@azure/identity 4.8.1-alpha.20250410.1 → 4.9.1-alpha.20250416.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/browser/constants.d.ts +1 -1
- package/dist/browser/constants.js +1 -1
- package/dist/browser/constants.js.map +1 -1
- package/dist/commonjs/constants.d.ts +1 -1
- package/dist/commonjs/constants.js +1 -1
- package/dist/commonjs/constants.js.map +1 -1
- package/dist/esm/constants.d.ts +1 -1
- package/dist/esm/constants.js +1 -1
- package/dist/esm/constants.js.map +1 -1
- package/dist/workerd/client/identityClient.d.ts +65 -0
- package/dist/workerd/client/identityClient.d.ts.map +1 -0
- package/dist/workerd/client/identityClient.js +248 -0
- package/dist/workerd/client/identityClient.js.map +1 -0
- package/dist/workerd/constants.d.ts +69 -0
- package/dist/workerd/constants.d.ts.map +1 -0
- package/dist/workerd/constants.js +75 -0
- package/dist/workerd/constants.js.map +1 -0
- package/dist/workerd/credentials/authorityValidationOptions.d.ts +16 -0
- package/dist/workerd/credentials/authorityValidationOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/authorityValidationOptions.js +4 -0
- package/dist/workerd/credentials/authorityValidationOptions.js.map +1 -0
- package/dist/workerd/credentials/authorizationCodeCredential.d.ts +73 -0
- package/dist/workerd/credentials/authorizationCodeCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/authorizationCodeCredential.js +60 -0
- package/dist/workerd/credentials/authorizationCodeCredential.js.map +1 -0
- package/dist/workerd/credentials/authorizationCodeCredentialOptions.d.ts +8 -0
- package/dist/workerd/credentials/authorizationCodeCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/authorizationCodeCredentialOptions.js +4 -0
- package/dist/workerd/credentials/authorizationCodeCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/azureApplicationCredential.d.ts +24 -0
- package/dist/workerd/credentials/azureApplicationCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/azureApplicationCredential.js +32 -0
- package/dist/workerd/credentials/azureApplicationCredential.js.map +1 -0
- package/dist/workerd/credentials/azureApplicationCredentialOptions.d.ts +13 -0
- package/dist/workerd/credentials/azureApplicationCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/azureApplicationCredentialOptions.js +4 -0
- package/dist/workerd/credentials/azureApplicationCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/azureCliCredential.d.ts +64 -0
- package/dist/workerd/credentials/azureCliCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/azureCliCredential.js +191 -0
- package/dist/workerd/credentials/azureCliCredential.js.map +1 -0
- package/dist/workerd/credentials/azureCliCredentialOptions.d.ts +20 -0
- package/dist/workerd/credentials/azureCliCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/azureCliCredentialOptions.js +4 -0
- package/dist/workerd/credentials/azureCliCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/azureDeveloperCliCredential.d.ts +71 -0
- package/dist/workerd/credentials/azureDeveloperCliCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/azureDeveloperCliCredential.js +173 -0
- package/dist/workerd/credentials/azureDeveloperCliCredential.js.map +1 -0
- package/dist/workerd/credentials/azureDeveloperCliCredentialOptions.d.ts +15 -0
- package/dist/workerd/credentials/azureDeveloperCliCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/azureDeveloperCliCredentialOptions.js +4 -0
- package/dist/workerd/credentials/azureDeveloperCliCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/azurePipelinesCredential.d.ts +38 -0
- package/dist/workerd/credentials/azurePipelinesCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/azurePipelinesCredential.js +141 -0
- package/dist/workerd/credentials/azurePipelinesCredential.js.map +1 -0
- package/dist/workerd/credentials/azurePipelinesCredentialOptions.d.ts +9 -0
- package/dist/workerd/credentials/azurePipelinesCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/azurePipelinesCredentialOptions.js +4 -0
- package/dist/workerd/credentials/azurePipelinesCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/azurePowerShellCredential.d.ts +75 -0
- package/dist/workerd/credentials/azurePowerShellCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/azurePowerShellCredential.js +229 -0
- package/dist/workerd/credentials/azurePowerShellCredential.js.map +1 -0
- package/dist/workerd/credentials/azurePowerShellCredentialOptions.d.ts +15 -0
- package/dist/workerd/credentials/azurePowerShellCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/azurePowerShellCredentialOptions.js +4 -0
- package/dist/workerd/credentials/azurePowerShellCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/brokerAuthOptions.d.ts +13 -0
- package/dist/workerd/credentials/brokerAuthOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/brokerAuthOptions.js +2 -0
- package/dist/workerd/credentials/brokerAuthOptions.js.map +1 -0
- package/dist/workerd/credentials/browserCustomizationOptions.d.ts +19 -0
- package/dist/workerd/credentials/browserCustomizationOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/browserCustomizationOptions.js +4 -0
- package/dist/workerd/credentials/browserCustomizationOptions.js.map +1 -0
- package/dist/workerd/credentials/chainedTokenCredential.d.ts +51 -0
- package/dist/workerd/credentials/chainedTokenCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/chainedTokenCredential.js +92 -0
- package/dist/workerd/credentials/chainedTokenCredential.js.map +1 -0
- package/dist/workerd/credentials/clientAssertionCredential.d.ts +33 -0
- package/dist/workerd/credentials/clientAssertionCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/clientAssertionCredential.js +55 -0
- package/dist/workerd/credentials/clientAssertionCredential.js.map +1 -0
- package/dist/workerd/credentials/clientAssertionCredentialOptions.d.ts +9 -0
- package/dist/workerd/credentials/clientAssertionCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/clientAssertionCredentialOptions.js +4 -0
- package/dist/workerd/credentials/clientAssertionCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/clientCertificateCredential.d.ts +72 -0
- package/dist/workerd/credentials/clientCertificateCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/clientCertificateCredential.js +122 -0
- package/dist/workerd/credentials/clientCertificateCredential.js.map +1 -0
- package/dist/workerd/credentials/clientCertificateCredentialModels.d.ts +31 -0
- package/dist/workerd/credentials/clientCertificateCredentialModels.d.ts.map +1 -0
- package/dist/workerd/credentials/clientCertificateCredentialModels.js +4 -0
- package/dist/workerd/credentials/clientCertificateCredentialModels.js.map +1 -0
- package/dist/workerd/credentials/clientCertificateCredentialOptions.d.ts +14 -0
- package/dist/workerd/credentials/clientCertificateCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/clientCertificateCredentialOptions.js +4 -0
- package/dist/workerd/credentials/clientCertificateCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/clientSecretCredential.d.ts +37 -0
- package/dist/workerd/credentials/clientSecretCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/clientSecretCredential.js +60 -0
- package/dist/workerd/credentials/clientSecretCredential.js.map +1 -0
- package/dist/workerd/credentials/clientSecretCredentialOptions.d.ts +9 -0
- package/dist/workerd/credentials/clientSecretCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/clientSecretCredentialOptions.js +4 -0
- package/dist/workerd/credentials/clientSecretCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/credentialPersistenceOptions.d.ts +30 -0
- package/dist/workerd/credentials/credentialPersistenceOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/credentialPersistenceOptions.js +4 -0
- package/dist/workerd/credentials/credentialPersistenceOptions.js.map +1 -0
- package/dist/workerd/credentials/defaultAzureCredential.d.ts +65 -0
- package/dist/workerd/credentials/defaultAzureCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/defaultAzureCredential.js +164 -0
- package/dist/workerd/credentials/defaultAzureCredential.js.map +1 -0
- package/dist/workerd/credentials/defaultAzureCredentialOptions.d.ts +49 -0
- package/dist/workerd/credentials/defaultAzureCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/defaultAzureCredentialOptions.js +4 -0
- package/dist/workerd/credentials/defaultAzureCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/deviceCodeCredential.d.ts +67 -0
- package/dist/workerd/credentials/deviceCodeCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/deviceCodeCredential.js +91 -0
- package/dist/workerd/credentials/deviceCodeCredential.js.map +1 -0
- package/dist/workerd/credentials/deviceCodeCredentialOptions.d.ts +53 -0
- package/dist/workerd/credentials/deviceCodeCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/deviceCodeCredentialOptions.js +4 -0
- package/dist/workerd/credentials/deviceCodeCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/environmentCredential.d.ts +52 -0
- package/dist/workerd/credentials/environmentCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/environmentCredential.js +130 -0
- package/dist/workerd/credentials/environmentCredential.js.map +1 -0
- package/dist/workerd/credentials/environmentCredentialOptions.d.ts +9 -0
- package/dist/workerd/credentials/environmentCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/environmentCredentialOptions.js +4 -0
- package/dist/workerd/credentials/environmentCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/interactiveBrowserCredential.d.ts +56 -0
- package/dist/workerd/credentials/interactiveBrowserCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/interactiveBrowserCredential.js +91 -0
- package/dist/workerd/credentials/interactiveBrowserCredential.js.map +1 -0
- package/dist/workerd/credentials/interactiveBrowserCredentialOptions.d.ts +77 -0
- package/dist/workerd/credentials/interactiveBrowserCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/interactiveBrowserCredentialOptions.js +4 -0
- package/dist/workerd/credentials/interactiveBrowserCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/interactiveCredentialOptions.d.ts +25 -0
- package/dist/workerd/credentials/interactiveCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/interactiveCredentialOptions.js +4 -0
- package/dist/workerd/credentials/interactiveCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/managedIdentityCredential/imdsMsi.d.ts +18 -0
- package/dist/workerd/credentials/managedIdentityCredential/imdsMsi.d.ts.map +1 -0
- package/dist/workerd/credentials/managedIdentityCredential/imdsMsi.js +99 -0
- package/dist/workerd/credentials/managedIdentityCredential/imdsMsi.js.map +1 -0
- package/dist/workerd/credentials/managedIdentityCredential/imdsRetryPolicy.d.ts +12 -0
- package/dist/workerd/credentials/managedIdentityCredential/imdsRetryPolicy.d.ts.map +1 -0
- package/dist/workerd/credentials/managedIdentityCredential/imdsRetryPolicy.js +33 -0
- package/dist/workerd/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -0
- package/dist/workerd/credentials/managedIdentityCredential/index.d.ts +61 -0
- package/dist/workerd/credentials/managedIdentityCredential/index.d.ts.map +1 -0
- package/dist/workerd/credentials/managedIdentityCredential/index.js +239 -0
- package/dist/workerd/credentials/managedIdentityCredential/index.js.map +1 -0
- package/dist/workerd/credentials/managedIdentityCredential/models.d.ts +24 -0
- package/dist/workerd/credentials/managedIdentityCredential/models.d.ts.map +1 -0
- package/dist/workerd/credentials/managedIdentityCredential/models.js +4 -0
- package/dist/workerd/credentials/managedIdentityCredential/models.js.map +1 -0
- package/dist/workerd/credentials/managedIdentityCredential/options.d.ts +37 -0
- package/dist/workerd/credentials/managedIdentityCredential/options.d.ts.map +1 -0
- package/dist/workerd/credentials/managedIdentityCredential/options.js +4 -0
- package/dist/workerd/credentials/managedIdentityCredential/options.js.map +1 -0
- package/dist/workerd/credentials/managedIdentityCredential/tokenExchangeMsi.d.ts +14 -0
- package/dist/workerd/credentials/managedIdentityCredential/tokenExchangeMsi.d.ts.map +1 -0
- package/dist/workerd/credentials/managedIdentityCredential/tokenExchangeMsi.js +32 -0
- package/dist/workerd/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -0
- package/dist/workerd/credentials/managedIdentityCredential/utils.d.ts +37 -0
- package/dist/workerd/credentials/managedIdentityCredential/utils.d.ts.map +1 -0
- package/dist/workerd/credentials/managedIdentityCredential/utils.js +81 -0
- package/dist/workerd/credentials/managedIdentityCredential/utils.js.map +1 -0
- package/dist/workerd/credentials/multiTenantTokenCredentialOptions.d.ts +12 -0
- package/dist/workerd/credentials/multiTenantTokenCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/multiTenantTokenCredentialOptions.js +4 -0
- package/dist/workerd/credentials/multiTenantTokenCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/onBehalfOfCredential.d.ts +105 -0
- package/dist/workerd/credentials/onBehalfOfCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/onBehalfOfCredential.js +112 -0
- package/dist/workerd/credentials/onBehalfOfCredential.js.map +1 -0
- package/dist/workerd/credentials/onBehalfOfCredentialOptions.d.ts +76 -0
- package/dist/workerd/credentials/onBehalfOfCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/onBehalfOfCredentialOptions.js +4 -0
- package/dist/workerd/credentials/onBehalfOfCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/usernamePasswordCredential.d.ts +42 -0
- package/dist/workerd/credentials/usernamePasswordCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/usernamePasswordCredential.js +68 -0
- package/dist/workerd/credentials/usernamePasswordCredential.js.map +1 -0
- package/dist/workerd/credentials/usernamePasswordCredentialOptions.d.ts +10 -0
- package/dist/workerd/credentials/usernamePasswordCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/usernamePasswordCredentialOptions.js +4 -0
- package/dist/workerd/credentials/usernamePasswordCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/visualStudioCodeCredential.d.ts +66 -0
- package/dist/workerd/credentials/visualStudioCodeCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/visualStudioCodeCredential.js +196 -0
- package/dist/workerd/credentials/visualStudioCodeCredential.js.map +1 -0
- package/dist/workerd/credentials/visualStudioCodeCredentialOptions.d.ts +16 -0
- package/dist/workerd/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/visualStudioCodeCredentialOptions.js +4 -0
- package/dist/workerd/credentials/visualStudioCodeCredentialOptions.js.map +1 -0
- package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.d.ts +16 -0
- package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -0
- package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.js +4 -0
- package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.js.map +1 -0
- package/dist/workerd/credentials/workloadIdentityCredential.d.ts +47 -0
- package/dist/workerd/credentials/workloadIdentityCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/workloadIdentityCredential.js +114 -0
- package/dist/workerd/credentials/workloadIdentityCredential.js.map +1 -0
- package/dist/workerd/credentials/workloadIdentityCredentialOptions.d.ts +20 -0
- package/dist/workerd/credentials/workloadIdentityCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/credentials/workloadIdentityCredentialOptions.js +4 -0
- package/dist/workerd/credentials/workloadIdentityCredentialOptions.js.map +1 -0
- package/dist/workerd/errors.d.ts +139 -0
- package/dist/workerd/errors.d.ts.map +1 -0
- package/dist/workerd/errors.js +123 -0
- package/dist/workerd/errors.js.map +1 -0
- package/dist/workerd/index.d.ts +61 -0
- package/dist/workerd/index.d.ts.map +1 -0
- package/dist/workerd/index.js +34 -0
- package/dist/workerd/index.js.map +1 -0
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.d.ts +19 -0
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -0
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.js +291 -0
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.js.map +1 -0
- package/dist/workerd/msal/browserFlows/msalBrowserOptions.d.ts +87 -0
- package/dist/workerd/msal/browserFlows/msalBrowserOptions.d.ts.map +1 -0
- package/dist/workerd/msal/browserFlows/msalBrowserOptions.js +4 -0
- package/dist/workerd/msal/browserFlows/msalBrowserOptions.js.map +1 -0
- package/dist/workerd/msal/credentials.d.ts +52 -0
- package/dist/workerd/msal/credentials.d.ts.map +1 -0
- package/dist/workerd/msal/credentials.js +4 -0
- package/dist/workerd/msal/credentials.js.map +1 -0
- package/dist/workerd/msal/msal.d.ts +3 -0
- package/dist/workerd/msal/msal.d.ts.map +1 -0
- package/dist/workerd/msal/msal.js +5 -0
- package/dist/workerd/msal/msal.js.map +1 -0
- package/dist/workerd/msal/nodeFlows/brokerOptions.d.ts +44 -0
- package/dist/workerd/msal/nodeFlows/brokerOptions.d.ts.map +1 -0
- package/dist/workerd/msal/nodeFlows/brokerOptions.js +2 -0
- package/dist/workerd/msal/nodeFlows/brokerOptions.js.map +1 -0
- package/dist/workerd/msal/nodeFlows/msalClient.d.ts +186 -0
- package/dist/workerd/msal/nodeFlows/msalClient.d.ts.map +1 -0
- package/dist/workerd/msal/nodeFlows/msalClient.js +469 -0
- package/dist/workerd/msal/nodeFlows/msalClient.js.map +1 -0
- package/dist/workerd/msal/nodeFlows/msalPlugins.d.ts +91 -0
- package/dist/workerd/msal/nodeFlows/msalPlugins.d.ts.map +1 -0
- package/dist/workerd/msal/nodeFlows/msalPlugins.js +87 -0
- package/dist/workerd/msal/nodeFlows/msalPlugins.js.map +1 -0
- package/dist/workerd/msal/nodeFlows/tokenCachePersistenceOptions.d.ts +24 -0
- package/dist/workerd/msal/nodeFlows/tokenCachePersistenceOptions.d.ts.map +1 -0
- package/dist/workerd/msal/nodeFlows/tokenCachePersistenceOptions.js +4 -0
- package/dist/workerd/msal/nodeFlows/tokenCachePersistenceOptions.js.map +1 -0
- package/dist/workerd/msal/types.d.ts +87 -0
- package/dist/workerd/msal/types.d.ts.map +1 -0
- package/dist/workerd/msal/types.js +4 -0
- package/dist/workerd/msal/types.js.map +1 -0
- package/dist/workerd/msal/utils.d.ts +95 -0
- package/dist/workerd/msal/utils.d.ts.map +1 -0
- package/dist/workerd/msal/utils.js +238 -0
- package/dist/workerd/msal/utils.js.map +1 -0
- package/dist/workerd/package.json +3 -0
- package/dist/workerd/plugins/consumer.d.ts +28 -0
- package/dist/workerd/plugins/consumer.d.ts.map +1 -0
- package/dist/workerd/plugins/consumer.js +43 -0
- package/dist/workerd/plugins/consumer.js.map +1 -0
- package/dist/workerd/plugins/provider.d.ts +36 -0
- package/dist/workerd/plugins/provider.d.ts.map +1 -0
- package/dist/workerd/plugins/provider.js +4 -0
- package/dist/workerd/plugins/provider.js.map +1 -0
- package/dist/workerd/regionalAuthority.d.ts +122 -0
- package/dist/workerd/regionalAuthority.d.ts.map +1 -0
- package/dist/workerd/regionalAuthority.js +140 -0
- package/dist/workerd/regionalAuthority.js.map +1 -0
- package/dist/workerd/tokenCredentialOptions.d.ts +28 -0
- package/dist/workerd/tokenCredentialOptions.d.ts.map +1 -0
- package/dist/workerd/tokenCredentialOptions.js +4 -0
- package/dist/workerd/tokenCredentialOptions.js.map +1 -0
- package/dist/workerd/tokenProvider.d.ts +39 -0
- package/dist/workerd/tokenProvider.d.ts.map +1 -0
- package/dist/workerd/tokenProvider.js +53 -0
- package/dist/workerd/tokenProvider.js.map +1 -0
- package/dist/workerd/util/authHostEnv-browser.d.mts +4 -0
- package/dist/workerd/util/authHostEnv-browser.d.mts.map +1 -0
- package/dist/workerd/util/authHostEnv-browser.mjs +7 -0
- package/dist/workerd/util/authHostEnv-browser.mjs.map +1 -0
- package/dist/workerd/util/identityTokenEndpoint.d.ts +2 -0
- package/dist/workerd/util/identityTokenEndpoint.d.ts.map +1 -0
- package/dist/workerd/util/identityTokenEndpoint.js +11 -0
- package/dist/workerd/util/identityTokenEndpoint.js.map +1 -0
- package/dist/workerd/util/logging.d.ts +70 -0
- package/dist/workerd/util/logging.d.ts.map +1 -0
- package/dist/workerd/util/logging.js +94 -0
- package/dist/workerd/util/logging.js.map +1 -0
- package/dist/workerd/util/processMultiTenantRequest.d.ts +10 -0
- package/dist/workerd/util/processMultiTenantRequest.d.ts.map +1 -0
- package/dist/workerd/util/processMultiTenantRequest.js +35 -0
- package/dist/workerd/util/processMultiTenantRequest.js.map +1 -0
- package/dist/workerd/util/processUtils.d.ts +13 -0
- package/dist/workerd/util/processUtils.d.ts.map +1 -0
- package/dist/workerd/util/processUtils.js +32 -0
- package/dist/workerd/util/processUtils.js.map +1 -0
- package/dist/workerd/util/scopeUtils.d.ts +17 -0
- package/dist/workerd/util/scopeUtils.d.ts.map +1 -0
- package/dist/workerd/util/scopeUtils.js +29 -0
- package/dist/workerd/util/scopeUtils.js.map +1 -0
- package/dist/workerd/util/subscriptionUtils.d.ts +6 -0
- package/dist/workerd/util/subscriptionUtils.d.ts.map +1 -0
- package/dist/workerd/util/subscriptionUtils.js +14 -0
- package/dist/workerd/util/subscriptionUtils.js.map +1 -0
- package/dist/workerd/util/tenantIdUtils.d.ts +15 -0
- package/dist/workerd/util/tenantIdUtils.d.ts.map +1 -0
- package/dist/workerd/util/tenantIdUtils.js +44 -0
- package/dist/workerd/util/tenantIdUtils.js.map +1 -0
- package/dist/workerd/util/tracing.d.ts +6 -0
- package/dist/workerd/util/tracing.d.ts.map +1 -0
- package/dist/workerd/util/tracing.js +14 -0
- package/dist/workerd/util/tracing.js.map +1 -0
- package/package.json +9 -3
@@ -0,0 +1,16 @@
|
|
1
|
+
/**
|
2
|
+
* Provides options to configure how the Identity library
|
3
|
+
* does authority validation during authentication requests
|
4
|
+
* to Microsoft Entra ID.
|
5
|
+
*/
|
6
|
+
export interface AuthorityValidationOptions {
|
7
|
+
/**
|
8
|
+
* The field determines whether instance discovery is performed when attempting to authenticate.
|
9
|
+
* Setting this to `true` will completely disable both instance discovery and authority validation.
|
10
|
+
* As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.
|
11
|
+
* This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.
|
12
|
+
* The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.
|
13
|
+
*/
|
14
|
+
disableInstanceDiscovery?: boolean;
|
15
|
+
}
|
16
|
+
//# sourceMappingURL=authorityValidationOptions.d.ts.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"authorityValidationOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorityValidationOptions.ts"],"names":[],"mappings":"AAGA;;;;GAIG;AACH,MAAM,WAAW,0BAA0B;IACzC;;;;;;OAMG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;CACpC"}
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"authorityValidationOptions.js","sourceRoot":"","sources":["../../../src/credentials/authorityValidationOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Provides options to configure how the Identity library\n * does authority validation during authentication requests\n * to Microsoft Entra ID.\n */\nexport interface AuthorityValidationOptions {\n /**\n * The field determines whether instance discovery is performed when attempting to authenticate.\n * Setting this to `true` will completely disable both instance discovery and authority validation.\n * As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.\n * This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.\n * The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.\n */\n disableInstanceDiscovery?: boolean;\n}\n"]}
|
@@ -0,0 +1,73 @@
|
|
1
|
+
import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
|
2
|
+
import type { AuthorizationCodeCredentialOptions } from "./authorizationCodeCredentialOptions.js";
|
3
|
+
/**
|
4
|
+
* Enables authentication to Microsoft Entra ID using an authorization code
|
5
|
+
* that was obtained through the authorization code flow, described in more detail
|
6
|
+
* in the Microsoft Entra ID documentation:
|
7
|
+
*
|
8
|
+
* https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow
|
9
|
+
*/
|
10
|
+
export declare class AuthorizationCodeCredential implements TokenCredential {
|
11
|
+
private msalClient;
|
12
|
+
private disableAutomaticAuthentication?;
|
13
|
+
private authorizationCode;
|
14
|
+
private redirectUri;
|
15
|
+
private tenantId?;
|
16
|
+
private additionallyAllowedTenantIds;
|
17
|
+
private clientSecret?;
|
18
|
+
/**
|
19
|
+
* Creates an instance of AuthorizationCodeCredential with the details needed
|
20
|
+
* to request an access token using an authentication that was obtained
|
21
|
+
* from Microsoft Entra ID.
|
22
|
+
*
|
23
|
+
* It is currently necessary for the user of this credential to initiate
|
24
|
+
* the authorization code flow to obtain an authorization code to be used
|
25
|
+
* with this credential. A full example of this flow is provided here:
|
26
|
+
*
|
27
|
+
* https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts
|
28
|
+
*
|
29
|
+
* @param tenantId - The Microsoft Entra tenant (directory) ID or name.
|
30
|
+
* 'common' may be used when dealing with multi-tenant scenarios.
|
31
|
+
* @param clientId - The client (application) ID of an App Registration in the tenant.
|
32
|
+
* @param clientSecret - A client secret that was generated for the App Registration
|
33
|
+
* @param authorizationCode - An authorization code that was received from following the
|
34
|
+
authorization code flow. This authorization code must not
|
35
|
+
have already been used to obtain an access token.
|
36
|
+
* @param redirectUri - The redirect URI that was used to request the authorization code.
|
37
|
+
Must be the same URI that is configured for the App Registration.
|
38
|
+
* @param options - Options for configuring the client which makes the access token request.
|
39
|
+
*/
|
40
|
+
constructor(tenantId: string | "common", clientId: string, clientSecret: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
|
41
|
+
/**
|
42
|
+
* Creates an instance of AuthorizationCodeCredential with the details needed
|
43
|
+
* to request an access token using an authentication that was obtained
|
44
|
+
* from Microsoft Entra ID.
|
45
|
+
*
|
46
|
+
* It is currently necessary for the user of this credential to initiate
|
47
|
+
* the authorization code flow to obtain an authorization code to be used
|
48
|
+
* with this credential. A full example of this flow is provided here:
|
49
|
+
*
|
50
|
+
* https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts
|
51
|
+
*
|
52
|
+
* @param tenantId - The Microsoft Entra tenant (directory) ID or name.
|
53
|
+
* 'common' may be used when dealing with multi-tenant scenarios.
|
54
|
+
* @param clientId - The client (application) ID of an App Registration in the tenant.
|
55
|
+
* @param authorizationCode - An authorization code that was received from following the
|
56
|
+
authorization code flow. This authorization code must not
|
57
|
+
have already been used to obtain an access token.
|
58
|
+
* @param redirectUri - The redirect URI that was used to request the authorization code.
|
59
|
+
Must be the same URI that is configured for the App Registration.
|
60
|
+
* @param options - Options for configuring the client which makes the access token request.
|
61
|
+
*/
|
62
|
+
constructor(tenantId: string | "common", clientId: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
|
63
|
+
/**
|
64
|
+
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
65
|
+
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
66
|
+
*
|
67
|
+
* @param scopes - The list of scopes for which the token will have access.
|
68
|
+
* @param options - The options used to configure any requests this
|
69
|
+
* TokenCredential implementation might make.
|
70
|
+
*/
|
71
|
+
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
72
|
+
}
|
73
|
+
//# sourceMappingURL=authorizationCodeCredential.d.ts.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"authorizationCodeCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAKtF,OAAO,KAAK,EAAE,kCAAkC,EAAE,MAAM,yCAAyC,CAAC;AAUlG;;;;;;GAMG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,8BAA8B,CAAC,CAAU;IACjD,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,YAAY,CAAC,CAAS;IAE9B;;;;;;;;;;;;;;;;;;;;;OAqBG;gBAED,QAAQ,EAAE,MAAM,GAAG,QAAQ,EAC3B,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,iBAAiB,EAAE,MAAM,EACzB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,kCAAkC;IAE9C;;;;;;;;;;;;;;;;;;;;OAoBG;gBAED,QAAQ,EAAE,MAAM,GAAG,QAAQ,EAC3B,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EACzB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,kCAAkC;IA2C9C;;;;;;;OAOG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;CA0B/F"}
|
@@ -0,0 +1,60 @@
|
|
1
|
+
// Copyright (c) Microsoft Corporation.
|
2
|
+
// Licensed under the MIT License.
|
3
|
+
import { processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, } from "../util/tenantIdUtils.js";
|
4
|
+
import { checkTenantId } from "../util/tenantIdUtils.js";
|
5
|
+
import { credentialLogger } from "../util/logging.js";
|
6
|
+
import { ensureScopes } from "../util/scopeUtils.js";
|
7
|
+
import { tracingClient } from "../util/tracing.js";
|
8
|
+
import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
|
9
|
+
const logger = credentialLogger("AuthorizationCodeCredential");
|
10
|
+
/**
|
11
|
+
* Enables authentication to Microsoft Entra ID using an authorization code
|
12
|
+
* that was obtained through the authorization code flow, described in more detail
|
13
|
+
* in the Microsoft Entra ID documentation:
|
14
|
+
*
|
15
|
+
* https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow
|
16
|
+
*/
|
17
|
+
export class AuthorizationCodeCredential {
|
18
|
+
/**
|
19
|
+
* @hidden
|
20
|
+
* @internal
|
21
|
+
*/
|
22
|
+
constructor(tenantId, clientId, clientSecretOrAuthorizationCode, authorizationCodeOrRedirectUri, redirectUriOrOptions, options) {
|
23
|
+
checkTenantId(logger, tenantId);
|
24
|
+
this.clientSecret = clientSecretOrAuthorizationCode;
|
25
|
+
if (typeof redirectUriOrOptions === "string") {
|
26
|
+
// the clientId+clientSecret constructor
|
27
|
+
this.authorizationCode = authorizationCodeOrRedirectUri;
|
28
|
+
this.redirectUri = redirectUriOrOptions;
|
29
|
+
// in this case, options are good as they come
|
30
|
+
}
|
31
|
+
else {
|
32
|
+
// clientId only
|
33
|
+
this.authorizationCode = clientSecretOrAuthorizationCode;
|
34
|
+
this.redirectUri = authorizationCodeOrRedirectUri;
|
35
|
+
this.clientSecret = undefined;
|
36
|
+
options = redirectUriOrOptions;
|
37
|
+
}
|
38
|
+
// TODO: Validate tenant if provided
|
39
|
+
this.tenantId = tenantId;
|
40
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
41
|
+
this.msalClient = createMsalClient(clientId, tenantId, Object.assign(Object.assign({}, options), { logger, tokenCredentialOptions: options !== null && options !== void 0 ? options : {} }));
|
42
|
+
}
|
43
|
+
/**
|
44
|
+
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
45
|
+
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
46
|
+
*
|
47
|
+
* @param scopes - The list of scopes for which the token will have access.
|
48
|
+
* @param options - The options used to configure any requests this
|
49
|
+
* TokenCredential implementation might make.
|
50
|
+
*/
|
51
|
+
async getToken(scopes, options = {}) {
|
52
|
+
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
|
53
|
+
const tenantId = processMultiTenantRequest(this.tenantId, newOptions, this.additionallyAllowedTenantIds);
|
54
|
+
newOptions.tenantId = tenantId;
|
55
|
+
const arrayScopes = ensureScopes(scopes);
|
56
|
+
return this.msalClient.getTokenByAuthorizationCode(arrayScopes, this.redirectUri, this.authorizationCode, this.clientSecret, Object.assign(Object.assign({}, newOptions), { disableAutomaticAuthentication: this.disableAutomaticAuthentication }));
|
57
|
+
});
|
58
|
+
}
|
59
|
+
}
|
60
|
+
//# sourceMappingURL=authorizationCodeCredential.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"authorizationCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AAEnE,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;GAMG;AACH,MAAM,OAAO,2BAA2B;IAmEtC;;;OAGG;IACH,YACE,QAA2B,EAC3B,QAAgB,EAChB,+BAAuC,EACvC,8BAAsC,EACtC,oBAA6E,EAC7E,OAA4C;QAE5C,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChC,IAAI,CAAC,YAAY,GAAG,+BAA+B,CAAC;QAEpD,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE,CAAC;YAC7C,wCAAwC;YACxC,IAAI,CAAC,iBAAiB,GAAG,8BAA8B,CAAC;YACxD,IAAI,CAAC,WAAW,GAAG,oBAAoB,CAAC;YACxC,8CAA8C;QAChD,CAAC;aAAM,CAAC;YACN,gBAAgB;YAChB,IAAI,CAAC,iBAAiB,GAAG,+BAA+B,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,8BAAwC,CAAC;YAC5D,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;YAC9B,OAAO,GAAG,oBAA0D,CAAC;QACvE,CAAC;QAED,oCAAoC;QACpC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,kCAChD,OAAO,KACV,MAAM,EACN,sBAAsB,EAAE,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,IACrC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE/B,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,UAAU,CAAC,2BAA2B,CAChD,WAAW,EACX,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,iBAAiB,EACtB,IAAI,CAAC,YAAY,kCAEZ,UAAU,KACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IAEtE,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport type { AuthorizationCodeCredentialOptions } from \"./authorizationCodeCredentialOptions.js\";\nimport { checkTenantId } from \"../util/tenantIdUtils.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\n\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID using an authorization code\n * that was obtained through the authorization code flow, described in more detail\n * in the Microsoft Entra ID documentation:\n *\n * https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow\n */\nexport class AuthorizationCodeCredential implements TokenCredential {\n private msalClient: MsalClient;\n private disableAutomaticAuthentication?: boolean;\n private authorizationCode: string;\n private redirectUri: string;\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private clientSecret?: string;\n\n /**\n * Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Microsoft Entra ID.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Microsoft Entra tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n /**\n * Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Microsoft Entra ID.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Microsoft Entra tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n /**\n * @hidden\n * @internal\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecretOrAuthorizationCode: string,\n authorizationCodeOrRedirectUri: string,\n redirectUriOrOptions: string | AuthorizationCodeCredentialOptions | undefined,\n options?: AuthorizationCodeCredentialOptions,\n ) {\n checkTenantId(logger, tenantId);\n this.clientSecret = clientSecretOrAuthorizationCode;\n\n if (typeof redirectUriOrOptions === \"string\") {\n // the clientId+clientSecret constructor\n this.authorizationCode = authorizationCodeOrRedirectUri;\n this.redirectUri = redirectUriOrOptions;\n // in this case, options are good as they come\n } else {\n // clientId only\n this.authorizationCode = clientSecretOrAuthorizationCode;\n this.redirectUri = authorizationCodeOrRedirectUri as string;\n this.clientSecret = undefined;\n options = redirectUriOrOptions as AuthorizationCodeCredentialOptions;\n }\n\n // TODO: Validate tenant if provided\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n this.msalClient = createMsalClient(clientId, tenantId, {\n ...options,\n logger,\n tokenCredentialOptions: options ?? {},\n });\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n );\n newOptions.tenantId = tenantId;\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalClient.getTokenByAuthorizationCode(\n arrayScopes,\n this.redirectUri,\n this.authorizationCode,\n this.clientSecret,\n {\n ...newOptions,\n disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n },\n );\n },\n );\n }\n}\n"]}
|
@@ -0,0 +1,8 @@
|
|
1
|
+
import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
|
2
|
+
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
|
3
|
+
/**
|
4
|
+
* Options for the {@link AuthorizationCodeCredential}
|
5
|
+
*/
|
6
|
+
export interface AuthorizationCodeCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
|
7
|
+
}
|
8
|
+
//# sourceMappingURL=authorizationCodeCredentialOptions.d.ts.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"authorizationCodeCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,kCACf,SAAQ,iCAAiC,EACvC,0BAA0B;CAAG"}
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"authorizationCodeCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link AuthorizationCodeCredential}\n */\nexport interface AuthorizationCodeCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n AuthorityValidationOptions {}\n"]}
|
@@ -0,0 +1,24 @@
|
|
1
|
+
import type { AzureApplicationCredentialOptions } from "./azureApplicationCredentialOptions.js";
|
2
|
+
import { ChainedTokenCredential } from "./chainedTokenCredential.js";
|
3
|
+
/**
|
4
|
+
* Provides a default {@link ChainedTokenCredential} configuration that should
|
5
|
+
* work for most applications that use the Azure SDK.
|
6
|
+
*/
|
7
|
+
export declare class AzureApplicationCredential extends ChainedTokenCredential {
|
8
|
+
/**
|
9
|
+
* Creates an instance of the AzureApplicationCredential class.
|
10
|
+
*
|
11
|
+
* The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration that should
|
12
|
+
* work for most applications deployed on Azure. The following credential types will be tried, in order:
|
13
|
+
*
|
14
|
+
* - {@link EnvironmentCredential}
|
15
|
+
* - {@link ManagedIdentityCredential}
|
16
|
+
*
|
17
|
+
* Consult the documentation of these credential types for more information
|
18
|
+
* on how they attempt authentication.
|
19
|
+
*
|
20
|
+
* @param options - Optional parameters. See {@link AzureApplicationCredentialOptions}.
|
21
|
+
*/
|
22
|
+
constructor(options?: AzureApplicationCredentialOptions);
|
23
|
+
}
|
24
|
+
//# sourceMappingURL=azureApplicationCredential.d.ts.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"azureApplicationCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredential.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAChG,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE;;;GAGG;AACH,qBAAa,0BAA2B,SAAQ,sBAAsB;IACpE;;;;;;;;;;;;;OAaG;gBACS,OAAO,CAAC,EAAE,iCAAiC;CAOxD"}
|
@@ -0,0 +1,32 @@
|
|
1
|
+
// Copyright (c) Microsoft Corporation.
|
2
|
+
// Licensed under the MIT License.
|
3
|
+
import { createDefaultManagedIdentityCredential, createEnvironmentCredential, } from "./defaultAzureCredential.js";
|
4
|
+
import { ChainedTokenCredential } from "./chainedTokenCredential.js";
|
5
|
+
/**
|
6
|
+
* Provides a default {@link ChainedTokenCredential} configuration that should
|
7
|
+
* work for most applications that use the Azure SDK.
|
8
|
+
*/
|
9
|
+
export class AzureApplicationCredential extends ChainedTokenCredential {
|
10
|
+
/**
|
11
|
+
* Creates an instance of the AzureApplicationCredential class.
|
12
|
+
*
|
13
|
+
* The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration that should
|
14
|
+
* work for most applications deployed on Azure. The following credential types will be tried, in order:
|
15
|
+
*
|
16
|
+
* - {@link EnvironmentCredential}
|
17
|
+
* - {@link ManagedIdentityCredential}
|
18
|
+
*
|
19
|
+
* Consult the documentation of these credential types for more information
|
20
|
+
* on how they attempt authentication.
|
21
|
+
*
|
22
|
+
* @param options - Optional parameters. See {@link AzureApplicationCredentialOptions}.
|
23
|
+
*/
|
24
|
+
constructor(options) {
|
25
|
+
const credentialFunctions = [
|
26
|
+
createEnvironmentCredential,
|
27
|
+
createDefaultManagedIdentityCredential,
|
28
|
+
];
|
29
|
+
super(...credentialFunctions.map((createCredentialFn) => createCredentialFn(options)));
|
30
|
+
}
|
31
|
+
}
|
32
|
+
//# sourceMappingURL=azureApplicationCredential.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"azureApplicationCredential.js","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EACL,sCAAsC,EACtC,2BAA2B,GAC5B,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE;;;GAGG;AACH,MAAM,OAAO,0BAA2B,SAAQ,sBAAsB;IACpE;;;;;;;;;;;;;OAaG;IACH,YAAY,OAA2C;QACrD,MAAM,mBAAmB,GAAG;YAC1B,2BAA2B;YAC3B,sCAAsC;SACvC,CAAC;QACF,KAAK,CAAC,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IACzF,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport {\n createDefaultManagedIdentityCredential,\n createEnvironmentCredential,\n} from \"./defaultAzureCredential.js\";\n\nimport type { AzureApplicationCredentialOptions } from \"./azureApplicationCredentialOptions.js\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential.js\";\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications that use the Azure SDK.\n */\nexport class AzureApplicationCredential extends ChainedTokenCredential {\n /**\n * Creates an instance of the AzureApplicationCredential class.\n *\n * The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications deployed on Azure. The following credential types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link ManagedIdentityCredential}\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n *\n * @param options - Optional parameters. See {@link AzureApplicationCredentialOptions}.\n */\n constructor(options?: AzureApplicationCredentialOptions) {\n const credentialFunctions = [\n createEnvironmentCredential,\n createDefaultManagedIdentityCredential,\n ];\n super(...credentialFunctions.map((createCredentialFn) => createCredentialFn(options)));\n }\n}\n"]}
|
@@ -0,0 +1,13 @@
|
|
1
|
+
import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
|
2
|
+
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
|
3
|
+
/**
|
4
|
+
* Provides options to configure the {@link AzureApplicationCredential} class.
|
5
|
+
*/
|
6
|
+
export interface AzureApplicationCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions {
|
7
|
+
/**
|
8
|
+
* Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.
|
9
|
+
* This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.
|
10
|
+
*/
|
11
|
+
managedIdentityClientId?: string;
|
12
|
+
}
|
13
|
+
//# sourceMappingURL=azureApplicationCredentialOptions.d.ts.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"azureApplicationCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,iCACf,SAAQ,iCAAiC,EACvC,4BAA4B;IAC9B;;;OAGG;IACH,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC"}
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"azureApplicationCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Provides options to configure the {@link AzureApplicationCredential} class.\n */\nexport interface AzureApplicationCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions {\n /**\n * Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.\n * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.\n */\n managedIdentityClientId?: string;\n}\n"]}
|
@@ -0,0 +1,64 @@
|
|
1
|
+
import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
|
2
|
+
import type { AzureCliCredentialOptions } from "./azureCliCredentialOptions.js";
|
3
|
+
/**
|
4
|
+
* Mockable reference to the CLI credential cliCredentialFunctions
|
5
|
+
* @internal
|
6
|
+
*/
|
7
|
+
export declare const cliCredentialInternals: {
|
8
|
+
/**
|
9
|
+
* @internal
|
10
|
+
*/
|
11
|
+
getSafeWorkingDir(): string;
|
12
|
+
/**
|
13
|
+
* Gets the access token from Azure CLI
|
14
|
+
* @param resource - The resource to use when getting the token
|
15
|
+
* @internal
|
16
|
+
*/
|
17
|
+
getAzureCliAccessToken(resource: string, tenantId?: string, subscription?: string, timeout?: number): Promise<{
|
18
|
+
stdout: string;
|
19
|
+
stderr: string;
|
20
|
+
error: Error | null;
|
21
|
+
}>;
|
22
|
+
};
|
23
|
+
/**
|
24
|
+
* This credential will use the currently logged-in user login information
|
25
|
+
* via the Azure CLI ('az') commandline tool.
|
26
|
+
* To do so, it will read the user access token and expire time
|
27
|
+
* with Azure CLI command "az account get-access-token".
|
28
|
+
*/
|
29
|
+
export declare class AzureCliCredential implements TokenCredential {
|
30
|
+
private tenantId?;
|
31
|
+
private additionallyAllowedTenantIds;
|
32
|
+
private timeout?;
|
33
|
+
private subscription?;
|
34
|
+
/**
|
35
|
+
* Creates an instance of the {@link AzureCliCredential}.
|
36
|
+
*
|
37
|
+
* To use this credential, ensure that you have already logged
|
38
|
+
* in via the 'az' tool using the command "az login" from the commandline.
|
39
|
+
*
|
40
|
+
* @param options - Options, to optionally allow multi-tenant requests.
|
41
|
+
*/
|
42
|
+
constructor(options?: AzureCliCredentialOptions);
|
43
|
+
/**
|
44
|
+
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
45
|
+
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
46
|
+
*
|
47
|
+
* @param scopes - The list of scopes for which the token will have access.
|
48
|
+
* @param options - The options used to configure any requests this
|
49
|
+
* TokenCredential implementation might make.
|
50
|
+
*/
|
51
|
+
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
52
|
+
/**
|
53
|
+
* Parses the raw JSON response from the Azure CLI into a usable AccessToken object
|
54
|
+
*
|
55
|
+
* @param rawResponse - The raw JSON response from the Azure CLI
|
56
|
+
* @returns An access token with the expiry time parsed from the raw response
|
57
|
+
*
|
58
|
+
* The expiryTime of the credential's access token, in milliseconds, is calculated as follows:
|
59
|
+
*
|
60
|
+
* When available, expires_on (introduced in Azure CLI v2.54.0) will be preferred. Otherwise falls back to expiresOn.
|
61
|
+
*/
|
62
|
+
private parseRawResponse;
|
63
|
+
}
|
64
|
+
//# sourceMappingURL=azureCliCredential.d.ts.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"azureCliCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureCliCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAStF,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAQhF;;;GAGG;AACH,eAAO,MAAM,sBAAsB;IACjC;;OAEG;yBACkB,MAAM;IAgB3B;;;;OAIG;qCAES,MAAM,aACL,MAAM,iBACF,MAAM,YACX,MAAM,GACf,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;KAAE,CAAC;CAkCpE,CAAC;AAEF;;;;;GAKG;AACH,qBAAa,kBAAmB,YAAW,eAAe;IACxD,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,OAAO,CAAC,CAAS;IACzB,OAAO,CAAC,YAAY,CAAC,CAAS;IAE9B;;;;;;;OAOG;gBACS,OAAO,CAAC,EAAE,yBAAyB;IAe/C;;;;;;;OAOG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,WAAW,CAAC;IAoEvB;;;;;;;;;OASG;IACH,OAAO,CAAC,gBAAgB;CA+BzB"}
|
@@ -0,0 +1,191 @@
|
|
1
|
+
// Copyright (c) Microsoft Corporation.
|
2
|
+
// Licensed under the MIT License.
|
3
|
+
import { checkTenantId, processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, } from "../util/tenantIdUtils.js";
|
4
|
+
import { credentialLogger, formatError, formatSuccess } from "../util/logging.js";
|
5
|
+
import { ensureValidScopeForDevTimeCreds, getScopeResource } from "../util/scopeUtils.js";
|
6
|
+
import { CredentialUnavailableError } from "../errors.js";
|
7
|
+
import child_process from "child_process";
|
8
|
+
import { tracingClient } from "../util/tracing.js";
|
9
|
+
import { checkSubscription } from "../util/subscriptionUtils.js";
|
10
|
+
const logger = credentialLogger("AzureCliCredential");
|
11
|
+
/**
|
12
|
+
* Mockable reference to the CLI credential cliCredentialFunctions
|
13
|
+
* @internal
|
14
|
+
*/
|
15
|
+
export const cliCredentialInternals = {
|
16
|
+
/**
|
17
|
+
* @internal
|
18
|
+
*/
|
19
|
+
getSafeWorkingDir() {
|
20
|
+
if (process.platform === "win32") {
|
21
|
+
let systemRoot = process.env.SystemRoot || process.env["SYSTEMROOT"];
|
22
|
+
if (!systemRoot) {
|
23
|
+
logger.getToken.warning("The SystemRoot environment variable is not set. This may cause issues when using the Azure CLI credential.");
|
24
|
+
systemRoot = "C:\\Windows";
|
25
|
+
}
|
26
|
+
return systemRoot;
|
27
|
+
}
|
28
|
+
else {
|
29
|
+
return "/bin";
|
30
|
+
}
|
31
|
+
},
|
32
|
+
/**
|
33
|
+
* Gets the access token from Azure CLI
|
34
|
+
* @param resource - The resource to use when getting the token
|
35
|
+
* @internal
|
36
|
+
*/
|
37
|
+
async getAzureCliAccessToken(resource, tenantId, subscription, timeout) {
|
38
|
+
let tenantSection = [];
|
39
|
+
let subscriptionSection = [];
|
40
|
+
if (tenantId) {
|
41
|
+
tenantSection = ["--tenant", tenantId];
|
42
|
+
}
|
43
|
+
if (subscription) {
|
44
|
+
// Add quotes around the subscription to handle subscriptions with spaces
|
45
|
+
subscriptionSection = ["--subscription", `"${subscription}"`];
|
46
|
+
}
|
47
|
+
return new Promise((resolve, reject) => {
|
48
|
+
try {
|
49
|
+
child_process.execFile("az", [
|
50
|
+
"account",
|
51
|
+
"get-access-token",
|
52
|
+
"--output",
|
53
|
+
"json",
|
54
|
+
"--resource",
|
55
|
+
resource,
|
56
|
+
...tenantSection,
|
57
|
+
...subscriptionSection,
|
58
|
+
], { cwd: cliCredentialInternals.getSafeWorkingDir(), shell: true, timeout }, (error, stdout, stderr) => {
|
59
|
+
resolve({ stdout: stdout, stderr: stderr, error });
|
60
|
+
});
|
61
|
+
}
|
62
|
+
catch (err) {
|
63
|
+
reject(err);
|
64
|
+
}
|
65
|
+
});
|
66
|
+
},
|
67
|
+
};
|
68
|
+
/**
|
69
|
+
* This credential will use the currently logged-in user login information
|
70
|
+
* via the Azure CLI ('az') commandline tool.
|
71
|
+
* To do so, it will read the user access token and expire time
|
72
|
+
* with Azure CLI command "az account get-access-token".
|
73
|
+
*/
|
74
|
+
export class AzureCliCredential {
|
75
|
+
/**
|
76
|
+
* Creates an instance of the {@link AzureCliCredential}.
|
77
|
+
*
|
78
|
+
* To use this credential, ensure that you have already logged
|
79
|
+
* in via the 'az' tool using the command "az login" from the commandline.
|
80
|
+
*
|
81
|
+
* @param options - Options, to optionally allow multi-tenant requests.
|
82
|
+
*/
|
83
|
+
constructor(options) {
|
84
|
+
if (options === null || options === void 0 ? void 0 : options.tenantId) {
|
85
|
+
checkTenantId(logger, options === null || options === void 0 ? void 0 : options.tenantId);
|
86
|
+
this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
|
87
|
+
}
|
88
|
+
if (options === null || options === void 0 ? void 0 : options.subscription) {
|
89
|
+
checkSubscription(logger, options === null || options === void 0 ? void 0 : options.subscription);
|
90
|
+
this.subscription = options === null || options === void 0 ? void 0 : options.subscription;
|
91
|
+
}
|
92
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
93
|
+
this.timeout = options === null || options === void 0 ? void 0 : options.processTimeoutInMs;
|
94
|
+
}
|
95
|
+
/**
|
96
|
+
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
97
|
+
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
98
|
+
*
|
99
|
+
* @param scopes - The list of scopes for which the token will have access.
|
100
|
+
* @param options - The options used to configure any requests this
|
101
|
+
* TokenCredential implementation might make.
|
102
|
+
*/
|
103
|
+
async getToken(scopes, options = {}) {
|
104
|
+
const tenantId = processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds);
|
105
|
+
if (tenantId) {
|
106
|
+
checkTenantId(logger, tenantId);
|
107
|
+
}
|
108
|
+
if (this.subscription) {
|
109
|
+
checkSubscription(logger, this.subscription);
|
110
|
+
}
|
111
|
+
const scope = typeof scopes === "string" ? scopes : scopes[0];
|
112
|
+
logger.getToken.info(`Using the scope ${scope}`);
|
113
|
+
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
|
114
|
+
var _a, _b, _c, _d;
|
115
|
+
try {
|
116
|
+
ensureValidScopeForDevTimeCreds(scope, logger);
|
117
|
+
const resource = getScopeResource(scope);
|
118
|
+
const obj = await cliCredentialInternals.getAzureCliAccessToken(resource, tenantId, this.subscription, this.timeout);
|
119
|
+
const specificScope = (_a = obj.stderr) === null || _a === void 0 ? void 0 : _a.match("(.*)az login --scope(.*)");
|
120
|
+
const isLoginError = ((_b = obj.stderr) === null || _b === void 0 ? void 0 : _b.match("(.*)az login(.*)")) && !specificScope;
|
121
|
+
const isNotInstallError = ((_c = obj.stderr) === null || _c === void 0 ? void 0 : _c.match("az:(.*)not found")) || ((_d = obj.stderr) === null || _d === void 0 ? void 0 : _d.startsWith("'az' is not recognized"));
|
122
|
+
if (isNotInstallError) {
|
123
|
+
const error = new CredentialUnavailableError("Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.");
|
124
|
+
logger.getToken.info(formatError(scopes, error));
|
125
|
+
throw error;
|
126
|
+
}
|
127
|
+
if (isLoginError) {
|
128
|
+
const error = new CredentialUnavailableError("Please run 'az login' from a command prompt to authenticate before using this credential.");
|
129
|
+
logger.getToken.info(formatError(scopes, error));
|
130
|
+
throw error;
|
131
|
+
}
|
132
|
+
try {
|
133
|
+
const responseData = obj.stdout;
|
134
|
+
const response = this.parseRawResponse(responseData);
|
135
|
+
logger.getToken.info(formatSuccess(scopes));
|
136
|
+
return response;
|
137
|
+
}
|
138
|
+
catch (e) {
|
139
|
+
if (obj.stderr) {
|
140
|
+
throw new CredentialUnavailableError(obj.stderr);
|
141
|
+
}
|
142
|
+
throw e;
|
143
|
+
}
|
144
|
+
}
|
145
|
+
catch (err) {
|
146
|
+
const error = err.name === "CredentialUnavailableError"
|
147
|
+
? err
|
148
|
+
: new CredentialUnavailableError(err.message || "Unknown error while trying to retrieve the access token");
|
149
|
+
logger.getToken.info(formatError(scopes, error));
|
150
|
+
throw error;
|
151
|
+
}
|
152
|
+
});
|
153
|
+
}
|
154
|
+
/**
|
155
|
+
* Parses the raw JSON response from the Azure CLI into a usable AccessToken object
|
156
|
+
*
|
157
|
+
* @param rawResponse - The raw JSON response from the Azure CLI
|
158
|
+
* @returns An access token with the expiry time parsed from the raw response
|
159
|
+
*
|
160
|
+
* The expiryTime of the credential's access token, in milliseconds, is calculated as follows:
|
161
|
+
*
|
162
|
+
* When available, expires_on (introduced in Azure CLI v2.54.0) will be preferred. Otherwise falls back to expiresOn.
|
163
|
+
*/
|
164
|
+
parseRawResponse(rawResponse) {
|
165
|
+
const response = JSON.parse(rawResponse);
|
166
|
+
const token = response.accessToken;
|
167
|
+
// if available, expires_on will be a number representing seconds since epoch.
|
168
|
+
// ensure it's a number or NaN
|
169
|
+
let expiresOnTimestamp = Number.parseInt(response.expires_on, 10) * 1000;
|
170
|
+
if (!isNaN(expiresOnTimestamp)) {
|
171
|
+
logger.getToken.info("expires_on is available and is valid, using it");
|
172
|
+
return {
|
173
|
+
token,
|
174
|
+
expiresOnTimestamp,
|
175
|
+
tokenType: "Bearer",
|
176
|
+
};
|
177
|
+
}
|
178
|
+
// fallback to the older expiresOn - an RFC3339 date string
|
179
|
+
expiresOnTimestamp = new Date(response.expiresOn).getTime();
|
180
|
+
// ensure expiresOn is well-formatted
|
181
|
+
if (isNaN(expiresOnTimestamp)) {
|
182
|
+
throw new CredentialUnavailableError(`Unexpected response from Azure CLI when getting token. Expected "expiresOn" to be a RFC3339 date string. Got: "${response.expiresOn}"`);
|
183
|
+
}
|
184
|
+
return {
|
185
|
+
token,
|
186
|
+
expiresOnTimestamp,
|
187
|
+
tokenType: "Bearer",
|
188
|
+
};
|
189
|
+
}
|
190
|
+
}
|
191
|
+
//# sourceMappingURL=azureCliCredential.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"azureCliCredential.js","sourceRoot":"","sources":["../../../src/credentials/azureCliCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAClF,OAAO,EAAE,+BAA+B,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAG1F,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAC1D,OAAO,aAAa,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AAEjE,MAAM,MAAM,GAAG,gBAAgB,CAAC,oBAAoB,CAAC,CAAC;AAEtD;;;GAGG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC;;OAEG;IACH,iBAAiB;QACf,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,IAAI,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YACrE,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,CAAC,QAAQ,CAAC,OAAO,CACrB,4GAA4G,CAC7G,CAAC;gBAEF,UAAU,GAAG,aAAa,CAAC;YAC7B,CAAC;YACD,OAAO,UAAU,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,sBAAsB,CAC1B,QAAgB,EAChB,QAAiB,EACjB,YAAqB,EACrB,OAAgB;QAEhB,IAAI,aAAa,GAAa,EAAE,CAAC;QACjC,IAAI,mBAAmB,GAAa,EAAE,CAAC;QACvC,IAAI,QAAQ,EAAE,CAAC;YACb,aAAa,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QACzC,CAAC;QACD,IAAI,YAAY,EAAE,CAAC;YACjB,yEAAyE;YACzE,mBAAmB,GAAG,CAAC,gBAAgB,EAAE,IAAI,YAAY,GAAG,CAAC,CAAC;QAChE,CAAC;QACD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC;gBACH,aAAa,CAAC,QAAQ,CACpB,IAAI,EACJ;oBACE,SAAS;oBACT,kBAAkB;oBAClB,UAAU;oBACV,MAAM;oBACN,YAAY;oBACZ,QAAQ;oBACR,GAAG,aAAa;oBAChB,GAAG,mBAAmB;iBACvB,EACD,EAAE,GAAG,EAAE,sBAAsB,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,EACzE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;oBACxB,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;gBACrD,CAAC,CACF,CAAC;YACJ,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF;;;;;GAKG;AACH,MAAM,OAAO,kBAAkB;IAM7B;;;;;;;OAOG;IACH,YAAY,OAAmC;QAC7C,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,EAAE,CAAC;YACtB,aAAa,CAAC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC;QACpC,CAAC;QACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,EAAE,CAAC;YAC1B,iBAAiB,CAAC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,CAAC,CAAC;YACjD,IAAI,CAAC,YAAY,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,CAAC;QAC5C,CAAC;QACD,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,kBAAkB,CAAC;IAC7C,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,CAClC,CAAC;QACF,IAAI,QAAQ,EAAE,CAAC;YACb,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,iBAAiB,CAAC,MAAM,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QAC/C,CAAC;QACD,MAAM,KAAK,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAC9D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;QAEjD,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;;YACrF,IAAI,CAAC;gBACH,+BAA+B,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBAC/C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;gBACzC,MAAM,GAAG,GAAG,MAAM,sBAAsB,CAAC,sBAAsB,CAC7D,QAAQ,EACR,QAAQ,EACR,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,OAAO,CACb,CAAC;gBACF,MAAM,aAAa,GAAG,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,0BAA0B,CAAC,CAAC;gBACpE,MAAM,YAAY,GAAG,CAAA,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,kBAAkB,CAAC,KAAI,CAAC,aAAa,CAAC;gBAC7E,MAAM,iBAAiB,GACrB,CAAA,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,kBAAkB,CAAC,MAAI,MAAA,GAAG,CAAC,MAAM,0CAAE,UAAU,CAAC,wBAAwB,CAAC,CAAA,CAAC;gBAE5F,IAAI,iBAAiB,EAAE,CAAC;oBACtB,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,kLAAkL,CACnL,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;gBACd,CAAC;gBACD,IAAI,YAAY,EAAE,CAAC;oBACjB,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,2FAA2F,CAC5F,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;gBACd,CAAC;gBACD,IAAI,CAAC;oBACH,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC;oBAChC,MAAM,QAAQ,GAAgB,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;oBAClE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO,QAAQ,CAAC;gBAClB,CAAC;gBAAC,OAAO,CAAM,EAAE,CAAC;oBAChB,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;wBACf,MAAM,IAAI,0BAA0B,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBACnD,CAAC;oBACD,MAAM,CAAC,CAAC;gBACV,CAAC;YACH,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,KAAK,GACT,GAAG,CAAC,IAAI,KAAK,4BAA4B;oBACvC,CAAC,CAAC,GAAG;oBACL,CAAC,CAAC,IAAI,0BAA0B,CAC3B,GAAa,CAAC,OAAO,IAAI,yDAAyD,CACpF,CAAC;gBACR,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACK,gBAAgB,CAAC,WAAmB;QAC1C,MAAM,QAAQ,GAAQ,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAC9C,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,CAAC;QACnC,8EAA8E;QAC9E,8BAA8B;QAC9B,IAAI,kBAAkB,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC;QACzE,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC/B,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;YACvE,OAAO;gBACL,KAAK;gBACL,kBAAkB;gBAClB,SAAS,EAAE,QAAQ;aACpB,CAAC;QACJ,CAAC;QAED,2DAA2D;QAC3D,kBAAkB,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;QAE5D,qCAAqC;QACrC,IAAI,KAAK,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,0BAA0B,CAClC,kHAAkH,QAAQ,CAAC,SAAS,GAAG,CACxI,CAAC;QACJ,CAAC;QAED,OAAO;YACL,KAAK;YACL,kBAAkB;YAClB,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n checkTenantId,\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging.js\";\nimport { ensureValidScopeForDevTimeCreds, getScopeResource } from \"../util/scopeUtils.js\";\n\nimport type { AzureCliCredentialOptions } from \"./azureCliCredentialOptions.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport child_process from \"child_process\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport { checkSubscription } from \"../util/subscriptionUtils.js\";\n\nconst logger = credentialLogger(\"AzureCliCredential\");\n\n/**\n * Mockable reference to the CLI credential cliCredentialFunctions\n * @internal\n */\nexport const cliCredentialInternals = {\n /**\n * @internal\n */\n getSafeWorkingDir(): string {\n if (process.platform === \"win32\") {\n let systemRoot = process.env.SystemRoot || process.env[\"SYSTEMROOT\"];\n if (!systemRoot) {\n logger.getToken.warning(\n \"The SystemRoot environment variable is not set. This may cause issues when using the Azure CLI credential.\",\n );\n\n systemRoot = \"C:\\\\Windows\";\n }\n return systemRoot;\n } else {\n return \"/bin\";\n }\n },\n\n /**\n * Gets the access token from Azure CLI\n * @param resource - The resource to use when getting the token\n * @internal\n */\n async getAzureCliAccessToken(\n resource: string,\n tenantId?: string,\n subscription?: string,\n timeout?: number,\n ): Promise<{ stdout: string; stderr: string; error: Error | null }> {\n let tenantSection: string[] = [];\n let subscriptionSection: string[] = [];\n if (tenantId) {\n tenantSection = [\"--tenant\", tenantId];\n }\n if (subscription) {\n // Add quotes around the subscription to handle subscriptions with spaces\n subscriptionSection = [\"--subscription\", `\"${subscription}\"`];\n }\n return new Promise((resolve, reject) => {\n try {\n child_process.execFile(\n \"az\",\n [\n \"account\",\n \"get-access-token\",\n \"--output\",\n \"json\",\n \"--resource\",\n resource,\n ...tenantSection,\n ...subscriptionSection,\n ],\n { cwd: cliCredentialInternals.getSafeWorkingDir(), shell: true, timeout },\n (error, stdout, stderr) => {\n resolve({ stdout: stdout, stderr: stderr, error });\n },\n );\n } catch (err: any) {\n reject(err);\n }\n });\n },\n};\n\n/**\n * This credential will use the currently logged-in user login information\n * via the Azure CLI ('az') commandline tool.\n * To do so, it will read the user access token and expire time\n * with Azure CLI command \"az account get-access-token\".\n */\nexport class AzureCliCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private timeout?: number;\n private subscription?: string;\n\n /**\n * Creates an instance of the {@link AzureCliCredential}.\n *\n * To use this credential, ensure that you have already logged\n * in via the 'az' tool using the command \"az login\" from the commandline.\n *\n * @param options - Options, to optionally allow multi-tenant requests.\n */\n constructor(options?: AzureCliCredentialOptions) {\n if (options?.tenantId) {\n checkTenantId(logger, options?.tenantId);\n this.tenantId = options?.tenantId;\n }\n if (options?.subscription) {\n checkSubscription(logger, options?.subscription);\n this.subscription = options?.subscription;\n }\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n this.timeout = options?.processTimeoutInMs;\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options: GetTokenOptions = {},\n ): Promise<AccessToken> {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n options,\n this.additionallyAllowedTenantIds,\n );\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n if (this.subscription) {\n checkSubscription(logger, this.subscription);\n }\n const scope = typeof scopes === \"string\" ? scopes : scopes[0];\n logger.getToken.info(`Using the scope ${scope}`);\n\n return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {\n try {\n ensureValidScopeForDevTimeCreds(scope, logger);\n const resource = getScopeResource(scope);\n const obj = await cliCredentialInternals.getAzureCliAccessToken(\n resource,\n tenantId,\n this.subscription,\n this.timeout,\n );\n const specificScope = obj.stderr?.match(\"(.*)az login --scope(.*)\");\n const isLoginError = obj.stderr?.match(\"(.*)az login(.*)\") && !specificScope;\n const isNotInstallError =\n obj.stderr?.match(\"az:(.*)not found\") || obj.stderr?.startsWith(\"'az' is not recognized\");\n\n if (isNotInstallError) {\n const error = new CredentialUnavailableError(\n \"Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n if (isLoginError) {\n const error = new CredentialUnavailableError(\n \"Please run 'az login' from a command prompt to authenticate before using this credential.\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n try {\n const responseData = obj.stdout;\n const response: AccessToken = this.parseRawResponse(responseData);\n logger.getToken.info(formatSuccess(scopes));\n return response;\n } catch (e: any) {\n if (obj.stderr) {\n throw new CredentialUnavailableError(obj.stderr);\n }\n throw e;\n }\n } catch (err: any) {\n const error =\n err.name === \"CredentialUnavailableError\"\n ? err\n : new CredentialUnavailableError(\n (err as Error).message || \"Unknown error while trying to retrieve the access token\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n });\n }\n\n /**\n * Parses the raw JSON response from the Azure CLI into a usable AccessToken object\n *\n * @param rawResponse - The raw JSON response from the Azure CLI\n * @returns An access token with the expiry time parsed from the raw response\n *\n * The expiryTime of the credential's access token, in milliseconds, is calculated as follows:\n *\n * When available, expires_on (introduced in Azure CLI v2.54.0) will be preferred. Otherwise falls back to expiresOn.\n */\n private parseRawResponse(rawResponse: string): AccessToken {\n const response: any = JSON.parse(rawResponse);\n const token = response.accessToken;\n // if available, expires_on will be a number representing seconds since epoch.\n // ensure it's a number or NaN\n let expiresOnTimestamp = Number.parseInt(response.expires_on, 10) * 1000;\n if (!isNaN(expiresOnTimestamp)) {\n logger.getToken.info(\"expires_on is available and is valid, using it\");\n return {\n token,\n expiresOnTimestamp,\n tokenType: \"Bearer\",\n };\n }\n\n // fallback to the older expiresOn - an RFC3339 date string\n expiresOnTimestamp = new Date(response.expiresOn).getTime();\n\n // ensure expiresOn is well-formatted\n if (isNaN(expiresOnTimestamp)) {\n throw new CredentialUnavailableError(\n `Unexpected response from Azure CLI when getting token. Expected \"expiresOn\" to be a RFC3339 date string. Got: \"${response.expiresOn}\"`,\n );\n }\n\n return {\n token,\n expiresOnTimestamp,\n tokenType: \"Bearer\",\n };\n }\n}\n"]}
|