@azure/identity 4.8.1-alpha.20250409.1 → 4.9.0

package/dist/workerd/credentials/usernamePasswordCredential.js

@@ -0,0 +1,68 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
+import { processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, } from "../util/tenantIdUtils.js";
+import { CredentialUnavailableError } from "../errors.js";
+import { credentialLogger } from "../util/logging.js";
+import { ensureScopes } from "../util/scopeUtils.js";
+import { tracingClient } from "../util/tracing.js";
+const logger = credentialLogger("UsernamePasswordCredential");
+/**
+ * Enables authentication to Microsoft Entra ID with a user's
+ * username and password. This credential requires a high degree of
+ * trust so you should only use it when other, more secure credential
+ * types can't be used.
+ * @deprecated UsernamePasswordCredential is deprecated. Use a more secure credential. See https://aka.ms/azsdk/identity/mfa for details.
+ */
+export class UsernamePasswordCredential {
+    /**
+     * Creates an instance of the UsernamePasswordCredential with the details
+     * needed to authenticate against Microsoft Entra ID with a username
+     * and password.
+     *
+     * @param tenantId - The Microsoft Entra tenant (directory).
+     * @param clientId - The client (application) ID of an App Registration in the tenant.
+     * @param username - The user account's e-mail address (user name).
+     * @param password - The user account's account password
+     * @param options - Options for configuring the client which makes the authentication request.
+     */
+    constructor(tenantId, clientId, username, password, options = {}) {
+        if (!tenantId) {
+            throw new CredentialUnavailableError("UsernamePasswordCredential: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.");
+        }
+        if (!clientId) {
+            throw new CredentialUnavailableError("UsernamePasswordCredential: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.");
+        }
+        if (!username) {
+            throw new CredentialUnavailableError("UsernamePasswordCredential: username is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.");
+        }
+        if (!password) {
+            throw new CredentialUnavailableError("UsernamePasswordCredential: password is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.");
+        }
+        this.tenantId = tenantId;
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
+        this.username = username;
+        this.password = password;
+        this.msalClient = createMsalClient(clientId, this.tenantId, Object.assign(Object.assign({}, options), { tokenCredentialOptions: options !== null && options !== void 0 ? options : {} }));
+    }
+    /**
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * If the user provided the option `disableAutomaticAuthentication`,
+     * once the token can't be retrieved silently,
+     * this method won't attempt to request user interaction to retrieve the token.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                TokenCredential implementation might make.
+     */
+    async getToken(scopes, options = {}) {
+        return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
+            newOptions.tenantId = processMultiTenantRequest(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger);
+            const arrayScopes = ensureScopes(scopes);
+            return this.msalClient.getTokenByUsernamePassword(arrayScopes, this.username, this.password, newOptions);
+        });
+    }
+}
+//# sourceMappingURL=usernamePasswordCredential.js.map

package/dist/workerd/credentials/usernamePasswordCredential.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"usernamePasswordCredential.js","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAE1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;;GAMG;AACH,MAAM,OAAO,0BAA0B;IAOrC;;;;;;;;;;OAUG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,UAA6C,EAAE;QAE/C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,kCACrD,OAAO,KACV,sBAAsB,EAAE,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,IACrC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,UAAU,CAAC,0BAA0B,CAC/C,WAAW,EACX,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,QAAQ,EACb,UAAU,CACX,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\n\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { UsernamePasswordCredentialOptions } from \"./usernamePasswordCredentialOptions.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n * @deprecated UsernamePasswordCredential is deprecated. Use a more secure credential. See https://aka.ms/azsdk/identity/mfa for details.\n */\nexport class UsernamePasswordCredential implements TokenCredential {\n  private tenantId: string;\n  private additionallyAllowedTenantIds: string[];\n  private msalClient: MsalClient;\n  private username: string;\n  private password: string;\n\n  /**\n   * Creates an instance of the UsernamePasswordCredential with the details\n   * needed to authenticate against Microsoft Entra ID with a username\n   * and password.\n   *\n   * @param tenantId - The Microsoft Entra tenant (directory).\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param username - The user account's e-mail address (user name).\n   * @param password - The user account's account password\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    username: string,\n    password: string,\n    options: UsernamePasswordCredentialOptions = {},\n  ) {\n    if (!tenantId) {\n      throw new CredentialUnavailableError(\n        \"UsernamePasswordCredential: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n      );\n    }\n\n    if (!clientId) {\n      throw new CredentialUnavailableError(\n        \"UsernamePasswordCredential: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n      );\n    }\n\n    if (!username) {\n      throw new CredentialUnavailableError(\n        \"UsernamePasswordCredential: username is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n      );\n    }\n\n    if (!password) {\n      throw new CredentialUnavailableError(\n        \"UsernamePasswordCredential: password is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n      );\n    }\n\n    this.tenantId = tenantId;\n    this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n      options?.additionallyAllowedTenants,\n    );\n\n    this.username = username;\n    this.password = password;\n\n    this.msalClient = createMsalClient(clientId, this.tenantId, {\n      ...options,\n      tokenCredentialOptions: options ?? {},\n    });\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the user provided the option `disableAutomaticAuthentication`,\n   * once the token can't be retrieved silently,\n   * this method won't attempt to request user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return tracingClient.withSpan(\n      `${this.constructor.name}.getToken`,\n      options,\n      async (newOptions) => {\n        newOptions.tenantId = processMultiTenantRequest(\n          this.tenantId,\n          newOptions,\n          this.additionallyAllowedTenantIds,\n          logger,\n        );\n\n        const arrayScopes = ensureScopes(scopes);\n        return this.msalClient.getTokenByUsernamePassword(\n          arrayScopes,\n          this.username,\n          this.password,\n          newOptions,\n        );\n      },\n    );\n  }\n}\n"]}

package/dist/workerd/credentials/usernamePasswordCredentialOptions.d.ts

@@ -0,0 +1,10 @@
+import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
+import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
+/**
+ * Defines options for the {@link UsernamePasswordCredential} class.
+ * @deprecated UsernamePasswordCredential is deprecated. Use a more secure credential. See https://aka.ms/azsdk/identity/mfa for details.
+ */
+export interface UsernamePasswordCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
+}
+//# sourceMappingURL=usernamePasswordCredentialOptions.d.ts.map

package/dist/workerd/credentials/usernamePasswordCredentialOptions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"usernamePasswordCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;;GAGG;AACH,MAAM,WAAW,iCACf,SAAQ,iCAAiC,EACvC,4BAA4B,EAC5B,0BAA0B;CAAG"}

package/dist/workerd/credentials/usernamePasswordCredentialOptions.js

@@ -0,0 +1,4 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+export {};
+//# sourceMappingURL=usernamePasswordCredentialOptions.js.map

package/dist/workerd/credentials/usernamePasswordCredentialOptions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"usernamePasswordCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Defines options for the {@link UsernamePasswordCredential} class.\n * @deprecated UsernamePasswordCredential is deprecated. Use a more secure credential. See https://aka.ms/azsdk/identity/mfa for details.\n */\nexport interface UsernamePasswordCredentialOptions\n  extends MultiTenantTokenCredentialOptions,\n    CredentialPersistenceOptions,\n    AuthorityValidationOptions {}\n"]}

package/dist/workerd/credentials/visualStudioCodeCredential.d.ts

@@ -0,0 +1,66 @@
+import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
+import type { VisualStudioCodeCredentialOptions } from "./visualStudioCodeCredentialOptions.js";
+import type { VSCodeCredentialFinder } from "./visualStudioCodeCredentialPlugin.js";
+export declare const vsCodeCredentialControl: {
+    setVsCodeCredentialFinder(finder: VSCodeCredentialFinder): void;
+};
+/**
+ * Attempts to load a specific property from the VSCode configurations of the current OS.
+ * If it fails at any point, returns undefined.
+ */
+export declare function getPropertyFromVSCode(property: string): string | undefined;
+/**
+ * Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.
+ * Once the user has logged in via the extension, this credential can share the same refresh token
+ * that is cached by the extension.
+ *
+ * It's a [known issue](https://github.com/Azure/azure-sdk-for-js/issues/20500) that this credential doesn't
+ * work with [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account)
+ * versions newer than **0.9.11**. A long-term fix to this problem is in progress. In the meantime, consider
+ * authenticating with {@link AzureCliCredential}.
+ *
+ * @deprecated This credential is deprecated because the VS Code Azure Account extension on which this credential
+ * relies has been deprecated. Users should use other dev-time credentials, such as {@link AzureCliCredential},
+ * {@link AzureDeveloperCliCredential}, or {@link AzurePowerShellCredential} for their
+ * local development needs. See Azure Account extension deprecation notice [here](https://github.com/microsoft/vscode-azure-account/issues/964).
+ *
+ */
+export declare class VisualStudioCodeCredential implements TokenCredential {
+    private identityClient;
+    private tenantId;
+    private additionallyAllowedTenantIds;
+    private cloudName;
+    /**
+     * Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.
+     *
+     * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:
+     * `@azure/identity-vscode`. If this package is not installed and registered
+     * using the plugin API (`useIdentityPlugin`), then authentication using
+     * `VisualStudioCodeCredential` will not be available.
+     *
+     * @param options - Options for configuring the client which makes the authentication request.
+     */
+    constructor(options?: VisualStudioCodeCredentialOptions);
+    /**
+     * Runs preparations for any further getToken request.
+     */
+    private prepare;
+    /**
+     * The promise of the single preparation that will be executed at the first getToken request for an instance of this class.
+     */
+    private preparePromise;
+    /**
+     * Runs preparations for any further getToken, but only once.
+     */
+    private prepareOnce;
+    /**
+     * Returns the token found by searching VSCode's authentication cache or
+     * returns null if no token could be found.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                `TokenCredential` implementation might make.
+     */
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
+}
+//# sourceMappingURL=visualStudioCodeCredential.d.ts.map

package/dist/workerd/credentials/visualStudioCodeCredential.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"visualStudioCodeCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAStF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAChG,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,uCAAuC,CAAC;AAYpF,eAAO,MAAM,uBAAuB;sCACA,sBAAsB,GAAG,IAAI;CAGhE,CAAC;AAwBF;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CA6B1E;AAED;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,0BAA2B,YAAW,eAAe;IAChE,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,SAAS,CAAmB;IAEpC;;;;;;;;;OASG;gBACS,OAAO,CAAC,EAAE,iCAAiC;IA2BvD;;OAEG;YACW,OAAO;IASrB;;OAEG;IACH,OAAO,CAAC,cAAc,CAA4B;IAElD;;OAEG;IACH,OAAO,CAAC,WAAW;IAOnB;;;;;;;OAOG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC;CA6ExB"}

package/dist/workerd/credentials/visualStudioCodeCredential.js

@@ -0,0 +1,196 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+import { credentialLogger, formatError, formatSuccess } from "../util/logging.js";
+import { processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, } from "../util/tenantIdUtils.js";
+import { AzureAuthorityHosts } from "../constants.js";
+import { CredentialUnavailableError } from "../errors.js";
+import { IdentityClient } from "../client/identityClient.js";
+import { checkTenantId } from "../util/tenantIdUtils.js";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+const CommonTenantId = "common";
+const AzureAccountClientId = "aebc6443-996d-45c2-90f0-388ff96faa56"; // VSC: 'aebc6443-996d-45c2-90f0-388ff96faa56'
+const logger = credentialLogger("VisualStudioCodeCredential");
+let findCredentials = undefined;
+export const vsCodeCredentialControl = {
+    setVsCodeCredentialFinder(finder) {
+        findCredentials = finder;
+    },
+};
+// Map of unsupported Tenant IDs and the errors we will be throwing.
+const unsupportedTenantIds = {
+    adfs: "The VisualStudioCodeCredential does not support authentication with ADFS tenants.",
+};
+function checkUnsupportedTenant(tenantId) {
+    // If the Tenant ID isn't supported, we throw.
+    const unsupportedTenantError = unsupportedTenantIds[tenantId];
+    if (unsupportedTenantError) {
+        throw new CredentialUnavailableError(unsupportedTenantError);
+    }
+}
+const mapVSCodeAuthorityHosts = {
+    AzureCloud: AzureAuthorityHosts.AzurePublicCloud,
+    AzureChina: AzureAuthorityHosts.AzureChina,
+    AzureGermanCloud: AzureAuthorityHosts.AzureGermany,
+    AzureUSGovernment: AzureAuthorityHosts.AzureGovernment,
+};
+/**
+ * Attempts to load a specific property from the VSCode configurations of the current OS.
+ * If it fails at any point, returns undefined.
+ */
+export function getPropertyFromVSCode(property) {
+    const settingsPath = ["User", "settings.json"];
+    // Eventually we can add more folders for more versions of VSCode.
+    const vsCodeFolder = "Code";
+    const homedir = os.homedir();
+    function loadProperty(...pathSegments) {
+        const fullPath = path.join(...pathSegments, vsCodeFolder, ...settingsPath);
+        const settings = JSON.parse(fs.readFileSync(fullPath, { encoding: "utf8" }));
+        return settings[property];
+    }
+    try {
+        let appData;
+        switch (process.platform) {
+            case "win32":
+                appData = process.env.APPDATA;
+                return appData ? loadProperty(appData) : undefined;
+            case "darwin":
+                return loadProperty(homedir, "Library", "Application Support");
+            case "linux":
+                return loadProperty(homedir, ".config");
+            default:
+                return;
+        }
+    }
+    catch (e) {
+        logger.info(`Failed to load the Visual Studio Code configuration file. Error: ${e.message}`);
+        return;
+    }
+}
+/**
+ * Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.
+ * Once the user has logged in via the extension, this credential can share the same refresh token
+ * that is cached by the extension.
+ *
+ * It's a [known issue](https://github.com/Azure/azure-sdk-for-js/issues/20500) that this credential doesn't
+ * work with [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account)
+ * versions newer than **0.9.11**. A long-term fix to this problem is in progress. In the meantime, consider
+ * authenticating with {@link AzureCliCredential}.
+ *
+ * @deprecated This credential is deprecated because the VS Code Azure Account extension on which this credential
+ * relies has been deprecated. Users should use other dev-time credentials, such as {@link AzureCliCredential},
+ * {@link AzureDeveloperCliCredential}, or {@link AzurePowerShellCredential} for their
+ * local development needs. See Azure Account extension deprecation notice [here](https://github.com/microsoft/vscode-azure-account/issues/964).
+ *
+ */
+export class VisualStudioCodeCredential {
+    /**
+     * Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.
+     *
+     * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:
+     * `@azure/identity-vscode`. If this package is not installed and registered
+     * using the plugin API (`useIdentityPlugin`), then authentication using
+     * `VisualStudioCodeCredential` will not be available.
+     *
+     * @param options - Options for configuring the client which makes the authentication request.
+     */
+    constructor(options) {
+        // We want to make sure we use the one assigned by the user on the VSCode settings.
+        // Or just `AzureCloud` by default.
+        this.cloudName = (getPropertyFromVSCode("azure.cloud") || "AzureCloud");
+        // Picking an authority host based on the cloud name.
+        const authorityHost = mapVSCodeAuthorityHosts[this.cloudName];
+        this.identityClient = new IdentityClient(Object.assign({ authorityHost }, options));
+        if (options && options.tenantId) {
+            checkTenantId(logger, options.tenantId);
+            this.tenantId = options.tenantId;
+        }
+        else {
+            this.tenantId = CommonTenantId;
+        }
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
+        checkUnsupportedTenant(this.tenantId);
+    }
+    /**
+     * Runs preparations for any further getToken request.
+     */
+    async prepare() {
+        // Attempts to load the tenant from the VSCode configuration file.
+        const settingsTenant = getPropertyFromVSCode("azure.tenant");
+        if (settingsTenant) {
+            this.tenantId = settingsTenant;
+        }
+        checkUnsupportedTenant(this.tenantId);
+    }
+    /**
+     * Runs preparations for any further getToken, but only once.
+     */
+    prepareOnce() {
+        if (!this.preparePromise) {
+            this.preparePromise = this.prepare();
+        }
+        return this.preparePromise;
+    }
+    /**
+     * Returns the token found by searching VSCode's authentication cache or
+     * returns null if no token could be found.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                `TokenCredential` implementation might make.
+     */
+    async getToken(scopes, options) {
+        var _a, _b;
+        await this.prepareOnce();
+        const tenantId = processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds, logger) || this.tenantId;
+        if (findCredentials === undefined) {
+            throw new CredentialUnavailableError([
+                "No implementation of `VisualStudioCodeCredential` is available.",
+                "You must install the identity-vscode plugin package (`npm install --save-dev @azure/identity-vscode`)",
+                "and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling",
+                "`useIdentityPlugin(vsCodePlugin)` before creating a `VisualStudioCodeCredential`.",
+                "To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.",
+            ].join(" "));
+        }
+        let scopeString = typeof scopes === "string" ? scopes : scopes.join(" ");
+        // Check to make sure the scope we get back is a valid scope
+        if (!scopeString.match(/^[0-9a-zA-Z-.:/]+$/)) {
+            const error = new Error("Invalid scope was specified by the user or calling client");
+            logger.getToken.info(formatError(scopes, error));
+            throw error;
+        }
+        if (scopeString.indexOf("offline_access") < 0) {
+            scopeString += " offline_access";
+        }
+        // findCredentials returns an array similar to:
+        // [
+        //   {
+        //     account: "",
+        //     password: "",
+        //   },
+        //   /* ... */
+        // ]
+        const credentials = await findCredentials();
+        // If we can't find the credential based on the name, we'll pick the first one available.
+        const { password: refreshToken } = (_b = (_a = credentials.find(({ account }) => account === this.cloudName)) !== null && _a !== void 0 ? _a : credentials[0]) !== null && _b !== void 0 ? _b : {};
+        if (refreshToken) {
+            const tokenResponse = await this.identityClient.refreshAccessToken(tenantId, AzureAccountClientId, scopeString, refreshToken, undefined);
+            if (tokenResponse) {
+                logger.getToken.info(formatSuccess(scopes));
+                return tokenResponse.accessToken;
+            }
+            else {
+                const error = new CredentialUnavailableError("Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.");
+                logger.getToken.info(formatError(scopes, error));
+                throw error;
+            }
+        }
+        else {
+            const error = new CredentialUnavailableError("Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.");
+            logger.getToken.info(formatError(scopes, error));
+            throw error;
+        }
+    }
+}
+//# sourceMappingURL=visualStudioCodeCredential.js.map

package/dist/workerd/credentials/visualStudioCodeCredential.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"visualStudioCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAClF,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAG7D,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,MAAM,cAAc,GAAG,QAAQ,CAAC;AAChC,MAAM,oBAAoB,GAAG,sCAAsC,CAAC,CAAC,8CAA8C;AACnH,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D,IAAI,eAAe,GAAuC,SAAS,CAAC;AAEpE,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,yBAAyB,CAAC,MAA8B;QACtD,eAAe,GAAG,MAAM,CAAC;IAC3B,CAAC;CACF,CAAC;AAEF,oEAAoE;AACpE,MAAM,oBAAoB,GAA2B;IACnD,IAAI,EAAE,mFAAmF;CAC1F,CAAC;AAEF,SAAS,sBAAsB,CAAC,QAAgB;IAC9C,8CAA8C;IAC9C,MAAM,sBAAsB,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAC9D,IAAI,sBAAsB,EAAE,CAAC;QAC3B,MAAM,IAAI,0BAA0B,CAAC,sBAAsB,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC;AAID,MAAM,uBAAuB,GAAqC;IAChE,UAAU,EAAE,mBAAmB,CAAC,gBAAgB;IAChD,UAAU,EAAE,mBAAmB,CAAC,UAAU;IAC1C,gBAAgB,EAAE,mBAAmB,CAAC,YAAY;IAClD,iBAAiB,EAAE,mBAAmB,CAAC,eAAe;CACvD,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAgB;IACpD,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAC/C,kEAAkE;IAClE,MAAM,YAAY,GAAG,MAAM,CAAC;IAC5B,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAE7B,SAAS,YAAY,CAAC,GAAG,YAAsB;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,YAAY,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC,CAAC;QAC3E,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7E,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,IAAI,CAAC;QACH,IAAI,OAAe,CAAC;QACpB,QAAQ,OAAO,CAAC,QAAQ,EAAE,CAAC;YACzB,KAAK,OAAO;gBACV,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAQ,CAAC;gBAC/B,OAAO,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACrD,KAAK,QAAQ;gBACX,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC;YACjE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC1C;gBACE,OAAO;QACX,CAAC;IACH,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,MAAM,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7F,OAAO;IACT,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,OAAO,0BAA0B;IAMrC;;;;;;;;;OASG;IACH,YAAY,OAA2C;QACrD,mFAAmF;QACnF,mCAAmC;QACnC,IAAI,CAAC,SAAS,GAAG,CAAC,qBAAqB,CAAC,aAAa,CAAC,IAAI,YAAY,CAAqB,CAAC;QAE5F,qDAAqD;QACrD,MAAM,aAAa,GAAG,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE9D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iBACtC,aAAa,IACV,OAAO,EACV,CAAC;QAEH,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YAChC,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YACxC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACnC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;QACjC,CAAC;QAED,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,OAAO;QACnB,kEAAkE;QAClE,MAAM,cAAc,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;QAC7D,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;QACjC,CAAC;QACD,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAOD;;OAEG;IACK,WAAW;QACjB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QACvC,CAAC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;QAEzB,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAEzB,MAAM,QAAQ,GACZ,yBAAyB,CACvB,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,IAAI,IAAI,CAAC,QAAQ,CAAC;QAErB,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;YAClC,MAAM,IAAI,0BAA0B,CAClC;gBACE,iEAAiE;gBACjE,uGAAuG;gBACvG,mFAAmF;gBACnF,mFAAmF;gBACnF,wFAAwF;aACzF,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QAED,IAAI,WAAW,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzE,4DAA4D;QAC5D,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC7C,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;YACrF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC;QACd,CAAC;QAED,IAAI,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9C,WAAW,IAAI,iBAAiB,CAAC;QACnC,CAAC;QAED,+CAA+C;QAC/C,IAAI;QACJ,MAAM;QACN,mBAAmB;QACnB,oBAAoB;QACpB,OAAO;QACP,cAAc;QACd,IAAI;QACJ,MAAM,WAAW,GAAG,MAAM,eAAe,EAAE,CAAC;QAE5C,yFAAyF;QACzF,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAC9B,MAAA,MAAA,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,OAAO,KAAK,IAAI,CAAC,SAAS,CAAC,mCAAI,WAAW,CAAC,CAAC,CAAC,mCAAI,EAAE,CAAC;QAExF,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAChE,QAAQ,EACR,oBAAoB,EACpB,WAAW,EACX,YAAY,EACZ,SAAS,CACV,CAAC;YAEF,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,aAAa,CAAC,WAAW,CAAC;YACnC,CAAC;iBAAM,CAAC;gBACN,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,0NAA0N,CAC3N,CAAC;gBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,8MAA8M,CAC/M,CAAC;YACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging.js\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport { AzureAuthorityHosts } from \"../constants.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport { IdentityClient } from \"../client/identityClient.js\";\nimport type { VisualStudioCodeCredentialOptions } from \"./visualStudioCodeCredentialOptions.js\";\nimport type { VSCodeCredentialFinder } from \"./visualStudioCodeCredentialPlugin.js\";\nimport { checkTenantId } from \"../util/tenantIdUtils.js\";\nimport fs from \"node:fs\";\nimport os from \"node:os\";\nimport path from \"node:path\";\n\nconst CommonTenantId = \"common\";\nconst AzureAccountClientId = \"aebc6443-996d-45c2-90f0-388ff96faa56\"; // VSC: 'aebc6443-996d-45c2-90f0-388ff96faa56'\nconst logger = credentialLogger(\"VisualStudioCodeCredential\");\n\nlet findCredentials: VSCodeCredentialFinder | undefined = undefined;\n\nexport const vsCodeCredentialControl = {\n  setVsCodeCredentialFinder(finder: VSCodeCredentialFinder): void {\n    findCredentials = finder;\n  },\n};\n\n// Map of unsupported Tenant IDs and the errors we will be throwing.\nconst unsupportedTenantIds: Record<string, string> = {\n  adfs: \"The VisualStudioCodeCredential does not support authentication with ADFS tenants.\",\n};\n\nfunction checkUnsupportedTenant(tenantId: string): void {\n  // If the Tenant ID isn't supported, we throw.\n  const unsupportedTenantError = unsupportedTenantIds[tenantId];\n  if (unsupportedTenantError) {\n    throw new CredentialUnavailableError(unsupportedTenantError);\n  }\n}\n\ntype VSCodeCloudNames = \"AzureCloud\" | \"AzureChina\" | \"AzureGermanCloud\" | \"AzureUSGovernment\";\n\nconst mapVSCodeAuthorityHosts: Record<VSCodeCloudNames, string> = {\n  AzureCloud: AzureAuthorityHosts.AzurePublicCloud,\n  AzureChina: AzureAuthorityHosts.AzureChina,\n  AzureGermanCloud: AzureAuthorityHosts.AzureGermany,\n  AzureUSGovernment: AzureAuthorityHosts.AzureGovernment,\n};\n\n/**\n * Attempts to load a specific property from the VSCode configurations of the current OS.\n * If it fails at any point, returns undefined.\n */\nexport function getPropertyFromVSCode(property: string): string | undefined {\n  const settingsPath = [\"User\", \"settings.json\"];\n  // Eventually we can add more folders for more versions of VSCode.\n  const vsCodeFolder = \"Code\";\n  const homedir = os.homedir();\n\n  function loadProperty(...pathSegments: string[]): string | undefined {\n    const fullPath = path.join(...pathSegments, vsCodeFolder, ...settingsPath);\n    const settings = JSON.parse(fs.readFileSync(fullPath, { encoding: \"utf8\" }));\n    return settings[property];\n  }\n\n  try {\n    let appData: string;\n    switch (process.platform) {\n      case \"win32\":\n        appData = process.env.APPDATA!;\n        return appData ? loadProperty(appData) : undefined;\n      case \"darwin\":\n        return loadProperty(homedir, \"Library\", \"Application Support\");\n      case \"linux\":\n        return loadProperty(homedir, \".config\");\n      default:\n        return;\n    }\n  } catch (e: any) {\n    logger.info(`Failed to load the Visual Studio Code configuration file. Error: ${e.message}`);\n    return;\n  }\n}\n\n/**\n * Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.\n * Once the user has logged in via the extension, this credential can share the same refresh token\n * that is cached by the extension.\n *\n * It's a [known issue](https://github.com/Azure/azure-sdk-for-js/issues/20500) that this credential doesn't\n * work with [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account)\n * versions newer than **0.9.11**. A long-term fix to this problem is in progress. In the meantime, consider\n * authenticating with {@link AzureCliCredential}.\n *\n * @deprecated This credential is deprecated because the VS Code Azure Account extension on which this credential\n * relies has been deprecated. Users should use other dev-time credentials, such as {@link AzureCliCredential},\n * {@link AzureDeveloperCliCredential}, or {@link AzurePowerShellCredential} for their\n * local development needs. See Azure Account extension deprecation notice [here](https://github.com/microsoft/vscode-azure-account/issues/964).\n *\n */\nexport class VisualStudioCodeCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private tenantId: string;\n  private additionallyAllowedTenantIds: string[];\n  private cloudName: VSCodeCloudNames;\n\n  /**\n   * Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.\n   *\n   * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:\n   * `@azure/identity-vscode`. If this package is not installed and registered\n   * using the plugin API (`useIdentityPlugin`), then authentication using\n   * `VisualStudioCodeCredential` will not be available.\n   *\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(options?: VisualStudioCodeCredentialOptions) {\n    // We want to make sure we use the one assigned by the user on the VSCode settings.\n    // Or just `AzureCloud` by default.\n    this.cloudName = (getPropertyFromVSCode(\"azure.cloud\") || \"AzureCloud\") as VSCodeCloudNames;\n\n    // Picking an authority host based on the cloud name.\n    const authorityHost = mapVSCodeAuthorityHosts[this.cloudName];\n\n    this.identityClient = new IdentityClient({\n      authorityHost,\n      ...options,\n    });\n\n    if (options && options.tenantId) {\n      checkTenantId(logger, options.tenantId);\n      this.tenantId = options.tenantId;\n    } else {\n      this.tenantId = CommonTenantId;\n    }\n\n    this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n      options?.additionallyAllowedTenants,\n    );\n\n    checkUnsupportedTenant(this.tenantId);\n  }\n\n  /**\n   * Runs preparations for any further getToken request.\n   */\n  private async prepare(): Promise<void> {\n    // Attempts to load the tenant from the VSCode configuration file.\n    const settingsTenant = getPropertyFromVSCode(\"azure.tenant\");\n    if (settingsTenant) {\n      this.tenantId = settingsTenant;\n    }\n    checkUnsupportedTenant(this.tenantId);\n  }\n\n  /**\n   * The promise of the single preparation that will be executed at the first getToken request for an instance of this class.\n   */\n  private preparePromise: Promise<void> | undefined;\n\n  /**\n   * Runs preparations for any further getToken, but only once.\n   */\n  private prepareOnce(): Promise<void> | undefined {\n    if (!this.preparePromise) {\n      this.preparePromise = this.prepare();\n    }\n    return this.preparePromise;\n  }\n\n  /**\n   * Returns the token found by searching VSCode's authentication cache or\n   * returns null if no token could be found.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                `TokenCredential` implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions,\n  ): Promise<AccessToken> {\n    await this.prepareOnce();\n\n    const tenantId =\n      processMultiTenantRequest(\n        this.tenantId,\n        options,\n        this.additionallyAllowedTenantIds,\n        logger,\n      ) || this.tenantId;\n\n    if (findCredentials === undefined) {\n      throw new CredentialUnavailableError(\n        [\n          \"No implementation of `VisualStudioCodeCredential` is available.\",\n          \"You must install the identity-vscode plugin package (`npm install --save-dev @azure/identity-vscode`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(vsCodePlugin)` before creating a `VisualStudioCodeCredential`.\",\n          \"To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.\",\n        ].join(\" \"),\n      );\n    }\n\n    let scopeString = typeof scopes === \"string\" ? scopes : scopes.join(\" \");\n\n    // Check to make sure the scope we get back is a valid scope\n    if (!scopeString.match(/^[0-9a-zA-Z-.:/]+$/)) {\n      const error = new Error(\"Invalid scope was specified by the user or calling client\");\n      logger.getToken.info(formatError(scopes, error));\n      throw error;\n    }\n\n    if (scopeString.indexOf(\"offline_access\") < 0) {\n      scopeString += \" offline_access\";\n    }\n\n    // findCredentials returns an array similar to:\n    // [\n    //   {\n    //     account: \"\",\n    //     password: \"\",\n    //   },\n    //   /* ... */\n    // ]\n    const credentials = await findCredentials();\n\n    // If we can't find the credential based on the name, we'll pick the first one available.\n    const { password: refreshToken } =\n      credentials.find(({ account }) => account === this.cloudName) ?? credentials[0] ?? {};\n\n    if (refreshToken) {\n      const tokenResponse = await this.identityClient.refreshAccessToken(\n        tenantId,\n        AzureAccountClientId,\n        scopeString,\n        refreshToken,\n        undefined,\n      );\n\n      if (tokenResponse) {\n        logger.getToken.info(formatSuccess(scopes));\n        return tokenResponse.accessToken;\n      } else {\n        const error = new CredentialUnavailableError(\n          \"Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.\",\n        );\n        logger.getToken.info(formatError(scopes, error));\n        throw error;\n      }\n    } else {\n      const error = new CredentialUnavailableError(\n        \"Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.\",\n      );\n      logger.getToken.info(formatError(scopes, error));\n      throw error;\n    }\n  }\n}\n"]}

package/dist/workerd/credentials/visualStudioCodeCredentialOptions.d.ts

@@ -0,0 +1,16 @@
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
+/**
+ * Provides options to configure the Visual Studio Code credential.
+ *
+ * @deprecated This credential is deprecated because the VS Code Azure Account extension on which this credential
+ * relies has been deprecated. Users should use other dev-time credentials, such as {@link AzureCliCredential},
+ * {@link AzureDeveloperCliCredential}, or {@link AzurePowerShellCredential} for their
+ * local development needs. See Azure Account extension deprecation notice [here](https://github.com/microsoft/vscode-azure-account/issues/964).
+ */
+export interface VisualStudioCodeCredentialOptions extends MultiTenantTokenCredentialOptions {
+    /**
+     * Optionally pass in a Tenant ID to be used as part of the credential
+     */
+    tenantId?: string;
+}
+//# sourceMappingURL=visualStudioCodeCredentialOptions.d.ts.map

package/dist/workerd/credentials/visualStudioCodeCredentialOptions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"visualStudioCodeCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;;;;;;GAOG;AACH,MAAM,WAAW,iCAAkC,SAAQ,iCAAiC;IAC1F;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB"}

package/dist/workerd/credentials/visualStudioCodeCredentialOptions.js

@@ -0,0 +1,4 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+export {};
+//# sourceMappingURL=visualStudioCodeCredentialOptions.js.map

package/dist/workerd/credentials/visualStudioCodeCredentialOptions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"visualStudioCodeCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Provides options to configure the Visual Studio Code credential.\n *\n * @deprecated This credential is deprecated because the VS Code Azure Account extension on which this credential\n * relies has been deprecated. Users should use other dev-time credentials, such as {@link AzureCliCredential},\n * {@link AzureDeveloperCliCredential}, or {@link AzurePowerShellCredential} for their\n * local development needs. See Azure Account extension deprecation notice [here](https://github.com/microsoft/vscode-azure-account/issues/964).\n */\nexport interface VisualStudioCodeCredentialOptions extends MultiTenantTokenCredentialOptions {\n  /**\n   * Optionally pass in a Tenant ID to be used as part of the credential\n   */\n  tenantId?: string;\n}\n"]}

package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.d.ts

@@ -0,0 +1,16 @@
+/**
+ * A function that searches for credentials in the Visual Studio Code credential store.
+ *
+ * @returns an array of credentials (username and password)
+ * @internal
+ *
+ * @deprecated This credential is deprecated because the VS Code Azure Account extension on which this credential
+ * relies has been deprecated. Users should use other dev-time credentials, such as {@link AzureCliCredential},
+ * {@link AzureDeveloperCliCredential}, or {@link AzurePowerShellCredential} for their
+ * local development needs. See Azure Account extension deprecation notice [here](https://github.com/microsoft/vscode-azure-account/issues/964).
+ */
+export type VSCodeCredentialFinder = () => Promise<Array<{
+    account: string;
+    password: string;
+}>>;
+//# sourceMappingURL=visualStudioCodeCredentialPlugin.d.ts.map

package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"visualStudioCodeCredentialPlugin.d.ts","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialPlugin.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;GAUG;AACH,MAAM,MAAM,sBAAsB,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAAC"}

package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.js

@@ -0,0 +1,4 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+export {};
+//# sourceMappingURL=visualStudioCodeCredentialPlugin.js.map

package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"visualStudioCodeCredentialPlugin.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialPlugin.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * A function that searches for credentials in the Visual Studio Code credential store.\n *\n * @returns an array of credentials (username and password)\n * @internal\n *\n * @deprecated This credential is deprecated because the VS Code Azure Account extension on which this credential\n * relies has been deprecated. Users should use other dev-time credentials, such as {@link AzureCliCredential},\n * {@link AzureDeveloperCliCredential}, or {@link AzurePowerShellCredential} for their\n * local development needs. See Azure Account extension deprecation notice [here](https://github.com/microsoft/vscode-azure-account/issues/964).\n */\nexport type VSCodeCredentialFinder = () => Promise<Array<{ account: string; password: string }>>;\n"]}

package/dist/workerd/credentials/workloadIdentityCredential.d.ts

@@ -0,0 +1,47 @@
+import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
+import type { WorkloadIdentityCredentialOptions } from "./workloadIdentityCredentialOptions.js";
+/**
+ * Contains the list of all supported environment variable names so that an
+ * appropriate error message can be generated when no credentials can be
+ * configured.
+ *
+ * @internal
+ */
+export declare const SupportedWorkloadEnvironmentVariables: string[];
+/**
+ * Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)
+ * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity
+ * authentication, applications authenticate themselves using their own identity, rather than using a shared service
+ * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account
+ * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload
+ * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for
+ * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't
+ * need to worry about storing and securing sensitive credentials themselves.
+ * The WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Azure Kubernetes and acquires
+ * a token using the SACs available in the Azure Kubernetes environment.
+ * Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Microsoft Entra
+ * Workload ID</a> for more information.
+ */
+export declare class WorkloadIdentityCredential implements TokenCredential {
+    private client;
+    private azureFederatedTokenFileContent;
+    private cacheDate;
+    private federatedTokenFilePath;
+    /**
+     * WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.
+     *
+     * @param options - The identity client options to use for authentication.
+     */
+    constructor(options?: WorkloadIdentityCredentialOptions);
+    /**
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                TokenCredential implementation might make.
+     */
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
+    private readFileContents;
+}
+//# sourceMappingURL=workloadIdentityCredential.d.ts.map

package/dist/workerd/credentials/workloadIdentityCredential.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"workloadIdentityCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAKtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAKhG;;;;;;GAMG;AACH,eAAO,MAAM,qCAAqC,UAIjD,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,qBAAa,0BAA2B,YAAW,eAAe;IAChE,OAAO,CAAC,MAAM,CAAwC;IACtD,OAAO,CAAC,8BAA8B,CAAiC;IACvE,OAAO,CAAC,SAAS,CAAiC;IAClD,OAAO,CAAC,sBAAsB,CAAqB;IAEnD;;;;OAIG;gBACS,OAAO,CAAC,EAAE,iCAAiC;IA6CvD;;;;;;;OAOG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;YAchB,gBAAgB;CAwB/B"}