~CAAC~~,~~MAAM,EAAE,gBAAgB,~~CAAC~~;gBAEvB~~,OAAO,EAAE,sBAAsB~~;IAuB3C;;OAEG;IACG~~,~~IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAI3B;;OAEG;aACa,cAAc,IAAI,OAAO,CAAC,oBAAoB,~~GAAG,~~SAAS~~,CAAC;IAE3E;;OAEG;IACG,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAI7B;;OAEG;aACa,gBAAgB,IAAI,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC;IAE7E;;OAEG;aACa,KAAK,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC;IAE5F;;OAEG;aACa,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC;IAEtE;;OAEG;IACH,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC;IAErE;;OAEG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,EAAE,EAChB,OAAO,GAAE,6BAAkC,GAC1C,OAAO,CAAC,WAAW,CAAC;IAkCvB;;;;OAIG;IACH,SAAS,CAAC,YAAY,CACpB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,MAAM,CAAC,EAAE,UAAU,EACnB,eAAe,CAAC,EAAE,eAAe,GAChC,WAAW;CAaf"}
1	+ {"version":3,"file":"msalBrowserCommon.d.ts","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AAYtE,OAAO,KAAK,EAAE,WAAW,EAAmB,MAAM,kBAAkB,CAAC;AACrE,OAAO,KAAK,EAAE,oBAAoB,EAAc,MAAM,aAAa,CAAC;AAEpE,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,mBAAmB,CAAC;AA2CvE;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,gBAAgB,IAAI,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,CAAC;IAC9D,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,6BAA6B,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;CAC1F;AAKD;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,sBAAsB,GAAG,iBAAiB,CA+R1F"}

package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js CHANGED Viewed

@@ -2,18 +2,21 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.MsalBrowser = void 0;
-exports.defaultBrowserMsalConfig = defaultBrowserMsalConfig;
+exports.createMsalBrowserClient = createMsalBrowserClient;
+const tslib_1 = require("tslib");
+const msalBrowser = tslib_1.__importStar(require("@azure/msal-browser"));
+const utils_js_1 = require("../utils.js");
 const errors_js_1 = require("../../errors.js");
+const logger_1 = require("@azure/logger");
 const logging_js_1 = require("../../util/logging.js");
-const utils_js_1 = require("../utils.js");
 const tenantIdUtils_js_1 = require("../../util/tenantIdUtils.js");
 const constants_js_1 = require("../../constants.js");
 /**
  * Generates a MSAL configuration that generally works for browsers
  * @internal
  */
-function defaultBrowserMsalConfig(options) {
+function generateMsalBrowserConfiguration(options) {
+    var _a;
     const tenantId = options.tenantId || constants_js_1.DefaultTenantId;
     const authority = (0, utils_js_1.getAuthority)(tenantId, options.authorityHost);
     return {
@@ -26,89 +29,124 @@ function defaultBrowserMsalConfig(options) {
             // we can try to use the current page we're in as a default value.
             redirectUri: options.redirectUri || self.location.origin,
         },
+        cache: {
+            cacheLocation: "sessionStorage",
+            storeAuthStateInCookie: true, // Set to true to improve the experience on IE11 and Edge.
+        },
+        system: {
+            loggerOptions: {
+                loggerCallback: (0, utils_js_1.defaultLoggerCallback)(options.logger, "Browser"),
+                logLevel: (0, utils_js_1.getMSALLogLevel)((0, logger_1.getLogLevel)()),
+                piiLoggingEnabled: (_a = options.loggingOptions) === null || _a === void 0 ? void 0 : _a.enableUnsafeSupportLogging,
+            },
+        },
     };
 }
+// We keep a copy of the redirect hash.
+const redirectHash = self.location.hash;
 /**
- * MSAL partial base client for the browsers.
- *
- * It completes the input configuration with some default values.
- * It also provides with utility protected methods that can be used from any of the clients,
- * which includes handlers for successful responses and errors.
- *
+ * Uses MSAL Browser 2.X for browser authentication,
+ * which uses the [Auth Code Flow](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).
  * @internal
  */
-class MsalBrowser {
-    constructor(options) {
-        var _a;
-        this.logger = options.logger;
-        this.loginStyle = options.loginStyle;
-        if (!options.clientId) {
-            throw new errors_js_1.CredentialUnavailableError("A client ID is required in browsers");
-        }
-        this.clientId = options.clientId;
-        this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)((_a = options === null || options === void 0 ? void 0 : options.tokenCredentialOptions) === null || _a === void 0 ? void 0 : _a.additionallyAllowedTenants);
-        this.tenantId = (0, tenantIdUtils_js_1.resolveTenantId)(this.logger, options.tenantId, options.clientId);
-        this.authorityHost = options.authorityHost;
-        this.msalConfig = defaultBrowserMsalConfig(options);
-        this.disableAutomaticAuthentication = options.disableAutomaticAuthentication;
-        if (options.authenticationRecord) {
-            this.account = Object.assign(Object.assign({}, options.authenticationRecord), { tenantId: this.tenantId });
-        }
+function createMsalBrowserClient(options) {
+    var _a;
+    const loginStyle = options.loginStyle;
+    if (!options.clientId) {
+        throw new errors_js_1.CredentialUnavailableError("A client ID is required in browsers");
     }
-    /**
-     * In the browsers we don't need to init()
-     */
-    async init() {
-        // Nothing to do here.
+    const clientId = options.clientId;
+    const logger = options.logger;
+    const tenantId = (0, tenantIdUtils_js_1.resolveTenantId)(logger, options.tenantId, options.clientId);
+    const additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)((_a = options === null || options === void 0 ? void 0 : options.tokenCredentialOptions) === null || _a === void 0 ? void 0 : _a.additionallyAllowedTenants);
+    const authorityHost = options.authorityHost;
+    const msalConfig = generateMsalBrowserConfiguration(options);
+    const disableAutomaticAuthentication = options.disableAutomaticAuthentication;
+    const loginHint = options.loginHint;
+    let account;
+    if (options.authenticationRecord) {
+        account = Object.assign(Object.assign({}, options.authenticationRecord), { tenantId });
     }
+    // This variable should only be used through calling `getApp` function
+    let app;
     /**
-     * Clears MSAL's cache.
+     * Return the MSAL account if not set yet
+     * @returns MSAL application
      */
-    async logout() {
-        var _a;
-        (_a = this.app) === null || _a === void 0 ? void 0 : _a.logout();
+    async function getApp() {
+        if (!app) {
+            // Prepare the MSAL application
+            app = await msalBrowser.PublicClientApplication.createPublicClientApplication(msalConfig);
+            // setting the account right after the app is created.
+            if (account) {
+                app.setActiveAccount((0, utils_js_1.publicToMsal)(account));
+            }
+        }
+        return app;
     }
     /**
-     * Attempts to retrieve an authenticated token from MSAL.
+     * Loads the account based on the result of the authentication.
+     * If no result was received, tries to load the account from the cache.
+     * @param result - Result object received from MSAL.
      */
-    async getToken(scopes, options = {}) {
-        const tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, options, this.additionallyAllowedTenantIds) ||
-            this.tenantId;
-        if (!options.authority) {
-            options.authority = (0, utils_js_1.getAuthority)(tenantId, this.authorityHost);
-        }
-        // We ensure that redirection is handled at this point.
-        await this.handleRedirect();
-        if (!(await this.getActiveAccount()) && !this.disableAutomaticAuthentication) {
-            await this.login(scopes);
-        }
-        return this.getTokenSilent(scopes).catch((err) => {
-            if (err.name !== "AuthenticationRequiredError") {
-                throw err;
+    async function handleBrowserResult(result) {
+        try {
+            const msalApp = await getApp();
+            if (result && result.account) {
+                logger.info(`MSAL Browser V2 authentication successful.`);
+                msalApp.setActiveAccount(result.account);
+                return (0, utils_js_1.msalToPublic)(clientId, result.account);
             }
-            if (options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication) {
-                throw new errors_js_1.AuthenticationRequiredError({
-                    scopes,
-                    getTokenOptions: options,
-                    message: "Automatic authentication has been disabled. You may call the authentication() method.",
+            // If by this point we happen to have an active account, we should stop trying to parse this.
+            const activeAccount = msalApp.getActiveAccount();
+            if (activeAccount) {
+                return (0, utils_js_1.msalToPublic)(clientId, activeAccount);
+            }
+            // If we don't have an active account, we try to activate it from all the already loaded accounts.
+            const allAccounts = app.getAllAccounts();
+            if (allAccounts.length > 1) {
+                // If there's more than one account in memory, we force the user to authenticate again.
+                // At this point we can't identify which account should this credential work with,
+                // since at this point the user won't have provided enough information.
+                // We log a message in case that helps.
+                logger.info(`More than one account was found authenticated for this Client ID and Tenant ID.
+  However, no "authenticationRecord" has been provided for this credential,
+  therefore we're unable to pick between these accounts.
+  A new login attempt will be requested, to ensure the correct account is picked.
+  To work with multiple accounts for the same Client ID and Tenant ID, please provide an "authenticationRecord" when initializing "InteractiveBrowserCredential".`);
+                // To safely trigger a new login, we're also ensuring the local cache is cleared up for this MSAL object.
+                // However, we want to avoid kicking the user out of their authentication on the Azure side.
+                // We do this by calling to logout while specifying a `onRedirectNavigate` that returns false.
+                await msalApp.logout({
+                    onRedirectNavigate: () => false,
                 });
+                return;
+            }
+            // If there's only one account for this MSAL object, we can safely activate it.
+            if (allAccounts.length === 1) {
+                const msalAccount = allAccounts[0];
+                msalApp.setActiveAccount(msalAccount);
+                return (0, utils_js_1.msalToPublic)(clientId, msalAccount);
             }
-            this.logger.info(`Silent authentication failed, falling back to interactive method ${this.loginStyle}`);
-            return this.doGetToken(scopes);
-        });
+            logger.info(`No accounts were found through MSAL.`);
+        }
+        catch (e) {
+            logger.info(`Failed to acquire token through MSAL. ${e.message}`);
+        }
+        return;
     }
     /**
      * Handles the MSAL authentication result.
      * If the result has an account, we update the local account reference.
      * If the token received is invalid, an error will be thrown depending on what's missing.
      */
-    handleResult(scopes, result, getTokenOptions) {
+    function handleResult(scopes, result, getTokenOptions) {
         var _a;
         if (result === null || result === void 0 ? void 0 : result.account) {
-            this.account = (0, utils_js_1.msalToPublic)(this.clientId, result.account);
+            account = (0, utils_js_1.msalToPublic)(clientId, result.account);
         }
         (0, utils_js_1.ensureValidMsalToken)(scopes, result, getTokenOptions);
-        this.logger.getToken.info((0, logging_js_1.formatSuccess)(scopes));
+        logger.getToken.info((0, logging_js_1.formatSuccess)(scopes));
         return {
             token: result.accessToken,
             expiresOnTimestamp: result.expiresOn.getTime(),
@@ -116,6 +154,142 @@ class MsalBrowser {
             tokenType: "Bearer",
         };
     }
+    /**
+     * Uses MSAL to handle the redirect.
+     */
+    async function handleRedirect() {
+        const msalApp = await getApp();
+        return handleBrowserResult((await msalApp.handleRedirectPromise(redirectHash)) || undefined);
+    }
+    /**
+     * Uses MSAL to retrieve the active account.
+     */
+    async function getActiveAccount() {
+        const msalApp = await getApp();
+        const activeAccount = msalApp.getActiveAccount();
+        if (!activeAccount) {
+            return;
+        }
+        return (0, utils_js_1.msalToPublic)(clientId, activeAccount);
+    }
+    /**
+     * Uses MSAL to trigger a redirect or a popup login.
+     */
+    async function login(scopes = []) {
+        const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
+        const loginRequest = {
+            scopes: arrayScopes,
+            loginHint: loginHint,
+        };
+        const msalApp = await getApp();
+        switch (loginStyle) {
+            case "redirect": {
+                await app.loginRedirect(loginRequest);
+                return;
+            }
+            case "popup":
+                return handleBrowserResult(await msalApp.loginPopup(loginRequest));
+        }
+    }
+    /**
+     * Tries to retrieve the token silently using MSAL.
+     */
+    async function getTokenSilent(scopes, getTokenOptions) {
+        const activeAccount = await getActiveAccount();
+        if (!activeAccount) {
+            throw new errors_js_1.AuthenticationRequiredError({
+                scopes,
+                getTokenOptions,
+                message: "Silent authentication failed. We couldn't retrieve an active account from the cache.",
+            });
+        }
+        const parameters = {
+            authority: (getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.authority) || msalConfig.auth.authority,
+            correlationId: getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.correlationId,
+            claims: getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.claims,
+            account: (0, utils_js_1.publicToMsal)(activeAccount),
+            forceRefresh: false,
+            scopes,
+        };
+        try {
+            logger.info("Attempting to acquire token silently");
+            const msalApp = await getApp();
+            const response = await msalApp.acquireTokenSilent(parameters);
+            return handleResult(scopes, response);
+        }
+        catch (err) {
+            throw (0, utils_js_1.handleMsalError)(scopes, err, options);
+        }
+    }
+    /**
+     * Attempts to retrieve the token in the browser through interactive methods.
+     */
+    async function getTokenInteractive(scopes, getTokenOptions) {
+        const activeAccount = await getActiveAccount();
+        if (!activeAccount) {
+            throw new errors_js_1.AuthenticationRequiredError({
+                scopes,
+                getTokenOptions,
+                message: "Silent authentication failed. We couldn't retrieve an active account from the cache.",
+            });
+        }
+        const parameters = {
+            authority: (getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.authority) || msalConfig.auth.authority,
+            correlationId: getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.correlationId,
+            claims: getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.claims,
+            account: (0, utils_js_1.publicToMsal)(activeAccount),
+            loginHint: loginHint,
+            scopes,
+        };
+        const msalApp = await getApp();
+        switch (loginStyle) {
+            case "redirect":
+                // This will go out of the page.
+                // Once the InteractiveBrowserCredential is initialized again,
+                // we'll load the MSAL account in the constructor.
+                await msalApp.acquireTokenRedirect(parameters);
+                return { token: "", expiresOnTimestamp: 0, tokenType: "Bearer" };
+            case "popup":
+                return handleResult(scopes, await app.acquireTokenPopup(parameters));
+        }
+    }
+    /**
+     * Attempts to get token through the silent flow.
+     * If failed, get token through interactive method with `doGetToken` method.
+     */
+    async function getToken(scopes, getTokenOptions = {}) {
+        const getTokenTenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(tenantId, getTokenOptions, additionallyAllowedTenantIds) ||
+            tenantId;
+        if (!getTokenOptions.authority) {
+            getTokenOptions.authority = (0, utils_js_1.getAuthority)(getTokenTenantId, authorityHost);
+        }
+        // We ensure that redirection is handled at this point.
+        await handleRedirect();
+        if (!(await getActiveAccount()) && !disableAutomaticAuthentication) {
+            await login(scopes);
+        }
+        // Attempts to get the token silently; else, falls back to interactive method.
+        try {
+            return await getTokenSilent(scopes, getTokenOptions);
+        }
+        catch (err) {
+            if (err.name !== "AuthenticationRequiredError") {
+                throw err;
+            }
+            if (getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.disableAutomaticAuthentication) {
+                throw new errors_js_1.AuthenticationRequiredError({
+                    scopes,
+                    getTokenOptions,
+                    message: "Automatic authentication has been disabled. You may call the authenticate() method.",
+                });
+            }
+            logger.info(`Silent authentication failed, falling back to interactive method ${loginStyle}`);
+            return getTokenInteractive(scopes, getTokenOptions);
+        }
+    }
+    return {
+        getActiveAccount,
+        getToken,
+    };
 }
-exports.MsalBrowser = MsalBrowser;
 //# sourceMappingURL=msalBrowserCommon.js.map

package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"msalBrowserCommon.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AA4DlC,4DAgBC;AAtED,+CAA0F;AAE1F,sDAAsD;AAEtD,0CAAoG;AACpG,kEAIqC;AAIrC,qDAAqD;AAqCrD;;;GAGG;AACH,SAAgB,wBAAwB,CACtC,OAA+B;IAE/B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,8BAAe,CAAC;IACrD,MAAM,SAAS,GAAG,IAAA,uBAAY,EAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAChE,OAAO;QACL,IAAI,EAAE;YACJ,QAAQ,EAAE,OAAO,CAAC,QAAS;YAC3B,SAAS;YACT,gBAAgB,EAAE,IAAA,8BAAmB,EAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,wBAAwB,CAAC;YAC5F,qDAAqD;YACrD,yCAAyC;YACzC,kEAAkE;YAClE,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM;SACzD;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAsB,WAAW;IAY/B,YAAY,OAA+B;;QACzC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACrC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;YACtB,MAAM,IAAI,sCAA0B,CAAC,qCAAqC,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,4BAA4B,GAAG,IAAA,sDAAmC,EACrE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,sBAAsB,0CAAE,0BAA0B,CAC5D,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,IAAA,kCAAe,EAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjF,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAC3C,IAAI,CAAC,UAAU,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,CAAC,8BAA8B,GAAG,OAAO,CAAC,8BAA8B,CAAC;QAE7E,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;YACjC,IAAI,CAAC,OAAO,mCACP,OAAO,CAAC,oBAAoB,KAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ,GACxB,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI;QACR,sBAAsB;IACxB,CAAC;IAOD;;OAEG;IACH,KAAK,CAAC,MAAM;;QACV,MAAA,IAAI,CAAC,GAAG,0CAAE,MAAM,EAAE,CAAC;IACrB,CAAC;IAsBD;;OAEG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,MAAM,QAAQ,GACZ,IAAA,4CAAyB,EAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,4BAA4B,CAAC;YACpF,IAAI,CAAC,QAAQ,CAAC;QAEhB,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YACvB,OAAO,CAAC,SAAS,GAAG,IAAA,uBAAY,EAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QACjE,CAAC;QAED,uDAAuD;QACvD,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAE5B,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;YAC7E,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC3B,CAAC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YAC/C,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC/C,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,EAAE,CAAC;gBAC5C,MAAM,IAAI,uCAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;YACL,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,oEAAoE,IAAI,CAAC,UAAU,EAAE,CACtF,CAAC;YACF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACO,YAAY,CACpB,MAAyB,EACzB,MAAmB,EACnB,eAAiC;;QAEjC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO,EAAE,CAAC;YACpB,IAAI,CAAC,OAAO,GAAG,IAAA,uBAAY,EAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAC7D,CAAC;QACD,IAAA,+BAAoB,EAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;QACjD,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,WAAW;YACzB,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;YAC9C,qBAAqB,EAAE,MAAA,MAAM,CAAC,SAAS,0CAAE,OAAO,EAAE;YAClD,SAAS,EAAE,QAAQ;SACL,CAAC;IACnB,CAAC;CACF;AAxID,kCAwIC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type * as msalBrowser from \"@azure/msal-browser\";\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { AuthenticationRecord, MsalResult } from \"../types.js\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../../errors.js\";\nimport type { CredentialLogger } from \"../../util/logging.js\";\nimport { formatSuccess } from \"../../util/logging.js\";\nimport type { MsalFlow, MsalFlowOptions } from \"./flows.js\";\nimport { ensureValidMsalToken, getAuthority, getKnownAuthorities, msalToPublic } from \"../utils.js\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n resolveTenantId,\n} from \"../../util/tenantIdUtils.js\";\n\nimport type { BrowserLoginStyle } from \"../../credentials/interactiveBrowserCredentialOptions.js\";\nimport type { CredentialFlowGetTokenOptions } from \"../credentials.js\";\nimport { DefaultTenantId } from \"../../constants.js\";\nimport type { LogPolicyOptions } from \"@azure/core-rest-pipeline\";\nimport type { MultiTenantTokenCredentialOptions } from \"../../credentials/multiTenantTokenCredentialOptions.js\";\n\n/*\n Union of the constructor parameters that all MSAL flow types take.\n * Some properties might not be used by some flow types.\n /\nexport interface MsalBrowserFlowOptions extends MsalFlowOptions {\n tokenCredentialOptions: MultiTenantTokenCredentialOptions;\n redirectUri?: string;\n loginStyle: BrowserLoginStyle;\n loginHint?: string;\n /\n Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.\n /\n loggingOptions?: LogPolicyOptions & {\n /\n Allows logging account information once the authentication flow succeeds.\n /\n allowLoggingAccountIdentifiers?: boolean;\n /\n Allows logging personally identifiable information for customer support.\n /\n enableUnsafeSupportLogging?: boolean;\n };\n}\n\n/\n The common methods we use to work with the MSAL browser flows.\n * @internal\n /\nexport interface MsalBrowserFlow extends MsalFlow {\n login(scopes?: string[]): Promise<AuthenticationRecord \| undefined>;\n handleRedirect(): Promise<AuthenticationRecord \| undefined>;\n}\n\n/\n Generates a MSAL configuration that generally works for browsers\n * @internal\n /\nexport function defaultBrowserMsalConfig(\n options: MsalBrowserFlowOptions,\n): msalBrowser.Configuration {\n const tenantId = options.tenantId \|\| DefaultTenantId;\n const authority = getAuthority(tenantId, options.authorityHost);\n return {\n auth: {\n clientId: options.clientId!,\n authority,\n knownAuthorities: getKnownAuthorities(tenantId, authority, options.disableInstanceDiscovery),\n // If the users picked redirect as their login style,\n // but they didn't provide a redirectUri,\n // we can try to use the current page we're in as a default value.\n redirectUri: options.redirectUri \|\| self.location.origin,\n },\n };\n}\n\n/\n MSAL partial base client for the browsers.\n \n It completes the input configuration with some default values.\n * It also provides with utility protected methods that can be used from any of the clients,\n * which includes handlers for successful responses and errors.\n \n @internal\n /\nexport abstract class MsalBrowser implements MsalBrowserFlow {\n protected loginStyle: BrowserLoginStyle;\n protected clientId: string;\n protected tenantId: string;\n protected additionallyAllowedTenantIds: string[];\n protected authorityHost?: string;\n protected account: AuthenticationRecord \| undefined;\n protected msalConfig: msalBrowser.Configuration;\n protected disableAutomaticAuthentication?: boolean;\n protected app?: msalBrowser.IPublicClientApplication;\n protected logger: CredentialLogger;\n\n constructor(options: MsalBrowserFlowOptions) {\n this.logger = options.logger;\n this.loginStyle = options.loginStyle;\n if (!options.clientId) {\n throw new CredentialUnavailableError(\"A client ID is required in browsers\");\n }\n this.clientId = options.clientId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.tokenCredentialOptions?.additionallyAllowedTenants,\n );\n this.tenantId = resolveTenantId(this.logger, options.tenantId, options.clientId);\n this.authorityHost = options.authorityHost;\n this.msalConfig = defaultBrowserMsalConfig(options);\n this.disableAutomaticAuthentication = options.disableAutomaticAuthentication;\n\n if (options.authenticationRecord) {\n this.account = {\n ...options.authenticationRecord,\n tenantId: this.tenantId,\n };\n }\n }\n\n /\n In the browsers we don't need to init()\n /\n async init(): Promise<void> {\n // Nothing to do here.\n }\n\n /\n Attempts to handle a redirection request the least amount of times possible.\n /\n public abstract handleRedirect(): Promise<AuthenticationRecord \| undefined>;\n\n /\n Clears MSAL's cache.\n /\n async logout(): Promise<void> {\n this.app?.logout();\n }\n\n /\n Uses MSAL to retrieve the active account.\n /\n public abstract getActiveAccount(): Promise<AuthenticationRecord \| undefined>;\n\n /\n Uses MSAL to trigger a redirect or a popup login.\n /\n public abstract login(scopes?: string \| string[]): Promise<AuthenticationRecord \| undefined>;\n\n /\n Attempts to retrieve a token from cache.\n /\n public abstract getTokenSilent(scopes: string[]): Promise<AccessToken>;\n\n /\n Attempts to retrieve the token in the browser.\n /\n protected abstract doGetToken(scopes: string[]): Promise<AccessToken>;\n\n /\n Attempts to retrieve an authenticated token from MSAL.\n /\n public async getToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {},\n ): Promise<AccessToken> {\n const tenantId =\n processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds) \|\|\n this.tenantId;\n\n if (!options.authority) {\n options.authority = getAuthority(tenantId, this.authorityHost);\n }\n\n // We ensure that redirection is handled at this point.\n await this.handleRedirect();\n\n if (!(await this.getActiveAccount()) && !this.disableAutomaticAuthentication) {\n await this.login(scopes);\n }\n return this.getTokenSilent(scopes).catch((err) => {\n if (err.name !== \"AuthenticationRequiredError\") {\n throw err;\n }\n if (options?.disableAutomaticAuthentication) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions: options,\n message:\n \"Automatic authentication has been disabled. You may call the authentication() method.\",\n });\n }\n this.logger.info(\n `Silent authentication failed, falling back to interactive method ${this.loginStyle}`,\n );\n return this.doGetToken(scopes);\n });\n }\n\n /\n Handles the MSAL authentication result.\n * If the result has an account, we update the local account reference.\n * If the token received is invalid, an error will be thrown depending on what's missing.\n */\n protected handleResult(\n scopes: string \| string[],\n result?: MsalResult,\n getTokenOptions?: GetTokenOptions,\n ): AccessToken {\n if (result?.account) {\n this.account = msalToPublic(this.clientId, result.account);\n }\n ensureValidMsalToken(scopes, result, getTokenOptions);\n this.logger.getToken.info(formatSuccess(scopes));\n return {\n token: result.accessToken,\n expiresOnTimestamp: result.expiresOn.getTime(),\n refreshAfterTimestamp: result.refreshOn?.getTime(),\n tokenType: \"Bearer\",\n } as AccessToken;\n }\n}\n"]}
1	+ {"version":3,"file":"msalBrowserCommon.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AA+ElC,0DA+RC;;AA5WD,yEAAmD;AAGnD,0CASqB;AAIrB,+CAA0F;AAE1F,0CAA4C;AAC5C,sDAAsD;AACtD,kEAIqC;AACrC,qDAAqD;AAErD;;;GAGG;AACH,SAAS,gCAAgC,CACvC,OAA+B;;IAE/B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,8BAAe,CAAC;IACrD,MAAM,SAAS,GAAG,IAAA,uBAAY,EAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAChE,OAAO;QACL,IAAI,EAAE;YACJ,QAAQ,EAAE,OAAO,CAAC,QAAS;YAC3B,SAAS;YACT,gBAAgB,EAAE,IAAA,8BAAmB,EAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,wBAAwB,CAAC;YAC5F,qDAAqD;YACrD,yCAAyC;YACzC,kEAAkE;YAClE,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM;SACzD;QACD,KAAK,EAAE;YACL,aAAa,EAAE,gBAAgB;YAC/B,sBAAsB,EAAE,IAAI,EAAE,0DAA0D;SACzF;QACD,MAAM,EAAE;YACN,aAAa,EAAE;gBACb,cAAc,EAAE,IAAA,gCAAqB,EAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;gBAChE,QAAQ,EAAE,IAAA,0BAAe,EAAC,IAAA,oBAAW,GAAE,CAAC;gBACxC,iBAAiB,EAAE,MAAA,OAAO,CAAC,cAAc,0CAAE,0BAA0B;aACtE;SACF;KACF,CAAC;AACJ,CAAC;AAWD,uCAAuC;AACvC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;AAExC;;;;GAIG;AACH,SAAgB,uBAAuB,CAAC,OAA+B;;IACrE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACtB,MAAM,IAAI,sCAA0B,CAAC,qCAAqC,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,MAAM,QAAQ,GAAG,IAAA,kCAAe,EAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7E,MAAM,4BAA4B,GAAa,IAAA,sDAAmC,EAChF,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,sBAAsB,0CAAE,0BAA0B,CAC5D,CAAC;IACF,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;IAC5C,MAAM,UAAU,GAAG,gCAAgC,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,8BAA8B,GAAG,OAAO,CAAC,8BAA8B,CAAC;IAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IAEpC,IAAI,OAAyC,CAAC;IAC9C,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;QACjC,OAAO,mCACF,OAAO,CAAC,oBAAoB,KAC/B,QAAQ,GACT,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,IAAI,GAAyC,CAAC;IAC9C;;;OAGG;IACH,KAAK,UAAU,MAAM;QACnB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,+BAA+B;YAC/B,GAAG,GAAG,MAAM,WAAW,CAAC,uBAAuB,CAAC,6BAA6B,CAAC,UAAU,CAAC,CAAC;YAE1F,sDAAsD;YACtD,IAAI,OAAO,EAAE,CAAC;gBACZ,GAAG,CAAC,gBAAgB,CAAC,IAAA,uBAAY,EAAC,OAAO,CAAC,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;OAIG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAyC;QAEzC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC7B,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;gBAC1D,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACzC,OAAO,IAAA,uBAAY,EAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAChD,CAAC;YAED,6FAA6F;YAC7F,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;YACjD,IAAI,aAAa,EAAE,CAAC;gBAClB,OAAO,IAAA,uBAAY,EAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;YAC/C,CAAC;YAED,kGAAkG;YAClG,MAAM,WAAW,GAAG,GAAG,CAAC,cAAc,EAAE,CAAC;YACzC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3B,uFAAuF;gBACvF,kFAAkF;gBAClF,uEAAuE;gBACvE,uCAAuC;gBACvC,MAAM,CAAC,IAAI,CACT;;;;kKAIwJ,CACzJ,CAAC;gBACF,yGAAyG;gBACzG,4FAA4F;gBAC5F,8FAA8F;gBAC9F,MAAM,OAAO,CAAC,MAAM,CAAC;oBACnB,kBAAkB,EAAE,GAAG,EAAE,CAAC,KAAK;iBAChC,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,+EAA+E;YAC/E,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC7B,MAAM,WAAW,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;gBACnC,OAAO,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;gBACtC,OAAO,IAAA,uBAAY,EAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;YAC7C,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;QACD,OAAO;IACT,CAAC;IAED;;;;OAIG;IACH,SAAS,YAAY,CACnB,MAAyB,EACzB,MAAmB,EACnB,eAAiC;;QAEjC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO,EAAE,CAAC;YACpB,OAAO,GAAG,IAAA,uBAAY,EAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;QACD,IAAA,+BAAoB,EAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,WAAW;YACzB,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;YAC9C,qBAAqB,EAAE,MAAA,MAAM,CAAC,SAAS,0CAAE,OAAO,EAAE;YAClD,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc;QAC3B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC;IAC/F,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,gBAAgB;QAC7B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;QACjD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QACD,OAAO,IAAA,uBAAY,EAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,KAAK,CAAC,SAA4B,EAAE;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAgC;YAChD,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,SAAS;SACrB,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,MAAM,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACtC,OAAO;YACT,CAAC;YACD,KAAK,OAAO;gBACV,OAAO,mBAAmB,CAAC,MAAM,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc,CAC3B,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,uCAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAA8B;YAC5C,SAAS,EAAE,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,SAAS,KAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,MAAM;YAC/B,OAAO,EAAE,IAAA,uBAAY,EAAC,aAAa,CAAC;YACpC,YAAY,EAAE,KAAK;YACnB,MAAM;SACP,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAC9D,OAAO,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,IAAA,0BAAe,EAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,uCAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAgC;YAC9C,SAAS,EAAE,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,SAAS,KAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,MAAM;YAC/B,OAAO,EAAE,IAAA,uBAAY,EAAC,aAAa,CAAC;YACpC,SAAS,EAAE,SAAS;YACpB,MAAM;SACP,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU;gBACb,gCAAgC;gBAChC,8DAA8D;gBAC9D,kDAAkD;gBAElD,MAAM,OAAO,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBAC/C,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,kBAAkB,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;YACnE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,UAAU,QAAQ,CACrB,MAAgB,EAChB,kBAAiD,EAAE;QAEnD,MAAM,gBAAgB,GACpB,IAAA,4CAAyB,EAAC,QAAQ,EAAE,eAAe,EAAE,4BAA4B,CAAC;YAClF,QAAQ,CAAC;QAEX,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC;YAC/B,eAAe,CAAC,SAAS,GAAG,IAAA,uBAAY,EAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;QAC5E,CAAC;QAED,uDAAuD;QACvD,MAAM,cAAc,EAAE,CAAC;QAEvB,IAAI,CAAC,CAAC,MAAM,gBAAgB,EAAE,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;YACnE,MAAM,KAAK,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;QAED,8EAA8E;QAC9E,IAAI,CAAC;YACH,OAAO,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC/C,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,IAAI,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,8BAA8B,EAAE,CAAC;gBACpD,MAAM,IAAI,uCAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe;oBACf,OAAO,EACL,qFAAqF;iBACxF,CAAC,CAAC;YACL,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,oEAAoE,UAAU,EAAE,CAAC,CAAC;YAC9F,OAAO,mBAAmB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IACD,OAAO;QACL,gBAAgB;QAChB,QAAQ;KACT,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as msalBrowser from \"@azure/msal-browser\";\n\nimport type { MsalBrowserFlowOptions } from \"./msalBrowserOptions.js\";\nimport {\n defaultLoggerCallback,\n ensureValidMsalToken,\n getAuthority,\n getKnownAuthorities,\n getMSALLogLevel,\n handleMsalError,\n msalToPublic,\n publicToMsal,\n} from \"../utils.js\";\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { AuthenticationRecord, MsalResult } from \"../types.js\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../../errors.js\";\nimport type { CredentialFlowGetTokenOptions } from \"../credentials.js\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { formatSuccess } from \"../../util/logging.js\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n resolveTenantId,\n} from \"../../util/tenantIdUtils.js\";\nimport { DefaultTenantId } from \"../../constants.js\";\n\n/*\n Generates a MSAL configuration that generally works for browsers\n * @internal\n /\nfunction generateMsalBrowserConfiguration(\n options: MsalBrowserFlowOptions,\n): msalBrowser.Configuration {\n const tenantId = options.tenantId \|\| DefaultTenantId;\n const authority = getAuthority(tenantId, options.authorityHost);\n return {\n auth: {\n clientId: options.clientId!,\n authority,\n knownAuthorities: getKnownAuthorities(tenantId, authority, options.disableInstanceDiscovery),\n // If the users picked redirect as their login style,\n // but they didn't provide a redirectUri,\n // we can try to use the current page we're in as a default value.\n redirectUri: options.redirectUri \|\| self.location.origin,\n },\n cache: {\n cacheLocation: \"sessionStorage\",\n storeAuthStateInCookie: true, // Set to true to improve the experience on IE11 and Edge.\n },\n system: {\n loggerOptions: {\n loggerCallback: defaultLoggerCallback(options.logger, \"Browser\"),\n logLevel: getMSALLogLevel(getLogLevel()),\n piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,\n },\n },\n };\n}\n\n/\n Methods that are used by InteractiveBrowserCredential\n * @internal\n /\nexport interface MsalBrowserClient {\n getActiveAccount(): Promise<AuthenticationRecord \| undefined>;\n getToken(scopes: string[], options: CredentialFlowGetTokenOptions): Promise<AccessToken>;\n}\n\n// We keep a copy of the redirect hash.\nconst redirectHash = self.location.hash;\n\n/\n Uses MSAL Browser 2.X for browser authentication,\n * which uses the [Auth Code Flow](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * @internal\n /\nexport function createMsalBrowserClient(options: MsalBrowserFlowOptions): MsalBrowserClient {\n const loginStyle = options.loginStyle;\n if (!options.clientId) {\n throw new CredentialUnavailableError(\"A client ID is required in browsers\");\n }\n const clientId = options.clientId;\n const logger = options.logger;\n const tenantId = resolveTenantId(logger, options.tenantId, options.clientId);\n const additionallyAllowedTenantIds: string[] = resolveAdditionallyAllowedTenantIds(\n options?.tokenCredentialOptions?.additionallyAllowedTenants,\n );\n const authorityHost = options.authorityHost;\n const msalConfig = generateMsalBrowserConfiguration(options);\n const disableAutomaticAuthentication = options.disableAutomaticAuthentication;\n const loginHint = options.loginHint;\n\n let account: AuthenticationRecord \| undefined;\n if (options.authenticationRecord) {\n account = {\n ...options.authenticationRecord,\n tenantId,\n };\n }\n\n // This variable should only be used through calling `getApp` function\n let app: msalBrowser.IPublicClientApplication;\n /\n Return the MSAL account if not set yet\n * @returns MSAL application\n /\n async function getApp(): Promise<msalBrowser.IPublicClientApplication> {\n if (!app) {\n // Prepare the MSAL application\n app = await msalBrowser.PublicClientApplication.createPublicClientApplication(msalConfig);\n\n // setting the account right after the app is created.\n if (account) {\n app.setActiveAccount(publicToMsal(account));\n }\n }\n\n return app;\n }\n\n /\n Loads the account based on the result of the authentication.\n * If no result was received, tries to load the account from the cache.\n * @param result - Result object received from MSAL.\n /\n async function handleBrowserResult(\n result?: msalBrowser.AuthenticationResult,\n ): Promise<AuthenticationRecord \| undefined> {\n try {\n const msalApp = await getApp();\n if (result && result.account) {\n logger.info(`MSAL Browser V2 authentication successful.`);\n msalApp.setActiveAccount(result.account);\n return msalToPublic(clientId, result.account);\n }\n\n // If by this point we happen to have an active account, we should stop trying to parse this.\n const activeAccount = msalApp.getActiveAccount();\n if (activeAccount) {\n return msalToPublic(clientId, activeAccount);\n }\n\n // If we don't have an active account, we try to activate it from all the already loaded accounts.\n const allAccounts = app.getAllAccounts();\n if (allAccounts.length > 1) {\n // If there's more than one account in memory, we force the user to authenticate again.\n // At this point we can't identify which account should this credential work with,\n // since at this point the user won't have provided enough information.\n // We log a message in case that helps.\n logger.info(\n `More than one account was found authenticated for this Client ID and Tenant ID.\n However, no \"authenticationRecord\" has been provided for this credential,\n therefore we're unable to pick between these accounts.\n A new login attempt will be requested, to ensure the correct account is picked.\n To work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing \"InteractiveBrowserCredential\".`,\n );\n // To safely trigger a new login, we're also ensuring the local cache is cleared up for this MSAL object.\n // However, we want to avoid kicking the user out of their authentication on the Azure side.\n // We do this by calling to logout while specifying a `onRedirectNavigate` that returns false.\n await msalApp.logout({\n onRedirectNavigate: () => false,\n });\n return;\n }\n\n // If there's only one account for this MSAL object, we can safely activate it.\n if (allAccounts.length === 1) {\n const msalAccount = allAccounts[0];\n msalApp.setActiveAccount(msalAccount);\n return msalToPublic(clientId, msalAccount);\n }\n\n logger.info(`No accounts were found through MSAL.`);\n } catch (e: any) {\n logger.info(`Failed to acquire token through MSAL. ${e.message}`);\n }\n return;\n }\n\n /\n Handles the MSAL authentication result.\n * If the result has an account, we update the local account reference.\n * If the token received is invalid, an error will be thrown depending on what's missing.\n /\n function handleResult(\n scopes: string \| string[],\n result?: MsalResult,\n getTokenOptions?: GetTokenOptions,\n ): AccessToken {\n if (result?.account) {\n account = msalToPublic(clientId, result.account);\n }\n ensureValidMsalToken(scopes, result, getTokenOptions);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: result.accessToken,\n expiresOnTimestamp: result.expiresOn.getTime(),\n refreshAfterTimestamp: result.refreshOn?.getTime(),\n tokenType: \"Bearer\",\n };\n }\n\n /\n Uses MSAL to handle the redirect.\n /\n async function handleRedirect(): Promise<AuthenticationRecord \| undefined> {\n const msalApp = await getApp();\n return handleBrowserResult((await msalApp.handleRedirectPromise(redirectHash)) \|\| undefined);\n }\n\n /\n Uses MSAL to retrieve the active account.\n /\n async function getActiveAccount(): Promise<AuthenticationRecord \| undefined> {\n const msalApp = await getApp();\n const activeAccount = msalApp.getActiveAccount();\n if (!activeAccount) {\n return;\n }\n return msalToPublic(clientId, activeAccount);\n }\n\n /\n Uses MSAL to trigger a redirect or a popup login.\n /\n async function login(scopes: string \| string[] = []): Promise<AuthenticationRecord \| undefined> {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n const loginRequest: msalBrowser.RedirectRequest = {\n scopes: arrayScopes,\n loginHint: loginHint,\n };\n const msalApp = await getApp();\n switch (loginStyle) {\n case \"redirect\": {\n await app.loginRedirect(loginRequest);\n return;\n }\n case \"popup\":\n return handleBrowserResult(await msalApp.loginPopup(loginRequest));\n }\n }\n\n /\n Tries to retrieve the token silently using MSAL.\n /\n async function getTokenSilent(\n scopes: string[],\n getTokenOptions?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n const activeAccount = await getActiveAccount();\n if (!activeAccount) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const parameters: msalBrowser.SilentRequest = {\n authority: getTokenOptions?.authority \|\| msalConfig.auth.authority!,\n correlationId: getTokenOptions?.correlationId,\n claims: getTokenOptions?.claims,\n account: publicToMsal(activeAccount),\n forceRefresh: false,\n scopes,\n };\n\n try {\n logger.info(\"Attempting to acquire token silently\");\n const msalApp = await getApp();\n const response = await msalApp.acquireTokenSilent(parameters);\n return handleResult(scopes, response);\n } catch (err: any) {\n throw handleMsalError(scopes, err, options);\n }\n }\n\n /\n Attempts to retrieve the token in the browser through interactive methods.\n /\n async function getTokenInteractive(\n scopes: string[],\n getTokenOptions?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n const activeAccount = await getActiveAccount();\n if (!activeAccount) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const parameters: msalBrowser.RedirectRequest = {\n authority: getTokenOptions?.authority \|\| msalConfig.auth.authority!,\n correlationId: getTokenOptions?.correlationId,\n claims: getTokenOptions?.claims,\n account: publicToMsal(activeAccount),\n loginHint: loginHint,\n scopes,\n };\n const msalApp = await getApp();\n switch (loginStyle) {\n case \"redirect\":\n // This will go out of the page.\n // Once the InteractiveBrowserCredential is initialized again,\n // we'll load the MSAL account in the constructor.\n\n await msalApp.acquireTokenRedirect(parameters);\n return { token: \"\", expiresOnTimestamp: 0, tokenType: \"Bearer\" };\n case \"popup\":\n return handleResult(scopes, await app.acquireTokenPopup(parameters));\n }\n }\n\n /\n Attempts to get token through the silent flow.\n * If failed, get token through interactive method with `doGetToken` method.\n */\n async function getToken(\n scopes: string[],\n getTokenOptions: CredentialFlowGetTokenOptions = {},\n ): Promise<AccessToken> {\n const getTokenTenantId =\n processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds) \|\|\n tenantId;\n\n if (!getTokenOptions.authority) {\n getTokenOptions.authority = getAuthority(getTokenTenantId, authorityHost);\n }\n\n // We ensure that redirection is handled at this point.\n await handleRedirect();\n\n if (!(await getActiveAccount()) && !disableAutomaticAuthentication) {\n await login(scopes);\n }\n\n // Attempts to get the token silently; else, falls back to interactive method.\n try {\n return await getTokenSilent(scopes, getTokenOptions);\n } catch (err: any) {\n if (err.name !== \"AuthenticationRequiredError\") {\n throw err;\n }\n if (getTokenOptions?.disableAutomaticAuthentication) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions,\n message:\n \"Automatic authentication has been disabled. You may call the authenticate() method.\",\n });\n }\n logger.info(`Silent authentication failed, falling back to interactive method ${loginStyle}`);\n return getTokenInteractive(scopes, getTokenOptions);\n }\n }\n return {\n getActiveAccount,\n getToken,\n };\n}\n"]}

package/dist/commonjs/msal/browserFlows/msalBrowserOptions.d.ts ADDED Viewed

@@ -0,0 +1,87 @@
+import type { AuthenticationRecord } from "../types.js";
+import type { BrowserLoginStyle } from "../../credentials/interactiveBrowserCredentialOptions.js";
+import type { LogPolicyOptions } from "@azure/core-rest-pipeline";
+import type { MultiTenantTokenCredentialOptions } from "../../credentials/multiTenantTokenCredentialOptions.js";
+import type { CredentialLogger } from "../../util/logging.js";
+/**
+ * Options for the MSAL browser flows.
+ * @internal
+ */
+export interface MsalBrowserFlowOptions {
+    logger: CredentialLogger;
+    /**
+     * The Client ID of the Microsoft Entra application that users will sign into.
+     * This parameter is required on the browser.
+     */
+    clientId?: string;
+    /**
+     * The Microsoft Entra tenant (directory) ID.
+     */
+    tenantId?: string;
+    /**
+     * The authority host to use for authentication requests.
+     * Possible values are available through {@link AzureAuthorityHosts}.
+     * The default is "https://login.microsoftonline.com".
+     */
+    authorityHost?: string;
+    /**
+     * Result of a previous authentication that can be used to retrieve the cached credentials of each individual account.
+     * This is necessary to provide in case the application wants to work with more than one account per
+     * Client ID and Tenant ID pair.
+     *
+     * This record can be retrieved by calling to the credential's `authenticate()` method, as follows:
+     *
+     *     const authenticationRecord = await credential.authenticate();
+     *
+     */
+    authenticationRecord?: AuthenticationRecord;
+    /**
+     * Makes getToken throw if a manual authentication is necessary.
+     * Developers will need to call to `authenticate()` to control when to manually authenticate.
+     */
+    disableAutomaticAuthentication?: boolean;
+    /**
+     * The field determines whether instance discovery is performed when attempting to authenticate.
+     * Setting this to `true` will completely disable both instance discovery and authority validation.
+     * As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.
+     * This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.
+     * The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.
+     */
+    disableInstanceDiscovery?: boolean;
+    /**
+     * Options for multi-tenant applications which allows for additionally allowed tenants.
+     */
+    tokenCredentialOptions: MultiTenantTokenCredentialOptions;
+    /**
+     * Gets the redirect URI of the application. This should be same as the value
+     * in the application registration portal.  Defaults to `window.location.href`.
+     * This field is no longer required for Node.js.
+     */
+    redirectUri?: string;
+    /**
+     * Specifies whether a redirect or a popup window should be used to
+     * initiate the user authentication flow. Possible values are "redirect"
+     * or "popup" (default) for browser and "popup" (default) for node.
+     *
+     */
+    loginStyle: BrowserLoginStyle;
+    /**
+     * loginHint allows a user name to be pre-selected for interactive logins.
+     * Setting this option skips the account selection prompt and immediately attempts to login with the specified account.
+     */
+    loginHint?: string;
+    /**
+     * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.
+     */
+    loggingOptions?: LogPolicyOptions & {
+        /**
+         * Allows logging account information once the authentication flow succeeds.
+         */
+        allowLoggingAccountIdentifiers?: boolean;
+        /**
+         * Allows logging personally identifiable information for customer support.
+         */
+        enableUnsafeSupportLogging?: boolean;
+    };
+}
+//# sourceMappingURL=msalBrowserOptions.d.ts.map