@azure/identity 4.8.1-alpha.20250410.1 → 4.9.0

package/dist/workerd/regionalAuthority.js

@@ -0,0 +1,140 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+/**
+ * Helps specify a regional authority, or "AutoDiscoverRegion" to auto-detect the region.
+ */
+export var RegionalAuthority;
+(function (RegionalAuthority) {
+    /** Instructs MSAL to attempt to discover the region */
+    RegionalAuthority["AutoDiscoverRegion"] = "AutoDiscoverRegion";
+    /** Uses the {@link RegionalAuthority} for the Azure 'westus' region. */
+    RegionalAuthority["USWest"] = "westus";
+    /** Uses the {@link RegionalAuthority} for the Azure 'westus2' region. */
+    RegionalAuthority["USWest2"] = "westus2";
+    /** Uses the {@link RegionalAuthority} for the Azure 'centralus' region. */
+    RegionalAuthority["USCentral"] = "centralus";
+    /** Uses the {@link RegionalAuthority} for the Azure 'eastus' region. */
+    RegionalAuthority["USEast"] = "eastus";
+    /** Uses the {@link RegionalAuthority} for the Azure 'eastus2' region. */
+    RegionalAuthority["USEast2"] = "eastus2";
+    /** Uses the {@link RegionalAuthority} for the Azure 'northcentralus' region. */
+    RegionalAuthority["USNorthCentral"] = "northcentralus";
+    /** Uses the {@link RegionalAuthority} for the Azure 'southcentralus' region. */
+    RegionalAuthority["USSouthCentral"] = "southcentralus";
+    /** Uses the {@link RegionalAuthority} for the Azure 'westcentralus' region. */
+    RegionalAuthority["USWestCentral"] = "westcentralus";
+    /** Uses the {@link RegionalAuthority} for the Azure 'canadacentral' region. */
+    RegionalAuthority["CanadaCentral"] = "canadacentral";
+    /** Uses the {@link RegionalAuthority} for the Azure 'canadaeast' region. */
+    RegionalAuthority["CanadaEast"] = "canadaeast";
+    /** Uses the {@link RegionalAuthority} for the Azure 'brazilsouth' region. */
+    RegionalAuthority["BrazilSouth"] = "brazilsouth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'northeurope' region. */
+    RegionalAuthority["EuropeNorth"] = "northeurope";
+    /** Uses the {@link RegionalAuthority} for the Azure 'westeurope' region. */
+    RegionalAuthority["EuropeWest"] = "westeurope";
+    /** Uses the {@link RegionalAuthority} for the Azure 'uksouth' region. */
+    RegionalAuthority["UKSouth"] = "uksouth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'ukwest' region. */
+    RegionalAuthority["UKWest"] = "ukwest";
+    /** Uses the {@link RegionalAuthority} for the Azure 'francecentral' region. */
+    RegionalAuthority["FranceCentral"] = "francecentral";
+    /** Uses the {@link RegionalAuthority} for the Azure 'francesouth' region. */
+    RegionalAuthority["FranceSouth"] = "francesouth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'switzerlandnorth' region. */
+    RegionalAuthority["SwitzerlandNorth"] = "switzerlandnorth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'switzerlandwest' region. */
+    RegionalAuthority["SwitzerlandWest"] = "switzerlandwest";
+    /** Uses the {@link RegionalAuthority} for the Azure 'germanynorth' region. */
+    RegionalAuthority["GermanyNorth"] = "germanynorth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'germanywestcentral' region. */
+    RegionalAuthority["GermanyWestCentral"] = "germanywestcentral";
+    /** Uses the {@link RegionalAuthority} for the Azure 'norwaywest' region. */
+    RegionalAuthority["NorwayWest"] = "norwaywest";
+    /** Uses the {@link RegionalAuthority} for the Azure 'norwayeast' region. */
+    RegionalAuthority["NorwayEast"] = "norwayeast";
+    /** Uses the {@link RegionalAuthority} for the Azure 'eastasia' region. */
+    RegionalAuthority["AsiaEast"] = "eastasia";
+    /** Uses the {@link RegionalAuthority} for the Azure 'southeastasia' region. */
+    RegionalAuthority["AsiaSouthEast"] = "southeastasia";
+    /** Uses the {@link RegionalAuthority} for the Azure 'japaneast' region. */
+    RegionalAuthority["JapanEast"] = "japaneast";
+    /** Uses the {@link RegionalAuthority} for the Azure 'japanwest' region. */
+    RegionalAuthority["JapanWest"] = "japanwest";
+    /** Uses the {@link RegionalAuthority} for the Azure 'australiaeast' region. */
+    RegionalAuthority["AustraliaEast"] = "australiaeast";
+    /** Uses the {@link RegionalAuthority} for the Azure 'australiasoutheast' region. */
+    RegionalAuthority["AustraliaSouthEast"] = "australiasoutheast";
+    /** Uses the {@link RegionalAuthority} for the Azure 'australiacentral' region. */
+    RegionalAuthority["AustraliaCentral"] = "australiacentral";
+    /** Uses the {@link RegionalAuthority} for the Azure 'australiacentral2' region. */
+    RegionalAuthority["AustraliaCentral2"] = "australiacentral2";
+    /** Uses the {@link RegionalAuthority} for the Azure 'centralindia' region. */
+    RegionalAuthority["IndiaCentral"] = "centralindia";
+    /** Uses the {@link RegionalAuthority} for the Azure 'southindia' region. */
+    RegionalAuthority["IndiaSouth"] = "southindia";
+    /** Uses the {@link RegionalAuthority} for the Azure 'westindia' region. */
+    RegionalAuthority["IndiaWest"] = "westindia";
+    /** Uses the {@link RegionalAuthority} for the Azure 'koreasouth' region. */
+    RegionalAuthority["KoreaSouth"] = "koreasouth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'koreacentral' region. */
+    RegionalAuthority["KoreaCentral"] = "koreacentral";
+    /** Uses the {@link RegionalAuthority} for the Azure 'uaecentral' region. */
+    RegionalAuthority["UAECentral"] = "uaecentral";
+    /** Uses the {@link RegionalAuthority} for the Azure 'uaenorth' region. */
+    RegionalAuthority["UAENorth"] = "uaenorth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'southafricanorth' region. */
+    RegionalAuthority["SouthAfricaNorth"] = "southafricanorth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'southafricawest' region. */
+    RegionalAuthority["SouthAfricaWest"] = "southafricawest";
+    /** Uses the {@link RegionalAuthority} for the Azure 'chinanorth' region. */
+    RegionalAuthority["ChinaNorth"] = "chinanorth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'chinaeast' region. */
+    RegionalAuthority["ChinaEast"] = "chinaeast";
+    /** Uses the {@link RegionalAuthority} for the Azure 'chinanorth2' region. */
+    RegionalAuthority["ChinaNorth2"] = "chinanorth2";
+    /** Uses the {@link RegionalAuthority} for the Azure 'chinaeast2' region. */
+    RegionalAuthority["ChinaEast2"] = "chinaeast2";
+    /** Uses the {@link RegionalAuthority} for the Azure 'germanycentral' region. */
+    RegionalAuthority["GermanyCentral"] = "germanycentral";
+    /** Uses the {@link RegionalAuthority} for the Azure 'germanynortheast' region. */
+    RegionalAuthority["GermanyNorthEast"] = "germanynortheast";
+    /** Uses the {@link RegionalAuthority} for the Azure 'usgovvirginia' region. */
+    RegionalAuthority["GovernmentUSVirginia"] = "usgovvirginia";
+    /** Uses the {@link RegionalAuthority} for the Azure 'usgoviowa' region. */
+    RegionalAuthority["GovernmentUSIowa"] = "usgoviowa";
+    /** Uses the {@link RegionalAuthority} for the Azure 'usgovarizona' region. */
+    RegionalAuthority["GovernmentUSArizona"] = "usgovarizona";
+    /** Uses the {@link RegionalAuthority} for the Azure 'usgovtexas' region. */
+    RegionalAuthority["GovernmentUSTexas"] = "usgovtexas";
+    /** Uses the {@link RegionalAuthority} for the Azure 'usdodeast' region. */
+    RegionalAuthority["GovernmentUSDodEast"] = "usdodeast";
+    /** Uses the {@link RegionalAuthority} for the Azure 'usdodcentral' region. */
+    RegionalAuthority["GovernmentUSDodCentral"] = "usdodcentral";
+})(RegionalAuthority || (RegionalAuthority = {}));
+/**
+ * Calculates the correct regional authority based on the supplied value
+ * and the AZURE_REGIONAL_AUTHORITY_NAME environment variable.
+ *
+ * Values will be returned verbatim, except for {@link RegionalAuthority.AutoDiscoverRegion}
+ * which is mapped to a value MSAL can understand.
+ *
+ * @internal
+ */
+export function calculateRegionalAuthority(regionalAuthority) {
+    // Note: as of today only 3 credentials support regional authority, and the parameter
+    // is not exposed via the public API. Regional Authority is _only_ supported
+    // via the AZURE_REGIONAL_AUTHORITY_NAME env var and _only_ for: ClientSecretCredential, ClientCertificateCredential, and ClientAssertionCredential.
+    var _a, _b;
+    // Accepting the regionalAuthority parameter will allow us to support it in the future.
+    let azureRegion = regionalAuthority;
+    if (azureRegion === undefined &&
+        ((_b = (_a = globalThis.process) === null || _a === void 0 ? void 0 : _a.env) === null || _b === void 0 ? void 0 : _b.AZURE_REGIONAL_AUTHORITY_NAME) !== undefined) {
+        azureRegion = process.env.AZURE_REGIONAL_AUTHORITY_NAME;
+    }
+    if (azureRegion === RegionalAuthority.AutoDiscoverRegion) {
+        return "AUTO_DISCOVER";
+    }
+    return azureRegion;
+}
+//# sourceMappingURL=regionalAuthority.js.map

package/dist/workerd/regionalAuthority.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"regionalAuthority.js","sourceRoot":"","sources":["../../src/regionalAuthority.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;GAEG;AACH,MAAM,CAAN,IAAY,iBA2GX;AA3GD,WAAY,iBAAiB;IAC3B,uDAAuD;IACvD,8DAAyC,CAAA;IACzC,wEAAwE;IACxE,sCAAiB,CAAA;IACjB,yEAAyE;IACzE,wCAAmB,CAAA;IACnB,2EAA2E;IAC3E,4CAAuB,CAAA;IACvB,wEAAwE;IACxE,sCAAiB,CAAA;IACjB,yEAAyE;IACzE,wCAAmB,CAAA;IACnB,gFAAgF;IAChF,sDAAiC,CAAA;IACjC,gFAAgF;IAChF,sDAAiC,CAAA;IACjC,+EAA+E;IAC/E,oDAA+B,CAAA;IAC/B,+EAA+E;IAC/E,oDAA+B,CAAA;IAC/B,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,6EAA6E;IAC7E,gDAA2B,CAAA;IAC3B,6EAA6E;IAC7E,gDAA2B,CAAA;IAC3B,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,yEAAyE;IACzE,wCAAmB,CAAA;IACnB,wEAAwE;IACxE,sCAAiB,CAAA;IACjB,+EAA+E;IAC/E,oDAA+B,CAAA;IAC/B,6EAA6E;IAC7E,gDAA2B,CAAA;IAC3B,kFAAkF;IAClF,0DAAqC,CAAA;IACrC,iFAAiF;IACjF,wDAAmC,CAAA;IACnC,8EAA8E;IAC9E,kDAA6B,CAAA;IAC7B,oFAAoF;IACpF,8DAAyC,CAAA;IACzC,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,0EAA0E;IAC1E,0CAAqB,CAAA;IACrB,+EAA+E;IAC/E,oDAA+B,CAAA;IAC/B,2EAA2E;IAC3E,4CAAuB,CAAA;IACvB,2EAA2E;IAC3E,4CAAuB,CAAA;IACvB,+EAA+E;IAC/E,oDAA+B,CAAA;IAC/B,oFAAoF;IACpF,8DAAyC,CAAA;IACzC,kFAAkF;IAClF,0DAAqC,CAAA;IACrC,mFAAmF;IACnF,4DAAuC,CAAA;IACvC,8EAA8E;IAC9E,kDAA6B,CAAA;IAC7B,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,2EAA2E;IAC3E,4CAAuB,CAAA;IACvB,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,8EAA8E;IAC9E,kDAA6B,CAAA;IAC7B,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,0EAA0E;IAC1E,0CAAqB,CAAA;IACrB,kFAAkF;IAClF,0DAAqC,CAAA;IACrC,iFAAiF;IACjF,wDAAmC,CAAA;IACnC,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,2EAA2E;IAC3E,4CAAuB,CAAA;IACvB,6EAA6E;IAC7E,gDAA2B,CAAA;IAC3B,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,gFAAgF;IAChF,sDAAiC,CAAA;IACjC,kFAAkF;IAClF,0DAAqC,CAAA;IACrC,+EAA+E;IAC/E,2DAAsC,CAAA;IACtC,2EAA2E;IAC3E,mDAA8B,CAAA;IAC9B,8EAA8E;IAC9E,yDAAoC,CAAA;IACpC,4EAA4E;IAC5E,qDAAgC,CAAA;IAChC,2EAA2E;IAC3E,sDAAiC,CAAA;IACjC,8EAA8E;IAC9E,4DAAuC,CAAA;AACzC,CAAC,EA3GW,iBAAiB,KAAjB,iBAAiB,QA2G5B;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,0BAA0B,CAAC,iBAA0B;IACnE,qFAAqF;IACrF,4EAA4E;IAC5E,oJAAoJ;;IAEpJ,uFAAuF;IACvF,IAAI,WAAW,GAAG,iBAAiB,CAAC;IAEpC,IACE,WAAW,KAAK,SAAS;QACzB,CAAA,MAAA,MAAA,UAAU,CAAC,OAAO,0CAAE,GAAG,0CAAE,6BAA6B,MAAK,SAAS,EACpE,CAAC;QACD,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;IAC1D,CAAC;IAED,IAAI,WAAW,KAAK,iBAAiB,CAAC,kBAAkB,EAAE,CAAC;QACzD,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Helps specify a regional authority, or \"AutoDiscoverRegion\" to auto-detect the region.\n */\nexport enum RegionalAuthority {\n  /** Instructs MSAL to attempt to discover the region */\n  AutoDiscoverRegion = \"AutoDiscoverRegion\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'westus' region. */\n  USWest = \"westus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'westus2' region. */\n  USWest2 = \"westus2\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'centralus' region. */\n  USCentral = \"centralus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'eastus' region. */\n  USEast = \"eastus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'eastus2' region. */\n  USEast2 = \"eastus2\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'northcentralus' region. */\n  USNorthCentral = \"northcentralus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'southcentralus' region. */\n  USSouthCentral = \"southcentralus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'westcentralus' region. */\n  USWestCentral = \"westcentralus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'canadacentral' region. */\n  CanadaCentral = \"canadacentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'canadaeast' region. */\n  CanadaEast = \"canadaeast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'brazilsouth' region. */\n  BrazilSouth = \"brazilsouth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'northeurope' region. */\n  EuropeNorth = \"northeurope\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'westeurope' region. */\n  EuropeWest = \"westeurope\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'uksouth' region. */\n  UKSouth = \"uksouth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'ukwest' region. */\n  UKWest = \"ukwest\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'francecentral' region. */\n  FranceCentral = \"francecentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'francesouth' region. */\n  FranceSouth = \"francesouth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'switzerlandnorth' region. */\n  SwitzerlandNorth = \"switzerlandnorth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'switzerlandwest' region. */\n  SwitzerlandWest = \"switzerlandwest\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'germanynorth' region. */\n  GermanyNorth = \"germanynorth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'germanywestcentral' region. */\n  GermanyWestCentral = \"germanywestcentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'norwaywest' region. */\n  NorwayWest = \"norwaywest\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'norwayeast' region. */\n  NorwayEast = \"norwayeast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'eastasia' region. */\n  AsiaEast = \"eastasia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'southeastasia' region. */\n  AsiaSouthEast = \"southeastasia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'japaneast' region. */\n  JapanEast = \"japaneast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'japanwest' region. */\n  JapanWest = \"japanwest\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'australiaeast' region. */\n  AustraliaEast = \"australiaeast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'australiasoutheast' region. */\n  AustraliaSouthEast = \"australiasoutheast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'australiacentral' region. */\n  AustraliaCentral = \"australiacentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'australiacentral2' region. */\n  AustraliaCentral2 = \"australiacentral2\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'centralindia' region. */\n  IndiaCentral = \"centralindia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'southindia' region. */\n  IndiaSouth = \"southindia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'westindia' region. */\n  IndiaWest = \"westindia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'koreasouth' region. */\n  KoreaSouth = \"koreasouth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'koreacentral' region. */\n  KoreaCentral = \"koreacentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'uaecentral' region. */\n  UAECentral = \"uaecentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'uaenorth' region. */\n  UAENorth = \"uaenorth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'southafricanorth' region. */\n  SouthAfricaNorth = \"southafricanorth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'southafricawest' region. */\n  SouthAfricaWest = \"southafricawest\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'chinanorth' region. */\n  ChinaNorth = \"chinanorth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'chinaeast' region. */\n  ChinaEast = \"chinaeast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'chinanorth2' region. */\n  ChinaNorth2 = \"chinanorth2\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'chinaeast2' region. */\n  ChinaEast2 = \"chinaeast2\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'germanycentral' region. */\n  GermanyCentral = \"germanycentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'germanynortheast' region. */\n  GermanyNorthEast = \"germanynortheast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usgovvirginia' region. */\n  GovernmentUSVirginia = \"usgovvirginia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usgoviowa' region. */\n  GovernmentUSIowa = \"usgoviowa\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usgovarizona' region. */\n  GovernmentUSArizona = \"usgovarizona\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usgovtexas' region. */\n  GovernmentUSTexas = \"usgovtexas\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usdodeast' region. */\n  GovernmentUSDodEast = \"usdodeast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usdodcentral' region. */\n  GovernmentUSDodCentral = \"usdodcentral\",\n}\n\n/**\n * Calculates the correct regional authority based on the supplied value\n * and the AZURE_REGIONAL_AUTHORITY_NAME environment variable.\n *\n * Values will be returned verbatim, except for {@link RegionalAuthority.AutoDiscoverRegion}\n * which is mapped to a value MSAL can understand.\n *\n * @internal\n */\nexport function calculateRegionalAuthority(regionalAuthority?: string): string | undefined {\n  // Note: as of today only 3 credentials support regional authority, and the parameter\n  // is not exposed via the public API. Regional Authority is _only_ supported\n  // via the AZURE_REGIONAL_AUTHORITY_NAME env var and _only_ for: ClientSecretCredential, ClientCertificateCredential, and ClientAssertionCredential.\n\n  // Accepting the regionalAuthority parameter will allow us to support it in the future.\n  let azureRegion = regionalAuthority;\n\n  if (\n    azureRegion === undefined &&\n    globalThis.process?.env?.AZURE_REGIONAL_AUTHORITY_NAME !== undefined\n  ) {\n    azureRegion = process.env.AZURE_REGIONAL_AUTHORITY_NAME;\n  }\n\n  if (azureRegion === RegionalAuthority.AutoDiscoverRegion) {\n    return \"AUTO_DISCOVER\";\n  }\n\n  return azureRegion;\n}\n"]}

package/dist/workerd/tokenCredentialOptions.d.ts

@@ -0,0 +1,28 @@
+import type { CommonClientOptions } from "@azure/core-client";
+import type { LogPolicyOptions } from "@azure/core-rest-pipeline";
+/**
+ * Provides options to configure how the Identity library makes authentication
+ * requests to Microsoft Entra ID.
+ */
+export interface TokenCredentialOptions extends CommonClientOptions {
+    /**
+     * The authority host to use for authentication requests.
+     * Possible values are available through {@link AzureAuthorityHosts}.
+     * The default is "https://login.microsoftonline.com".
+     */
+    authorityHost?: string;
+    /**
+     * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.
+     */
+    loggingOptions?: LogPolicyOptions & {
+        /**
+         * Allows logging account information once the authentication flow succeeds.
+         */
+        allowLoggingAccountIdentifiers?: boolean;
+        /**
+         * Allows logging personally identifiable information for customer support.
+         */
+        enableUnsafeSupportLogging?: boolean;
+    };
+}
+//# sourceMappingURL=tokenCredentialOptions.d.ts.map

package/dist/workerd/tokenCredentialOptions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenCredentialOptions.d.ts","sourceRoot":"","sources":["../../src/tokenCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAElE;;;GAGG;AACH,MAAM,WAAW,sBAAuB,SAAQ,mBAAmB;IACjE;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,cAAc,CAAC,EAAE,gBAAgB,GAAG;QAClC;;WAEG;QACH,8BAA8B,CAAC,EAAE,OAAO,CAAC;QACzC;;WAEG;QACH,0BAA0B,CAAC,EAAE,OAAO,CAAC;KACtC,CAAC;CACH"}

package/dist/workerd/tokenCredentialOptions.js

@@ -0,0 +1,4 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+export {};
+//# sourceMappingURL=tokenCredentialOptions.js.map

package/dist/workerd/tokenCredentialOptions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenCredentialOptions.js","sourceRoot":"","sources":["../../src/tokenCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { CommonClientOptions } from \"@azure/core-client\";\nimport type { LogPolicyOptions } from \"@azure/core-rest-pipeline\";\n\n/**\n * Provides options to configure how the Identity library makes authentication\n * requests to Microsoft Entra ID.\n */\nexport interface TokenCredentialOptions extends CommonClientOptions {\n  /**\n   * The authority host to use for authentication requests.\n   * Possible values are available through {@link AzureAuthorityHosts}.\n   * The default is \"https://login.microsoftonline.com\".\n   */\n  authorityHost?: string;\n  /**\n   * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.\n   */\n  loggingOptions?: LogPolicyOptions & {\n    /**\n     * Allows logging account information once the authentication flow succeeds.\n     */\n    allowLoggingAccountIdentifiers?: boolean;\n    /**\n     * Allows logging personally identifiable information for customer support.\n     */\n    enableUnsafeSupportLogging?: boolean;\n  };\n}\n"]}

package/dist/workerd/tokenProvider.d.ts

@@ -0,0 +1,39 @@
+import type { TokenCredential, TracingContext } from "@azure/core-auth";
+/**
+ * The options to configure the token provider.
+ */
+export interface GetBearerTokenProviderOptions {
+    /** The abort signal to abort requests to get tokens */
+    abortSignal?: AbortSignal;
+    /** The tracing options for the requests to get tokens */
+    tracingOptions?: {
+        /**
+         * Tracing Context for the current request to get a token.
+         */
+        tracingContext?: TracingContext;
+    };
+}
+/**
+ * Returns a callback that provides a bearer token.
+ * For example, the bearer token can be used to authenticate a request as follows:
+ * ```ts snippet:token_provider_example
+ * import { DefaultAzureCredential, getBearerTokenProvider } from "@azure/identity";
+ * import { createPipelineRequest } from "@azure/core-rest-pipeline";
+ *
+ * const credential = new DefaultAzureCredential();
+ * const scope = "https://cognitiveservices.azure.com/.default";
+ * const getAccessToken = getBearerTokenProvider(credential, scope);
+ * const token = await getAccessToken();
+ *
+ * // usage
+ * const request = createPipelineRequest({ url: "https://example.com" });
+ * request.headers.set("Authorization", `Bearer ${token}`);
+ * ```
+ *
+ * @param credential - The credential used to authenticate the request.
+ * @param scopes - The scopes required for the bearer token.
+ * @param options - Options to configure the token provider.
+ * @returns a callback that provides a bearer token.
+ */
+export declare function getBearerTokenProvider(credential: TokenCredential, scopes: string | string[], options?: GetBearerTokenProviderOptions): () => Promise<string>;
+//# sourceMappingURL=tokenProvider.d.ts.map

package/dist/workerd/tokenProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenProvider.d.ts","sourceRoot":"","sources":["../../src/tokenProvider.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAOxE;;GAEG;AACH,MAAM,WAAW,6BAA6B;IAC5C,uDAAuD;IACvD,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,yDAAyD;IACzD,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,cAAc,CAAC,EAAE,cAAc,CAAC;KACjC,CAAC;CACH;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,sBAAsB,CACpC,UAAU,EAAE,eAAe,EAC3B,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,CAAC,EAAE,6BAA6B,GACtC,MAAM,OAAO,CAAC,MAAM,CAAC,CA6BvB"}

package/dist/workerd/tokenProvider.js

@@ -0,0 +1,53 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+import { bearerTokenAuthenticationPolicy, createEmptyPipeline, createPipelineRequest, } from "@azure/core-rest-pipeline";
+/**
+ * Returns a callback that provides a bearer token.
+ * For example, the bearer token can be used to authenticate a request as follows:
+ * ```ts snippet:token_provider_example
+ * import { DefaultAzureCredential, getBearerTokenProvider } from "@azure/identity";
+ * import { createPipelineRequest } from "@azure/core-rest-pipeline";
+ *
+ * const credential = new DefaultAzureCredential();
+ * const scope = "https://cognitiveservices.azure.com/.default";
+ * const getAccessToken = getBearerTokenProvider(credential, scope);
+ * const token = await getAccessToken();
+ *
+ * // usage
+ * const request = createPipelineRequest({ url: "https://example.com" });
+ * request.headers.set("Authorization", `Bearer ${token}`);
+ * ```
+ *
+ * @param credential - The credential used to authenticate the request.
+ * @param scopes - The scopes required for the bearer token.
+ * @param options - Options to configure the token provider.
+ * @returns a callback that provides a bearer token.
+ */
+export function getBearerTokenProvider(credential, scopes, options) {
+    const { abortSignal, tracingOptions } = options || {};
+    const pipeline = createEmptyPipeline();
+    pipeline.addPolicy(bearerTokenAuthenticationPolicy({ credential, scopes }));
+    async function getRefreshedToken() {
+        var _a;
+        // Create a pipeline with just the bearer token policy
+        // and run a dummy request through it to get the token
+        const res = await pipeline.sendRequest({
+            sendRequest: (request) => Promise.resolve({
+                request,
+                status: 200,
+                headers: request.headers,
+            }),
+        }, createPipelineRequest({
+            url: "https://example.com",
+            abortSignal,
+            tracingOptions,
+        }));
+        const accessToken = (_a = res.headers.get("authorization")) === null || _a === void 0 ? void 0 : _a.split(" ")[1];
+        if (!accessToken) {
+            throw new Error("Failed to get access token");
+        }
+        return accessToken;
+    }
+    return getRefreshedToken;
+}
+//# sourceMappingURL=tokenProvider.js.map

package/dist/workerd/tokenProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenProvider.js","sourceRoot":"","sources":["../../src/tokenProvider.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,+BAA+B,EAC/B,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,2BAA2B,CAAC;AAiBnC;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,sBAAsB,CACpC,UAA2B,EAC3B,MAAyB,EACzB,OAAuC;IAEvC,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;IACtD,MAAM,QAAQ,GAAG,mBAAmB,EAAE,CAAC;IACvC,QAAQ,CAAC,SAAS,CAAC,+BAA+B,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IAC5E,KAAK,UAAU,iBAAiB;;QAC9B,sDAAsD;QACtD,sDAAsD;QACtD,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,WAAW,CACpC;YACE,WAAW,EAAE,CAAC,OAAO,EAAE,EAAE,CACvB,OAAO,CAAC,OAAO,CAAC;gBACd,OAAO;gBACP,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB,CAAC;SACL,EACD,qBAAqB,CAAC;YACpB,GAAG,EAAE,qBAAqB;YAC1B,WAAW;YACX,cAAc;SACf,CAAC,CACH,CAAC;QACF,MAAM,WAAW,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,0CAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { TokenCredential, TracingContext } from \"@azure/core-auth\";\nimport {\n  bearerTokenAuthenticationPolicy,\n  createEmptyPipeline,\n  createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\n\n/**\n * The options to configure the token provider.\n */\nexport interface GetBearerTokenProviderOptions {\n  /** The abort signal to abort requests to get tokens */\n  abortSignal?: AbortSignal;\n  /** The tracing options for the requests to get tokens */\n  tracingOptions?: {\n    /**\n     * Tracing Context for the current request to get a token.\n     */\n    tracingContext?: TracingContext;\n  };\n}\n\n/**\n * Returns a callback that provides a bearer token.\n * For example, the bearer token can be used to authenticate a request as follows:\n * ```ts snippet:token_provider_example\n * import { DefaultAzureCredential, getBearerTokenProvider } from \"@azure/identity\";\n * import { createPipelineRequest } from \"@azure/core-rest-pipeline\";\n *\n * const credential = new DefaultAzureCredential();\n * const scope = \"https://cognitiveservices.azure.com/.default\";\n * const getAccessToken = getBearerTokenProvider(credential, scope);\n * const token = await getAccessToken();\n *\n * // usage\n * const request = createPipelineRequest({ url: \"https://example.com\" });\n * request.headers.set(\"Authorization\", `Bearer ${token}`);\n * ```\n *\n * @param credential - The credential used to authenticate the request.\n * @param scopes - The scopes required for the bearer token.\n * @param options - Options to configure the token provider.\n * @returns a callback that provides a bearer token.\n */\nexport function getBearerTokenProvider(\n  credential: TokenCredential,\n  scopes: string | string[],\n  options?: GetBearerTokenProviderOptions,\n): () => Promise<string> {\n  const { abortSignal, tracingOptions } = options || {};\n  const pipeline = createEmptyPipeline();\n  pipeline.addPolicy(bearerTokenAuthenticationPolicy({ credential, scopes }));\n  async function getRefreshedToken(): Promise<string> {\n    // Create a pipeline with just the bearer token policy\n    // and run a dummy request through it to get the token\n    const res = await pipeline.sendRequest(\n      {\n        sendRequest: (request) =>\n          Promise.resolve({\n            request,\n            status: 200,\n            headers: request.headers,\n          }),\n      },\n      createPipelineRequest({\n        url: \"https://example.com\",\n        abortSignal,\n        tracingOptions,\n      }),\n    );\n    const accessToken = res.headers.get(\"authorization\")?.split(\" \")[1];\n    if (!accessToken) {\n      throw new Error(\"Failed to get access token\");\n    }\n    return accessToken;\n  }\n  return getRefreshedToken;\n}\n"]}

package/dist/workerd/util/authHostEnv-browser.d.mts

@@ -0,0 +1,4 @@
+export declare function getAuthorityHostEnvironment(): {
+    authorityHost: string;
+} | undefined;
+//# sourceMappingURL=authHostEnv-browser.d.mts.map

package/dist/workerd/util/authHostEnv-browser.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authHostEnv-browser.d.mts","sourceRoot":"","sources":["../../../src/util/authHostEnv-browser.mts"],"names":[],"mappings":"AAOA,wBAAgB,2BAA2B,IAAI;IAAE,aAAa,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAEnF"}

package/dist/workerd/util/authHostEnv-browser.mjs

@@ -0,0 +1,7 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+const BrowserNotSupportedError = new Error("getAuthorityHostEnvironment is not supported in the browser.");
+export function getAuthorityHostEnvironment() {
+    throw BrowserNotSupportedError;
+}
+//# sourceMappingURL=authHostEnv-browser.mjs.map

package/dist/workerd/util/authHostEnv-browser.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"authHostEnv-browser.mjs","sourceRoot":"","sources":["../../../src/util/authHostEnv-browser.mts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,8DAA8D,CAC/D,CAAC;AAEF,MAAM,UAAU,2BAA2B;IACzC,MAAM,wBAAwB,CAAC;AACjC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nconst BrowserNotSupportedError = new Error(\n  \"getAuthorityHostEnvironment is not supported in the browser.\",\n);\n\nexport function getAuthorityHostEnvironment(): { authorityHost: string } | undefined {\n  throw BrowserNotSupportedError;\n}\n"]}

package/dist/workerd/util/identityTokenEndpoint.d.ts

@@ -0,0 +1,2 @@
+export declare function getIdentityTokenEndpointSuffix(tenantId: string): string;
+//# sourceMappingURL=identityTokenEndpoint.d.ts.map

package/dist/workerd/util/identityTokenEndpoint.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identityTokenEndpoint.d.ts","sourceRoot":"","sources":["../../../src/util/identityTokenEndpoint.ts"],"names":[],"mappings":"AAGA,wBAAgB,8BAA8B,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAMvE"}

package/dist/workerd/util/identityTokenEndpoint.js

@@ -0,0 +1,11 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+export function getIdentityTokenEndpointSuffix(tenantId) {
+    if (tenantId === "adfs") {
+        return "oauth2/token";
+    }
+    else {
+        return "oauth2/v2.0/token";
+    }
+}
+//# sourceMappingURL=identityTokenEndpoint.js.map

package/dist/workerd/util/identityTokenEndpoint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identityTokenEndpoint.js","sourceRoot":"","sources":["../../../src/util/identityTokenEndpoint.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,MAAM,UAAU,8BAA8B,CAAC,QAAgB;IAC7D,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,OAAO,cAAc,CAAC;IACxB,CAAC;SAAM,CAAC;QACN,OAAO,mBAAmB,CAAC;IAC7B,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport function getIdentityTokenEndpointSuffix(tenantId: string): string {\n  if (tenantId === \"adfs\") {\n    return \"oauth2/token\";\n  } else {\n    return \"oauth2/v2.0/token\";\n  }\n}\n"]}

package/dist/workerd/util/logging.d.ts

@@ -0,0 +1,70 @@
+import type { AzureLogger } from "@azure/logger";
+/**
+ * The AzureLogger used for all clients within the identity package
+ */
+export declare const logger: AzureLogger;
+interface EnvironmentAccumulator {
+    missing: string[];
+    assigned: string[];
+}
+/**
+ * Separates a list of environment variable names into a plain object with two arrays: an array of missing environment variables and another array with assigned environment variables.
+ * @param supportedEnvVars - List of environment variable names
+ */
+export declare function processEnvVars(supportedEnvVars: string[]): EnvironmentAccumulator;
+/**
+ * Based on a given list of environment variable names,
+ * logs the environment variables currently assigned during the usage of a credential that goes by the given name.
+ * @param credentialName - Name of the credential in use
+ * @param supportedEnvVars - List of environment variables supported by that credential
+ */
+export declare function logEnvVars(credentialName: string, supportedEnvVars: string[]): void;
+/**
+ * Formatting the success event on the credentials
+ */
+export declare function formatSuccess(scope: string | string[]): string;
+/**
+ * Formatting the success event on the credentials
+ */
+export declare function formatError(scope: string | string[] | undefined, error: Error | string): string;
+/**
+ * A CredentialLoggerInstance is a logger properly formatted to work in a credential's constructor, and its methods.
+ */
+export interface CredentialLoggerInstance {
+    title: string;
+    fullTitle: string;
+    info(message: string): void;
+    warning(message: string): void;
+    verbose(message: string): void;
+    error(err: string): void;
+}
+/**
+ * Generates a CredentialLoggerInstance.
+ *
+ * It logs with the format:
+ *
+ *   `[title] => [message]`
+ *
+ */
+export declare function credentialLoggerInstance(title: string, parent?: CredentialLoggerInstance, log?: AzureLogger): CredentialLoggerInstance;
+/**
+ * A CredentialLogger is a logger declared at the credential's constructor, and used at any point in the credential.
+ * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.
+ */
+export interface CredentialLogger extends CredentialLoggerInstance {
+    parent: AzureLogger;
+    getToken: CredentialLoggerInstance;
+}
+/**
+ * Generates a CredentialLogger, which is a logger declared at the credential's constructor, and used at any point in the credential.
+ * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.
+ *
+ * It logs with the format:
+ *
+ *   `[title] => [message]`
+ *   `[title] => getToken() => [message]`
+ *
+ */
+export declare function credentialLogger(title: string, log?: AzureLogger): CredentialLogger;
+export {};
+//# sourceMappingURL=logging.d.ts.map

package/dist/workerd/util/logging.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logging.d.ts","sourceRoot":"","sources":["../../../src/util/logging.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAGjD;;GAEG;AACH,eAAO,MAAM,MAAM,aAAiC,CAAC;AAErD,UAAU,sBAAsB;IAC9B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,gBAAgB,EAAE,MAAM,EAAE,GAAG,sBAAsB,CAYjF;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,cAAc,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,IAAI,CAKnF;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,MAAM,CAE9D;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,EAAE,KAAK,EAAE,KAAK,GAAG,MAAM,GAAG,MAAM,CAM/F;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,KAAK,EAAE,MAAM,EACb,MAAM,CAAC,EAAE,wBAAwB,EACjC,GAAG,GAAE,WAAoB,GACxB,wBAAwB,CA2B1B;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAiB,SAAQ,wBAAwB;IAChE,MAAM,EAAE,WAAW,CAAC;IACpB,QAAQ,EAAE,wBAAwB,CAAC;CACpC;AAED;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,GAAE,WAAoB,GAAG,gBAAgB,CAO3F"}

package/dist/workerd/util/logging.js

@@ -0,0 +1,94 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+import { createClientLogger } from "@azure/logger";
+/**
+ * The AzureLogger used for all clients within the identity package
+ */
+export const logger = createClientLogger("identity");
+/**
+ * Separates a list of environment variable names into a plain object with two arrays: an array of missing environment variables and another array with assigned environment variables.
+ * @param supportedEnvVars - List of environment variable names
+ */
+export function processEnvVars(supportedEnvVars) {
+    return supportedEnvVars.reduce((acc, envVariable) => {
+        if (process.env[envVariable]) {
+            acc.assigned.push(envVariable);
+        }
+        else {
+            acc.missing.push(envVariable);
+        }
+        return acc;
+    }, { missing: [], assigned: [] });
+}
+/**
+ * Based on a given list of environment variable names,
+ * logs the environment variables currently assigned during the usage of a credential that goes by the given name.
+ * @param credentialName - Name of the credential in use
+ * @param supportedEnvVars - List of environment variables supported by that credential
+ */
+export function logEnvVars(credentialName, supportedEnvVars) {
+    const { assigned } = processEnvVars(supportedEnvVars);
+    logger.info(`${credentialName} => Found the following environment variables: ${assigned.join(", ")}`);
+}
+/**
+ * Formatting the success event on the credentials
+ */
+export function formatSuccess(scope) {
+    return `SUCCESS. Scopes: ${Array.isArray(scope) ? scope.join(", ") : scope}.`;
+}
+/**
+ * Formatting the success event on the credentials
+ */
+export function formatError(scope, error) {
+    let message = "ERROR.";
+    if (scope === null || scope === void 0 ? void 0 : scope.length) {
+        message += ` Scopes: ${Array.isArray(scope) ? scope.join(", ") : scope}.`;
+    }
+    return `${message} Error message: ${typeof error === "string" ? error : error.message}.`;
+}
+/**
+ * Generates a CredentialLoggerInstance.
+ *
+ * It logs with the format:
+ *
+ *   `[title] => [message]`
+ *
+ */
+export function credentialLoggerInstance(title, parent, log = logger) {
+    const fullTitle = parent ? `${parent.fullTitle} ${title}` : title;
+    function info(message) {
+        log.info(`${fullTitle} =>`, message);
+    }
+    function warning(message) {
+        log.warning(`${fullTitle} =>`, message);
+    }
+    function verbose(message) {
+        log.verbose(`${fullTitle} =>`, message);
+    }
+    function error(message) {
+        log.error(`${fullTitle} =>`, message);
+    }
+    return {
+        title,
+        fullTitle,
+        info,
+        warning,
+        verbose,
+        error,
+    };
+}
+/**
+ * Generates a CredentialLogger, which is a logger declared at the credential's constructor, and used at any point in the credential.
+ * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.
+ *
+ * It logs with the format:
+ *
+ *   `[title] => [message]`
+ *   `[title] => getToken() => [message]`
+ *
+ */
+export function credentialLogger(title, log = logger) {
+    const credLogger = credentialLoggerInstance(title, undefined, log);
+    return Object.assign(Object.assign({}, credLogger), { parent: log, getToken: credentialLoggerInstance("=> getToken()", credLogger, log) });
+}
+//# sourceMappingURL=logging.js.map

package/dist/workerd/util/logging.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logging.js","sourceRoot":"","sources":["../../../src/util/logging.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAEnD;;GAEG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;AAOrD;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,gBAA0B;IACvD,OAAO,gBAAgB,CAAC,MAAM,CAC5B,CAAC,GAA2B,EAAE,WAAmB,EAAE,EAAE;QACnD,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7B,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAChC,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,EACD,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAC9B,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,cAAsB,EAAE,gBAA0B;IAC3E,MAAM,EAAE,QAAQ,EAAE,GAAG,cAAc,CAAC,gBAAgB,CAAC,CAAC;IACtD,MAAM,CAAC,IAAI,CACT,GAAG,cAAc,kDAAkD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACzF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAwB;IACpD,OAAO,oBAAoB,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC;AAChF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,KAAoC,EAAE,KAAqB;IACrF,IAAI,OAAO,GAAG,QAAQ,CAAC;IACvB,IAAI,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,MAAM,EAAE,CAAC;QAClB,OAAO,IAAI,YAAY,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC;IAC5E,CAAC;IACD,OAAO,GAAG,OAAO,mBAAmB,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC;AAC3F,CAAC;AAcD;;;;;;;GAOG;AACH,MAAM,UAAU,wBAAwB,CACtC,KAAa,EACb,MAAiC,EACjC,MAAmB,MAAM;IAEzB,MAAM,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,SAAS,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;IAElE,SAAS,IAAI,CAAC,OAAe;QAC3B,GAAG,CAAC,IAAI,CAAC,GAAG,SAAS,KAAK,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAED,SAAS,OAAO,CAAC,OAAe;QAC9B,GAAG,CAAC,OAAO,CAAC,GAAG,SAAS,KAAK,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,SAAS,OAAO,CAAC,OAAe;QAC9B,GAAG,CAAC,OAAO,CAAC,GAAG,SAAS,KAAK,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,SAAS,KAAK,CAAC,OAAe;QAC5B,GAAG,CAAC,KAAK,CAAC,GAAG,SAAS,KAAK,EAAE,OAAO,CAAC,CAAC;IACxC,CAAC;IAED,OAAO;QACL,KAAK;QACL,SAAS;QACT,IAAI;QACJ,OAAO;QACP,OAAO;QACP,KAAK;KACN,CAAC;AACJ,CAAC;AAWD;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAa,EAAE,MAAmB,MAAM;IACvE,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;IACnE,uCACK,UAAU,KACb,MAAM,EAAE,GAAG,EACX,QAAQ,EAAE,wBAAwB,CAAC,eAAe,EAAE,UAAU,EAAE,GAAG,CAAC,IACpE;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AzureLogger } from \"@azure/logger\";\nimport { createClientLogger } from \"@azure/logger\";\n\n/**\n * The AzureLogger used for all clients within the identity package\n */\nexport const logger = createClientLogger(\"identity\");\n\ninterface EnvironmentAccumulator {\n  missing: string[];\n  assigned: string[];\n}\n\n/**\n * Separates a list of environment variable names into a plain object with two arrays: an array of missing environment variables and another array with assigned environment variables.\n * @param supportedEnvVars - List of environment variable names\n */\nexport function processEnvVars(supportedEnvVars: string[]): EnvironmentAccumulator {\n  return supportedEnvVars.reduce(\n    (acc: EnvironmentAccumulator, envVariable: string) => {\n      if (process.env[envVariable]) {\n        acc.assigned.push(envVariable);\n      } else {\n        acc.missing.push(envVariable);\n      }\n      return acc;\n    },\n    { missing: [], assigned: [] },\n  );\n}\n\n/**\n * Based on a given list of environment variable names,\n * logs the environment variables currently assigned during the usage of a credential that goes by the given name.\n * @param credentialName - Name of the credential in use\n * @param supportedEnvVars - List of environment variables supported by that credential\n */\nexport function logEnvVars(credentialName: string, supportedEnvVars: string[]): void {\n  const { assigned } = processEnvVars(supportedEnvVars);\n  logger.info(\n    `${credentialName} => Found the following environment variables: ${assigned.join(\", \")}`,\n  );\n}\n\n/**\n * Formatting the success event on the credentials\n */\nexport function formatSuccess(scope: string | string[]): string {\n  return `SUCCESS. Scopes: ${Array.isArray(scope) ? scope.join(\", \") : scope}.`;\n}\n\n/**\n * Formatting the success event on the credentials\n */\nexport function formatError(scope: string | string[] | undefined, error: Error | string): string {\n  let message = \"ERROR.\";\n  if (scope?.length) {\n    message += ` Scopes: ${Array.isArray(scope) ? scope.join(\", \") : scope}.`;\n  }\n  return `${message} Error message: ${typeof error === \"string\" ? error : error.message}.`;\n}\n\n/**\n * A CredentialLoggerInstance is a logger properly formatted to work in a credential's constructor, and its methods.\n */\nexport interface CredentialLoggerInstance {\n  title: string;\n  fullTitle: string;\n  info(message: string): void;\n  warning(message: string): void;\n  verbose(message: string): void;\n  error(err: string): void;\n}\n\n/**\n * Generates a CredentialLoggerInstance.\n *\n * It logs with the format:\n *\n *   `[title] => [message]`\n *\n */\nexport function credentialLoggerInstance(\n  title: string,\n  parent?: CredentialLoggerInstance,\n  log: AzureLogger = logger,\n): CredentialLoggerInstance {\n  const fullTitle = parent ? `${parent.fullTitle} ${title}` : title;\n\n  function info(message: string): void {\n    log.info(`${fullTitle} =>`, message);\n  }\n\n  function warning(message: string): void {\n    log.warning(`${fullTitle} =>`, message);\n  }\n\n  function verbose(message: string): void {\n    log.verbose(`${fullTitle} =>`, message);\n  }\n\n  function error(message: string): void {\n    log.error(`${fullTitle} =>`, message);\n  }\n\n  return {\n    title,\n    fullTitle,\n    info,\n    warning,\n    verbose,\n    error,\n  };\n}\n\n/**\n * A CredentialLogger is a logger declared at the credential's constructor, and used at any point in the credential.\n * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.\n */\nexport interface CredentialLogger extends CredentialLoggerInstance {\n  parent: AzureLogger;\n  getToken: CredentialLoggerInstance;\n}\n\n/**\n * Generates a CredentialLogger, which is a logger declared at the credential's constructor, and used at any point in the credential.\n * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.\n *\n * It logs with the format:\n *\n *   `[title] => [message]`\n *   `[title] => getToken() => [message]`\n *\n */\nexport function credentialLogger(title: string, log: AzureLogger = logger): CredentialLogger {\n  const credLogger = credentialLoggerInstance(title, undefined, log);\n  return {\n    ...credLogger,\n    parent: log,\n    getToken: credentialLoggerInstance(\"=> getToken()\", credLogger, log),\n  };\n}\n"]}

package/dist/workerd/util/processMultiTenantRequest.d.ts

@@ -0,0 +1,10 @@
+import type { GetTokenOptions } from "@azure/core-auth";
+import type { CredentialLogger } from "./logging.js";
+/**
+ * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,
+ * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),
+ * or unless the original tenant Id is `adfs`.
+ * @internal
+ */
+export declare function processMultiTenantRequest(tenantId?: string, getTokenOptions?: GetTokenOptions, additionallyAllowedTenantIds?: string[], logger?: CredentialLogger): string | undefined;
+//# sourceMappingURL=processMultiTenantRequest.d.ts.map

package/dist/workerd/util/processMultiTenantRequest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"processMultiTenantRequest.d.ts","sourceRoot":"","sources":["../../../src/util/processMultiTenantRequest.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAExD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAMrD;;;;;GAKG;AACH,wBAAgB,yBAAyB,CACvC,QAAQ,CAAC,EAAE,MAAM,EACjB,eAAe,CAAC,EAAE,eAAe,EACjC,4BAA4B,GAAE,MAAM,EAAO,EAC3C,MAAM,CAAC,EAAE,gBAAgB,GACxB,MAAM,GAAG,SAAS,CAqBpB"}

package/dist/workerd/util/processMultiTenantRequest.js

@@ -0,0 +1,35 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+import { CredentialUnavailableError } from "../errors.js";
+function createConfigurationErrorMessage(tenantId) {
+    return `The current credential is not configured to acquire tokens for tenant ${tenantId}. To enable acquiring tokens for this tenant add it to the AdditionallyAllowedTenants on the credential options, or add "*" to AdditionallyAllowedTenants to allow acquiring tokens for any tenant.`;
+}
+/**
+ * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,
+ * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),
+ * or unless the original tenant Id is `adfs`.
+ * @internal
+ */
+export function processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds = [], logger) {
+    var _a;
+    let resolvedTenantId;
+    if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {
+        resolvedTenantId = tenantId;
+    }
+    else if (tenantId === "adfs") {
+        resolvedTenantId = tenantId;
+    }
+    else {
+        resolvedTenantId = (_a = getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId) !== null && _a !== void 0 ? _a : tenantId;
+    }
+    if (tenantId &&
+        resolvedTenantId !== tenantId &&
+        !additionallyAllowedTenantIds.includes("*") &&
+        !additionallyAllowedTenantIds.some((t) => t.localeCompare(resolvedTenantId) === 0)) {
+        const message = createConfigurationErrorMessage(resolvedTenantId);
+        logger === null || logger === void 0 ? void 0 : logger.info(message);
+        throw new CredentialUnavailableError(message);
+    }
+    return resolvedTenantId;
+}
+//# sourceMappingURL=processMultiTenantRequest.js.map

package/dist/workerd/util/processMultiTenantRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"processMultiTenantRequest.js","sourceRoot":"","sources":["../../../src/util/processMultiTenantRequest.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAG1D,SAAS,+BAA+B,CAAC,QAAgB;IACvD,OAAO,yEAAyE,QAAQ,qMAAqM,CAAC;AAChS,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAiB,EACjB,eAAiC,EACjC,+BAAyC,EAAE,EAC3C,MAAyB;;IAEzB,IAAI,gBAAoC,CAAC;IACzC,IAAI,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE,CAAC;QACvD,gBAAgB,GAAG,QAAQ,CAAC;IAC9B,CAAC;SAAM,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC/B,gBAAgB,GAAG,QAAQ,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,gBAAgB,GAAG,MAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,mCAAI,QAAQ,CAAC;IAC3D,CAAC;IACD,IACE,QAAQ;QACR,gBAAgB,KAAK,QAAQ;QAC7B,CAAC,4BAA4B,CAAC,QAAQ,CAAC,GAAG,CAAC;QAC3C,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,gBAAiB,CAAC,KAAK,CAAC,CAAC,EACnF,CAAC;QACD,MAAM,OAAO,GAAG,+BAA+B,CAAC,gBAAiB,CAAC,CAAC;QACnE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACtB,MAAM,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { CredentialLogger } from \"./logging.js\";\n\nfunction createConfigurationErrorMessage(tenantId: string): string {\n  return `The current credential is not configured to acquire tokens for tenant ${tenantId}. To enable acquiring tokens for this tenant add it to the AdditionallyAllowedTenants on the credential options, or add \"*\" to AdditionallyAllowedTenants to allow acquiring tokens for any tenant.`;\n}\n\n/**\n * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,\n * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),\n * or unless the original tenant Id is `adfs`.\n * @internal\n */\nexport function processMultiTenantRequest(\n  tenantId?: string,\n  getTokenOptions?: GetTokenOptions,\n  additionallyAllowedTenantIds: string[] = [],\n  logger?: CredentialLogger,\n): string | undefined {\n  let resolvedTenantId: string | undefined;\n  if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {\n    resolvedTenantId = tenantId;\n  } else if (tenantId === \"adfs\") {\n    resolvedTenantId = tenantId;\n  } else {\n    resolvedTenantId = getTokenOptions?.tenantId ?? tenantId;\n  }\n  if (\n    tenantId &&\n    resolvedTenantId !== tenantId &&\n    !additionallyAllowedTenantIds.includes(\"*\") &&\n    !additionallyAllowedTenantIds.some((t) => t.localeCompare(resolvedTenantId!) === 0)\n  ) {\n    const message = createConfigurationErrorMessage(resolvedTenantId!);\n    logger?.info(message);\n    throw new CredentialUnavailableError(message);\n  }\n\n  return resolvedTenantId;\n}\n"]}