npm - @azure/identity - Versions diffs - 4.7.1-alpha.20250218.5 → 4.7.1-alpha.20250220.3 - Mend

@azure/identity 4.7.1-alpha.20250218.5 → 4.7.1-alpha.20250220.3

Files changed (64) hide show

package/dist/commonjs/msal/browserFlows/msalBrowserOptions.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"msalBrowserOptions.d.ts","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,0DAA0D,CAAC;AAClG,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wDAAwD,CAAC;AAChH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAE9D;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,gBAAgB,CAAC;IAEzB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;;;;;;;OASG;IACH,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAE5C;;;OAGG;IACH,8BAA8B,CAAC,EAAE,OAAO,CAAC;IAEzC;;;;;;OAMG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAEnC;;OAEG;IACH,sBAAsB,EAAE,iCAAiC,CAAC;IAE1D;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;;OAKG;IACH,UAAU,EAAE,iBAAiB,CAAC;IAE9B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,cAAc,CAAC,EAAE,gBAAgB,GAAG;QAClC;;WAEG;QACH,8BAA8B,CAAC,EAAE,OAAO,CAAC;QACzC;;WAEG;QACH,0BAA0B,CAAC,EAAE,OAAO,CAAC;KACtC,CAAC;CACH"}

package/dist/commonjs/msal/browserFlows/{flows.js → msalBrowserOptions.js} RENAMED Viewed

@@ -2,4 +2,4 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=flows.js.map
+//# sourceMappingURL=msalBrowserOptions.js.map

package/dist/commonjs/msal/browserFlows/msalBrowserOptions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"msalBrowserOptions.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthenticationRecord } from \"../types.js\";\nimport type { BrowserLoginStyle } from \"../../credentials/interactiveBrowserCredentialOptions.js\";\nimport type { LogPolicyOptions } from \"@azure/core-rest-pipeline\";\nimport type { MultiTenantTokenCredentialOptions } from \"../../credentials/multiTenantTokenCredentialOptions.js\";\nimport type { CredentialLogger } from \"../../util/logging.js\";\n\n/**\n * Options for the MSAL browser flows.\n * @internal\n */\nexport interface MsalBrowserFlowOptions {\n logger: CredentialLogger;\n\n /**\n * The Client ID of the Microsoft Entra application that users will sign into.\n * This parameter is required on the browser.\n */\n clientId?: string;\n\n /**\n * The Microsoft Entra tenant (directory) ID.\n */\n tenantId?: string;\n\n /**\n * The authority host to use for authentication requests.\n * Possible values are available through {@link AzureAuthorityHosts}.\n * The default is \"https://login.microsoftonline.com\".\n */\n authorityHost?: string;\n\n /**\n * Result of a previous authentication that can be used to retrieve the cached credentials of each individual account.\n * This is necessary to provide in case the application wants to work with more than one account per\n * Client ID and Tenant ID pair.\n *\n * This record can be retrieved by calling to the credential's `authenticate()` method, as follows:\n *\n * const authenticationRecord = await credential.authenticate();\n *\n */\n authenticationRecord?: AuthenticationRecord;\n\n /**\n * Makes getToken throw if a manual authentication is necessary.\n * Developers will need to call to `authenticate()` to control when to manually authenticate.\n */\n disableAutomaticAuthentication?: boolean;\n\n /**\n * The field determines whether instance discovery is performed when attempting to authenticate.\n * Setting this to `true` will completely disable both instance discovery and authority validation.\n * As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.\n * This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.\n * The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.\n */\n disableInstanceDiscovery?: boolean;\n\n /**\n * Options for multi-tenant applications which allows for additionally allowed tenants.\n */\n tokenCredentialOptions: MultiTenantTokenCredentialOptions;\n\n /**\n * Gets the redirect URI of the application. This should be same as the value\n * in the application registration portal. Defaults to `window.location.href`.\n * This field is no longer required for Node.js.\n */\n redirectUri?: string;\n\n /**\n * Specifies whether a redirect or a popup window should be used to\n * initiate the user authentication flow. Possible values are \"redirect\"\n * or \"popup\" (default) for browser and \"popup\" (default) for node.\n *\n */\n loginStyle: BrowserLoginStyle;\n\n /**\n * loginHint allows a user name to be pre-selected for interactive logins.\n * Setting this option skips the account selection prompt and immediately attempts to login with the specified account.\n */\n loginHint?: string;\n\n /**\n * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.\n */\n loggingOptions?: LogPolicyOptions & {\n /**\n * Allows logging account information once the authentication flow succeeds.\n */\n allowLoggingAccountIdentifiers?: boolean;\n /**\n * Allows logging personally identifiable information for customer support.\n */\n enableUnsafeSupportLogging?: boolean;\n };\n}\n"]}

package/dist/commonjs/tsdoc-metadata.json CHANGED Viewed

@@ -5,7 +5,7 @@
   "toolPackages": [
     {
       "packageName": "@microsoft/api-extractor",
-      "packageVersion": "7.49.2"
+      "packageVersion": "7.50.0"
     }
   ]
 }

package/dist/esm/credentials/usernamePasswordCredential.d.ts CHANGED Viewed

@@ -22,6 +22,8 @@ export declare class UsernamePasswordCredential implements TokenCredential {
      * @param username - The user account's e-mail address (user name).
      * @param password - The user account's account password
      * @param options - Options for configuring the client which makes the authentication request.
+     *
+     * @deprecated UsernamePasswordCredential is deprecated. Use a more secure credential. See https://aka.ms/azsdk/identity/mfa for details.
      */
     constructor(tenantId: string, clientId: string, username: string, password: string, options?: UsernamePasswordCredentialOptions);
     /**

package/dist/esm/credentials/usernamePasswordCredential.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"usernamePasswordCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAStF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAOhG;;;;;GAKG;AACH,qBAAa,0BAA2B,YAAW,eAAe;IAChE,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,QAAQ,CAAS;IAEzB~~;;;;;;;;;;OAUG~~;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,iCAAsC;IAwCjD;;;;;;;;;;;OAWG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;CAsB/F"}
1	+ {"version":3,"file":"usernamePasswordCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAStF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAOhG;;;;;GAKG;AACH,qBAAa,0BAA2B,YAAW,eAAe;IAChE,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,QAAQ,CAAS;IAEzB;;;;;;;;;;;;OAYG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,iCAAsC;IAwCjD;;;;;;;;;;;OAWG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;CAsB/F"}

package/dist/esm/credentials/usernamePasswordCredential.js CHANGED Viewed

@@ -24,6 +24,8 @@ export class UsernamePasswordCredential {
      * @param username - The user account's e-mail address (user name).
      * @param password - The user account's account password
      * @param options - Options for configuring the client which makes the authentication request.
+     *
+     * @deprecated UsernamePasswordCredential is deprecated. Use a more secure credential. See https://aka.ms/azsdk/identity/mfa for details.
      */
     constructor(tenantId, clientId, username, password, options = {}) {
         if (!tenantId) {

package/dist/esm/credentials/usernamePasswordCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"usernamePasswordCredential.js","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAE1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;GAKG;AACH,MAAM,OAAO,0BAA0B;IAOrC~~;;;;;;;;;;OAUG~~;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,UAA6C,EAAE;QAE/C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,kCACrD,OAAO,KACV,sBAAsB,EAAE,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,IACrC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,UAAU,CAAC,0BAA0B,CAC/C,WAAW,EACX,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,QAAQ,EACb,UAAU,CACX,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\n\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { UsernamePasswordCredentialOptions } from \"./usernamePasswordCredentialOptions.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/*\n Enables authentication to Microsoft Entra ID with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n /\nexport class UsernamePasswordCredential implements TokenCredential {\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private msalClient: MsalClient;\n private username: string;\n private password: string;\n\n /\n Creates an instance of the UsernamePasswordCredential with the details\n * needed to authenticate against Microsoft Entra ID with a username\n * and password.\n \n @param tenantId - The Microsoft Entra tenant (directory).\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param username - The user account's e-mail address (user name).\n * @param password - The user account's account password\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n username: string,\n password: string,\n options: UsernamePasswordCredentialOptions = {},\n ) {\n if (!tenantId) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n if (!clientId) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n if (!username) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: username is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n if (!password) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: password is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n this.username = username;\n this.password = password;\n\n this.msalClient = createMsalClient(clientId, this.tenantId, {\n ...options,\n tokenCredentialOptions: options ?? {},\n });\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n If the user provided the option `disableAutomaticAuthentication`,\n * once the token can't be retrieved silently,\n * this method won't attempt to request user interaction to retrieve the token.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n logger,\n );\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalClient.getTokenByUsernamePassword(\n arrayScopes,\n this.username,\n this.password,\n newOptions,\n );\n },\n );\n }\n}\n"]}
1	+ {"version":3,"file":"usernamePasswordCredential.js","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAE1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;GAKG;AACH,MAAM,OAAO,0BAA0B;IAOrC;;;;;;;;;;;;OAYG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,UAA6C,EAAE;QAE/C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,kCACrD,OAAO,KACV,sBAAsB,EAAE,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,IACrC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,UAAU,CAAC,0BAA0B,CAC/C,WAAW,EACX,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,QAAQ,EACb,UAAU,CACX,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\n\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { UsernamePasswordCredentialOptions } from \"./usernamePasswordCredentialOptions.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/*\n Enables authentication to Microsoft Entra ID with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n /\nexport class UsernamePasswordCredential implements TokenCredential {\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private msalClient: MsalClient;\n private username: string;\n private password: string;\n\n /\n Creates an instance of the UsernamePasswordCredential with the details\n * needed to authenticate against Microsoft Entra ID with a username\n * and password.\n \n @param tenantId - The Microsoft Entra tenant (directory).\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param username - The user account's e-mail address (user name).\n * @param password - The user account's account password\n * @param options - Options for configuring the client which makes the authentication request.\n \n @deprecated UsernamePasswordCredential is deprecated. Use a more secure credential. See https://aka.ms/azsdk/identity/mfa for details.\n /\n constructor(\n tenantId: string,\n clientId: string,\n username: string,\n password: string,\n options: UsernamePasswordCredentialOptions = {},\n ) {\n if (!tenantId) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n if (!clientId) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n if (!username) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: username is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n if (!password) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: password is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n this.username = username;\n this.password = password;\n\n this.msalClient = createMsalClient(clientId, this.tenantId, {\n ...options,\n tokenCredentialOptions: options ?? {},\n });\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n If the user provided the option `disableAutomaticAuthentication`,\n * once the token can't be retrieved silently,\n * this method won't attempt to request user interaction to retrieve the token.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n logger,\n );\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalClient.getTokenByUsernamePassword(\n arrayScopes,\n this.username,\n this.password,\n newOptions,\n );\n },\n );\n }\n}\n"]}

package/dist/esm/msal/browserFlows/msalBrowserCommon.d.ts CHANGED Viewed

@@ -1,106 +1,19 @@
-import type * as msalBrowser from "@azure/msal-browser";
-import type { AccessToken, GetTokenOptions } from "@azure/core-auth";
-import type { AuthenticationRecord, MsalResult } from "../types.js";
-import type { CredentialLogger } from "../../util/logging.js";
-import type { MsalFlow, MsalFlowOptions } from "./flows.js";
-import type { BrowserLoginStyle } from "../../credentials/interactiveBrowserCredentialOptions.js";
+import type { MsalBrowserFlowOptions } from "./msalBrowserOptions.js";
+import type { AccessToken } from "@azure/core-auth";
+import type { AuthenticationRecord } from "../types.js";
 import type { CredentialFlowGetTokenOptions } from "../credentials.js";
-import type { LogPolicyOptions } from "@azure/core-rest-pipeline";
-import type { MultiTenantTokenCredentialOptions } from "../../credentials/multiTenantTokenCredentialOptions.js";
 /**
- * Union of the constructor parameters that all MSAL flow types take.
- * Some properties might not be used by some flow types.
- */
-export interface MsalBrowserFlowOptions extends MsalFlowOptions {
-    tokenCredentialOptions: MultiTenantTokenCredentialOptions;
-    redirectUri?: string;
-    loginStyle: BrowserLoginStyle;
-    loginHint?: string;
-    /**
-     * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.
-     */
-    loggingOptions?: LogPolicyOptions & {
-        /**
-         * Allows logging account information once the authentication flow succeeds.
-         */
-        allowLoggingAccountIdentifiers?: boolean;
-        /**
-         * Allows logging personally identifiable information for customer support.
-         */
-        enableUnsafeSupportLogging?: boolean;
-    };
-}
-/**
- * The common methods we use to work with the MSAL browser flows.
+ * Methods that are used by InteractiveBrowserCredential
  * @internal
  */
-export interface MsalBrowserFlow extends MsalFlow {
-    login(scopes?: string[]): Promise<AuthenticationRecord | undefined>;
-    handleRedirect(): Promise<AuthenticationRecord | undefined>;
+export interface MsalBrowserClient {
+    getActiveAccount(): Promise<AuthenticationRecord | undefined>;
+    getToken(scopes: string[], options: CredentialFlowGetTokenOptions): Promise<AccessToken>;
 }
 /**
- * Generates a MSAL configuration that generally works for browsers
+ * Uses MSAL Browser 2.X for browser authentication,
+ * which uses the [Auth Code Flow](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).
  * @internal
  */
-export declare function defaultBrowserMsalConfig(options: MsalBrowserFlowOptions): msalBrowser.Configuration;
-/**
- * MSAL partial base client for the browsers.
- *
- * It completes the input configuration with some default values.
- * It also provides with utility protected methods that can be used from any of the clients,
- * which includes handlers for successful responses and errors.
- *
- * @internal
- */
-export declare abstract class MsalBrowser implements MsalBrowserFlow {
-    protected loginStyle: BrowserLoginStyle;
-    protected clientId: string;
-    protected tenantId: string;
-    protected additionallyAllowedTenantIds: string[];
-    protected authorityHost?: string;
-    protected account: AuthenticationRecord | undefined;
-    protected msalConfig: msalBrowser.Configuration;
-    protected disableAutomaticAuthentication?: boolean;
-    protected app?: msalBrowser.IPublicClientApplication;
-    protected logger: CredentialLogger;
-    constructor(options: MsalBrowserFlowOptions);
-    /**
-     * In the browsers we don't need to init()
-     */
-    init(): Promise<void>;
-    /**
-     * Attempts to handle a redirection request the least amount of times possible.
-     */
-    abstract handleRedirect(): Promise<AuthenticationRecord | undefined>;
-    /**
-     * Clears MSAL's cache.
-     */
-    logout(): Promise<void>;
-    /**
-     * Uses MSAL to retrieve the active account.
-     */
-    abstract getActiveAccount(): Promise<AuthenticationRecord | undefined>;
-    /**
-     * Uses MSAL to trigger a redirect or a popup login.
-     */
-    abstract login(scopes?: string | string[]): Promise<AuthenticationRecord | undefined>;
-    /**
-     * Attempts to retrieve a token from cache.
-     */
-    abstract getTokenSilent(scopes: string[]): Promise<AccessToken>;
-    /**
-     * Attempts to retrieve the token in the browser.
-     */
-    protected abstract doGetToken(scopes: string[]): Promise<AccessToken>;
-    /**
-     * Attempts to retrieve an authenticated token from MSAL.
-     */
-    getToken(scopes: string[], options?: CredentialFlowGetTokenOptions): Promise<AccessToken>;
-    /**
-     * Handles the MSAL authentication result.
-     * If the result has an account, we update the local account reference.
-     * If the token received is invalid, an error will be thrown depending on what's missing.
-     */
-    protected handleResult(scopes: string | string[], result?: MsalResult, getTokenOptions?: GetTokenOptions): AccessToken;
-}
+export declare function createMsalBrowserClient(options: MsalBrowserFlowOptions): MsalBrowserClient;
 //# sourceMappingURL=msalBrowserCommon.d.ts.map

package/dist/esm/msal/browserFlows/msalBrowserCommon.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"msalBrowserCommon.d.ts","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":"~~AAGA~~,OAAO,KAAK,~~KAAK~~,~~WAAW~~,MAAM,~~qBAAqB~~,CAAC;~~AAExD~~,OAAO,KAAK,EAAE,WAAW,~~EAAE~~,~~eAAe,EAAE,~~MAAM,kBAAkB,CAAC;AACrE,OAAO,KAAK,EAAE,oBAAoB,~~EAAE~~,~~UAAU,EAAE,~~MAAM,aAAa,CAAC;AAEpE,OAAO,KAAK,EAAE,~~gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAE9D,OAAO,KAAK,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAQ5D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,0DAA0D,CAAC;AAClG,OAAO,KAAK,EAAE,~~6BAA6B,EAAE,MAAM,mBAAmB,CAAC;~~AAEvE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wDAAwD,CAAC;AAEhH~~;;;GAGG;AACH,MAAM,WAAW,~~sBAAuB,SAAQ,eAAe;IAC7D,sBAAsB,EAAE,iCAAiC,CAAC;IAC1D,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,~~iBAAiB~~,CAAC~~;~~IAC9B~~,~~SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,cAAc,CAAC,EAAE,~~gBAAgB,GAAG;QAClC;;WAEG;QACH,8BAA8B,CAAC,EAAE,OAAO,CAAC;QACzC;;WAEG;QACH,0BAA0B,CAAC,EAAE,OAAO,CAAC;KACtC,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,eAAgB,SAAQ,QAAQ;IAC/C,KAAK,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,CAAC;IACpE,cAAc,IAAI,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,CAAC;~~CAC7D;AAED;;;GAGG;AACH~~,~~wBAAgB,wBAAwB,CACtC,OAAO,EAAE,sBAAsB,GAC9B,WAAW,CAAC,aAAa,CAc3B;AAED;;;;;;;;GAQG;AACH,8BAAsB,WAAY,YAAW,eAAe;IAC1D,SAAS,CAAC,UAAU,EAAE,iBAAiB,CAAC;IACxC,SAAS,CAAC,~~QAAQ,~~EAAE,MAAM,~~CAAC~~;IAC3B~~,~~SAAS,CAAC,QAAQ,EAAE,~~MAAM,~~CAAC;IAC3B,SAAS,CAAC,4BAA4B,~~EAAE,MAAM,EAAE,~~CAAC;IACjD,SAAS,CAAC,aAAa,CAAC,~~EAAE,~~MAAM,CAAC;IACjC,SAAS,CAAC,~~OAAO,EAAE,~~oBAAoB~~,GAAG,~~SAAS~~,CAAC~~;IACpD~~,~~SAAS,CAAC,UAAU,EAAE,~~WAAW,CAAC,~~aAAa,~~CAAC;~~IAChD,SAAS,CAAC,8BAA8B,CAAC,EAAE,OAAO,CAAC~~;~~IACnD,SAAS,CAAC,GAAG,CAAC,EAAE,WAAW,CAAC,wBAAwB,CAAC~~;~~IACrD~~,~~SAAS~~,~~CAAC~~,~~MAAM,EAAE,gBAAgB,~~CAAC~~;gBAEvB~~,OAAO,EAAE,sBAAsB~~;IAuB3C;;OAEG;IACG~~,~~IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAI3B;;OAEG;aACa,cAAc,IAAI,OAAO,CAAC,oBAAoB,~~GAAG,~~SAAS~~,CAAC;IAE3E;;OAEG;IACG,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAI7B;;OAEG;aACa,gBAAgB,IAAI,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC;IAE7E;;OAEG;aACa,KAAK,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC;IAE5F;;OAEG;aACa,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC;IAEtE;;OAEG;IACH,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC;IAErE;;OAEG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,EAAE,EAChB,OAAO,GAAE,6BAAkC,GAC1C,OAAO,CAAC,WAAW,CAAC;IAkCvB;;;;OAIG;IACH,SAAS,CAAC,YAAY,CACpB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,MAAM,CAAC,EAAE,UAAU,EACnB,eAAe,CAAC,EAAE,eAAe,GAChC,WAAW;CAaf"}
1	+ {"version":3,"file":"msalBrowserCommon.d.ts","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AAYtE,OAAO,KAAK,EAAE,WAAW,EAAmB,MAAM,kBAAkB,CAAC;AACrE,OAAO,KAAK,EAAE,oBAAoB,EAAc,MAAM,aAAa,CAAC;AAEpE,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,mBAAmB,CAAC;AA2CvE;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,gBAAgB,IAAI,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,CAAC;IAC9D,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,6BAA6B,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;CAC1F;AAKD;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,sBAAsB,GAAG,iBAAiB,CA+R1F"}

package/dist/esm/msal/browserFlows/msalBrowserCommon.js CHANGED Viewed

@@ -1,15 +1,18 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
+import * as msalBrowser from "@azure/msal-browser";
+import { defaultLoggerCallback, ensureValidMsalToken, getAuthority, getKnownAuthorities, getMSALLogLevel, handleMsalError, msalToPublic, publicToMsal, } from "../utils.js";
 import { AuthenticationRequiredError, CredentialUnavailableError } from "../../errors.js";
+import { getLogLevel } from "@azure/logger";
 import { formatSuccess } from "../../util/logging.js";
-import { ensureValidMsalToken, getAuthority, getKnownAuthorities, msalToPublic } from "../utils.js";
 import { processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, resolveTenantId, } from "../../util/tenantIdUtils.js";
 import { DefaultTenantId } from "../../constants.js";
 /**
  * Generates a MSAL configuration that generally works for browsers
  * @internal
  */
-export function defaultBrowserMsalConfig(options) {
+function generateMsalBrowserConfiguration(options) {
+    var _a;
     const tenantId = options.tenantId || DefaultTenantId;
     const authority = getAuthority(tenantId, options.authorityHost);
     return {
@@ -22,89 +25,124 @@ export function defaultBrowserMsalConfig(options) {
             // we can try to use the current page we're in as a default value.
             redirectUri: options.redirectUri || self.location.origin,
         },
+        cache: {
+            cacheLocation: "sessionStorage",
+            storeAuthStateInCookie: true, // Set to true to improve the experience on IE11 and Edge.
+        },
+        system: {
+            loggerOptions: {
+                loggerCallback: defaultLoggerCallback(options.logger, "Browser"),
+                logLevel: getMSALLogLevel(getLogLevel()),
+                piiLoggingEnabled: (_a = options.loggingOptions) === null || _a === void 0 ? void 0 : _a.enableUnsafeSupportLogging,
+            },
+        },
     };
 }
+// We keep a copy of the redirect hash.
+const redirectHash = self.location.hash;
 /**
- * MSAL partial base client for the browsers.
- *
- * It completes the input configuration with some default values.
- * It also provides with utility protected methods that can be used from any of the clients,
- * which includes handlers for successful responses and errors.
- *
+ * Uses MSAL Browser 2.X for browser authentication,
+ * which uses the [Auth Code Flow](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).
  * @internal
  */
-export class MsalBrowser {
-    constructor(options) {
-        var _a;
-        this.logger = options.logger;
-        this.loginStyle = options.loginStyle;
-        if (!options.clientId) {
-            throw new CredentialUnavailableError("A client ID is required in browsers");
-        }
-        this.clientId = options.clientId;
-        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds((_a = options === null || options === void 0 ? void 0 : options.tokenCredentialOptions) === null || _a === void 0 ? void 0 : _a.additionallyAllowedTenants);
-        this.tenantId = resolveTenantId(this.logger, options.tenantId, options.clientId);
-        this.authorityHost = options.authorityHost;
-        this.msalConfig = defaultBrowserMsalConfig(options);
-        this.disableAutomaticAuthentication = options.disableAutomaticAuthentication;
-        if (options.authenticationRecord) {
-            this.account = Object.assign(Object.assign({}, options.authenticationRecord), { tenantId: this.tenantId });
-        }
+export function createMsalBrowserClient(options) {
+    var _a;
+    const loginStyle = options.loginStyle;
+    if (!options.clientId) {
+        throw new CredentialUnavailableError("A client ID is required in browsers");
     }
-    /**
-     * In the browsers we don't need to init()
-     */
-    async init() {
-        // Nothing to do here.
+    const clientId = options.clientId;
+    const logger = options.logger;
+    const tenantId = resolveTenantId(logger, options.tenantId, options.clientId);
+    const additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds((_a = options === null || options === void 0 ? void 0 : options.tokenCredentialOptions) === null || _a === void 0 ? void 0 : _a.additionallyAllowedTenants);
+    const authorityHost = options.authorityHost;
+    const msalConfig = generateMsalBrowserConfiguration(options);
+    const disableAutomaticAuthentication = options.disableAutomaticAuthentication;
+    const loginHint = options.loginHint;
+    let account;
+    if (options.authenticationRecord) {
+        account = Object.assign(Object.assign({}, options.authenticationRecord), { tenantId });
     }
+    // This variable should only be used through calling `getApp` function
+    let app;
     /**
-     * Clears MSAL's cache.
+     * Return the MSAL account if not set yet
+     * @returns MSAL application
      */
-    async logout() {
-        var _a;
-        (_a = this.app) === null || _a === void 0 ? void 0 : _a.logout();
+    async function getApp() {
+        if (!app) {
+            // Prepare the MSAL application
+            app = await msalBrowser.PublicClientApplication.createPublicClientApplication(msalConfig);
+            // setting the account right after the app is created.
+            if (account) {
+                app.setActiveAccount(publicToMsal(account));
+            }
+        }
+        return app;
     }
     /**
-     * Attempts to retrieve an authenticated token from MSAL.
+     * Loads the account based on the result of the authentication.
+     * If no result was received, tries to load the account from the cache.
+     * @param result - Result object received from MSAL.
      */
-    async getToken(scopes, options = {}) {
-        const tenantId = processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds) ||
-            this.tenantId;
-        if (!options.authority) {
-            options.authority = getAuthority(tenantId, this.authorityHost);
-        }
-        // We ensure that redirection is handled at this point.
-        await this.handleRedirect();
-        if (!(await this.getActiveAccount()) && !this.disableAutomaticAuthentication) {
-            await this.login(scopes);
-        }
-        return this.getTokenSilent(scopes).catch((err) => {
-            if (err.name !== "AuthenticationRequiredError") {
-                throw err;
+    async function handleBrowserResult(result) {
+        try {
+            const msalApp = await getApp();
+            if (result && result.account) {
+                logger.info(`MSAL Browser V2 authentication successful.`);
+                msalApp.setActiveAccount(result.account);
+                return msalToPublic(clientId, result.account);
             }
-            if (options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication) {
-                throw new AuthenticationRequiredError({
-                    scopes,
-                    getTokenOptions: options,
-                    message: "Automatic authentication has been disabled. You may call the authentication() method.",
+            // If by this point we happen to have an active account, we should stop trying to parse this.
+            const activeAccount = msalApp.getActiveAccount();
+            if (activeAccount) {
+                return msalToPublic(clientId, activeAccount);
+            }
+            // If we don't have an active account, we try to activate it from all the already loaded accounts.
+            const allAccounts = app.getAllAccounts();
+            if (allAccounts.length > 1) {
+                // If there's more than one account in memory, we force the user to authenticate again.
+                // At this point we can't identify which account should this credential work with,
+                // since at this point the user won't have provided enough information.
+                // We log a message in case that helps.
+                logger.info(`More than one account was found authenticated for this Client ID and Tenant ID.
+  However, no "authenticationRecord" has been provided for this credential,
+  therefore we're unable to pick between these accounts.
+  A new login attempt will be requested, to ensure the correct account is picked.
+  To work with multiple accounts for the same Client ID and Tenant ID, please provide an "authenticationRecord" when initializing "InteractiveBrowserCredential".`);
+                // To safely trigger a new login, we're also ensuring the local cache is cleared up for this MSAL object.
+                // However, we want to avoid kicking the user out of their authentication on the Azure side.
+                // We do this by calling to logout while specifying a `onRedirectNavigate` that returns false.
+                await msalApp.logout({
+                    onRedirectNavigate: () => false,
                 });
+                return;
             }
-            this.logger.info(`Silent authentication failed, falling back to interactive method ${this.loginStyle}`);
-            return this.doGetToken(scopes);
-        });
+            // If there's only one account for this MSAL object, we can safely activate it.
+            if (allAccounts.length === 1) {
+                const msalAccount = allAccounts[0];
+                msalApp.setActiveAccount(msalAccount);
+                return msalToPublic(clientId, msalAccount);
+            }
+            logger.info(`No accounts were found through MSAL.`);
+        }
+        catch (e) {
+            logger.info(`Failed to acquire token through MSAL. ${e.message}`);
+        }
+        return;
     }
     /**
      * Handles the MSAL authentication result.
      * If the result has an account, we update the local account reference.
      * If the token received is invalid, an error will be thrown depending on what's missing.
      */
-    handleResult(scopes, result, getTokenOptions) {
+    function handleResult(scopes, result, getTokenOptions) {
         var _a;
         if (result === null || result === void 0 ? void 0 : result.account) {
-            this.account = msalToPublic(this.clientId, result.account);
+            account = msalToPublic(clientId, result.account);
         }
         ensureValidMsalToken(scopes, result, getTokenOptions);
-        this.logger.getToken.info(formatSuccess(scopes));
+        logger.getToken.info(formatSuccess(scopes));
         return {
             token: result.accessToken,
             expiresOnTimestamp: result.expiresOn.getTime(),
@@ -112,5 +150,142 @@ export class MsalBrowser {
             tokenType: "Bearer",
         };
     }
+    /**
+     * Uses MSAL to handle the redirect.
+     */
+    async function handleRedirect() {
+        const msalApp = await getApp();
+        return handleBrowserResult((await msalApp.handleRedirectPromise(redirectHash)) || undefined);
+    }
+    /**
+     * Uses MSAL to retrieve the active account.
+     */
+    async function getActiveAccount() {
+        const msalApp = await getApp();
+        const activeAccount = msalApp.getActiveAccount();
+        if (!activeAccount) {
+            return;
+        }
+        return msalToPublic(clientId, activeAccount);
+    }
+    /**
+     * Uses MSAL to trigger a redirect or a popup login.
+     */
+    async function login(scopes = []) {
+        const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
+        const loginRequest = {
+            scopes: arrayScopes,
+            loginHint: loginHint,
+        };
+        const msalApp = await getApp();
+        switch (loginStyle) {
+            case "redirect": {
+                await app.loginRedirect(loginRequest);
+                return;
+            }
+            case "popup":
+                return handleBrowserResult(await msalApp.loginPopup(loginRequest));
+        }
+    }
+    /**
+     * Tries to retrieve the token silently using MSAL.
+     */
+    async function getTokenSilent(scopes, getTokenOptions) {
+        const activeAccount = await getActiveAccount();
+        if (!activeAccount) {
+            throw new AuthenticationRequiredError({
+                scopes,
+                getTokenOptions,
+                message: "Silent authentication failed. We couldn't retrieve an active account from the cache.",
+            });
+        }
+        const parameters = {
+            authority: (getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.authority) || msalConfig.auth.authority,
+            correlationId: getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.correlationId,
+            claims: getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.claims,
+            account: publicToMsal(activeAccount),
+            forceRefresh: false,
+            scopes,
+        };
+        try {
+            logger.info("Attempting to acquire token silently");
+            const msalApp = await getApp();
+            const response = await msalApp.acquireTokenSilent(parameters);
+            return handleResult(scopes, response);
+        }
+        catch (err) {
+            throw handleMsalError(scopes, err, options);
+        }
+    }
+    /**
+     * Attempts to retrieve the token in the browser through interactive methods.
+     */
+    async function getTokenInteractive(scopes, getTokenOptions) {
+        const activeAccount = await getActiveAccount();
+        if (!activeAccount) {
+            throw new AuthenticationRequiredError({
+                scopes,
+                getTokenOptions,
+                message: "Silent authentication failed. We couldn't retrieve an active account from the cache.",
+            });
+        }
+        const parameters = {
+            authority: (getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.authority) || msalConfig.auth.authority,
+            correlationId: getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.correlationId,
+            claims: getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.claims,
+            account: publicToMsal(activeAccount),
+            loginHint: loginHint,
+            scopes,
+        };
+        const msalApp = await getApp();
+        switch (loginStyle) {
+            case "redirect":
+                // This will go out of the page.
+                // Once the InteractiveBrowserCredential is initialized again,
+                // we'll load the MSAL account in the constructor.
+                await msalApp.acquireTokenRedirect(parameters);
+                return { token: "", expiresOnTimestamp: 0, tokenType: "Bearer" };
+            case "popup":
+                return handleResult(scopes, await app.acquireTokenPopup(parameters));
+        }
+    }
+    /**
+     * Attempts to get token through the silent flow.
+     * If failed, get token through interactive method with `doGetToken` method.
+     */
+    async function getToken(scopes, getTokenOptions = {}) {
+        const getTokenTenantId = processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds) ||
+            tenantId;
+        if (!getTokenOptions.authority) {
+            getTokenOptions.authority = getAuthority(getTokenTenantId, authorityHost);
+        }
+        // We ensure that redirection is handled at this point.
+        await handleRedirect();
+        if (!(await getActiveAccount()) && !disableAutomaticAuthentication) {
+            await login(scopes);
+        }
+        // Attempts to get the token silently; else, falls back to interactive method.
+        try {
+            return await getTokenSilent(scopes, getTokenOptions);
+        }
+        catch (err) {
+            if (err.name !== "AuthenticationRequiredError") {
+                throw err;
+            }
+            if (getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.disableAutomaticAuthentication) {
+                throw new AuthenticationRequiredError({
+                    scopes,
+                    getTokenOptions,
+                    message: "Automatic authentication has been disabled. You may call the authenticate() method.",
+                });
+            }
+            logger.info(`Silent authentication failed, falling back to interactive method ${loginStyle}`);
+            return getTokenInteractive(scopes, getTokenOptions);
+        }
+    }
+    return {
+        getActiveAccount,
+        getToken,
+    };
 }
 //# sourceMappingURL=msalBrowserCommon.js.map