@azure/identity 4.9.2-alpha.20250513.1 → 4.10.0

package/dist/browser/constants.d.ts

@@ -1,7 +1,7 @@
 /**
  * Current version of the `@azure/identity` package.
  */
-export declare const SDK_VERSION = "4.9.2";
+export declare const SDK_VERSION = "4.10.0";
 /**
  * The default client ID for authentication
  * @internal

package/dist/browser/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,eAAO,MAAM,WAAW,UAAU,CAAC;AAEnC;;;GAGG;AAIH,eAAO,MAAM,uBAAuB,yCAAyC,CAAC;AAE9E;;;GAGG;AACH,eAAO,MAAM,eAAe,WAAW,CAAC;AAExC;;GAEG;AACH,oBAAY,mBAAmB;IAC7B;;OAEG;IACH,UAAU,mCAAmC;IAC7C;;;;;SAKK;IACL,YAAY,qCAAqC;IACjD;;OAEG;IACH,eAAe,qCAAqC;IACpD;;OAEG;IACH,gBAAgB,sCAAsC;CACvD;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB,uCAAuC,CAAC;AAEzE;;;GAGG;AACH,eAAO,MAAM,gBAAgB,8BAA8B,CAAC;AAE5D;;;GAGG;AACH,eAAO,MAAM,WAAW,EAAE,MAAM,EAAU,CAAC;AAE3C;;GAEG;AACH,eAAO,MAAM,gBAAgB,QAAQ,CAAC;AAEtC;;GAEG;AACH,eAAO,MAAM,oBAAoB,UAAU,CAAC;AAE5C;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,eAAe,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,eAAO,MAAM,WAAW,WAAW,CAAC;AAEpC;;;GAGG;AAIH,eAAO,MAAM,uBAAuB,yCAAyC,CAAC;AAE9E;;;GAGG;AACH,eAAO,MAAM,eAAe,WAAW,CAAC;AAExC;;GAEG;AACH,oBAAY,mBAAmB;IAC7B;;OAEG;IACH,UAAU,mCAAmC;IAC7C;;;;;SAKK;IACL,YAAY,qCAAqC;IACjD;;OAEG;IACH,eAAe,qCAAqC;IACpD;;OAEG;IACH,gBAAgB,sCAAsC;CACvD;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB,uCAAuC,CAAC;AAEzE;;;GAGG;AACH,eAAO,MAAM,gBAAgB,8BAA8B,CAAC;AAE5D;;;GAGG;AACH,eAAO,MAAM,WAAW,EAAE,MAAM,EAAU,CAAC;AAE3C;;GAEG;AACH,eAAO,MAAM,gBAAgB,QAAQ,CAAC;AAEtC;;GAEG;AACH,eAAO,MAAM,oBAAoB,UAAU,CAAC;AAE5C;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,eAAe,CAAC"}

package/dist/browser/constants.js

@@ -3,7 +3,7 @@
 /**
  * Current version of the `@azure/identity` package.
  */
-export const SDK_VERSION = `4.9.2`;
+export const SDK_VERSION = `4.10.0`;
 /**
  * The default client ID for authentication
  * @internal

package/dist/browser/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,OAAO,CAAC;AAEnC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AACvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,KAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `4.9.2`;\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n  /**\n   * China-based Azure Authority Host\n   */\n  AzureChina = \"https://login.chinacloudapi.cn\",\n  /**\n   * Germany-based Azure Authority Host\n   *\n   * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n   *\n   * */\n  AzureGermany = \"https://login.microsoftonline.de\",\n  /**\n   * US Government Azure Authority Host\n   */\n  AzureGovernment = \"https://login.microsoftonline.us\",\n  /**\n   * Public Cloud Azure Authority Host\n   */\n  AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/**\n * @internal\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/**\n * @internal\n * The default environment host for Azure Public Cloud\n */\nexport const DefaultAuthority = \"login.microsoftonline.com\";\n\n/**\n * @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n */\nexport const ALL_TENANTS: string[] = [\"*\"];\n\n/**\n * @internal\n */\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/**\n * @internal\n */\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/**\n * @internal\n *\n * The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,QAAQ,CAAC;AAEpC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AACvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,KAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `4.10.0`;\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n  /**\n   * China-based Azure Authority Host\n   */\n  AzureChina = \"https://login.chinacloudapi.cn\",\n  /**\n   * Germany-based Azure Authority Host\n   *\n   * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n   *\n   * */\n  AzureGermany = \"https://login.microsoftonline.de\",\n  /**\n   * US Government Azure Authority Host\n   */\n  AzureGovernment = \"https://login.microsoftonline.us\",\n  /**\n   * Public Cloud Azure Authority Host\n   */\n  AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/**\n * @internal\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/**\n * @internal\n * The default environment host for Azure Public Cloud\n */\nexport const DefaultAuthority = \"login.microsoftonline.com\";\n\n/**\n * @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n */\nexport const ALL_TENANTS: string[] = [\"*\"];\n\n/**\n * @internal\n */\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/**\n * @internal\n */\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/**\n * @internal\n *\n * The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}

package/dist/commonjs/constants.d.ts

@@ -1,7 +1,7 @@
 /**
  * Current version of the `@azure/identity` package.
  */
-export declare const SDK_VERSION = "4.9.2";
+export declare const SDK_VERSION = "4.10.0";
 /**
  * The default client ID for authentication
  * @internal

package/dist/commonjs/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,eAAO,MAAM,WAAW,UAAU,CAAC;AAEnC;;;GAGG;AAIH,eAAO,MAAM,uBAAuB,yCAAyC,CAAC;AAE9E;;;GAGG;AACH,eAAO,MAAM,eAAe,WAAW,CAAC;AAExC;;GAEG;AACH,oBAAY,mBAAmB;IAC7B;;OAEG;IACH,UAAU,mCAAmC;IAC7C;;;;;SAKK;IACL,YAAY,qCAAqC;IACjD;;OAEG;IACH,eAAe,qCAAqC;IACpD;;OAEG;IACH,gBAAgB,sCAAsC;CACvD;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB,uCAAuC,CAAC;AAEzE;;;GAGG;AACH,eAAO,MAAM,gBAAgB,8BAA8B,CAAC;AAE5D;;;GAGG;AACH,eAAO,MAAM,WAAW,EAAE,MAAM,EAAU,CAAC;AAE3C;;GAEG;AACH,eAAO,MAAM,gBAAgB,QAAQ,CAAC;AAEtC;;GAEG;AACH,eAAO,MAAM,oBAAoB,UAAU,CAAC;AAE5C;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,eAAe,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,eAAO,MAAM,WAAW,WAAW,CAAC;AAEpC;;;GAGG;AAIH,eAAO,MAAM,uBAAuB,yCAAyC,CAAC;AAE9E;;;GAGG;AACH,eAAO,MAAM,eAAe,WAAW,CAAC;AAExC;;GAEG;AACH,oBAAY,mBAAmB;IAC7B;;OAEG;IACH,UAAU,mCAAmC;IAC7C;;;;;SAKK;IACL,YAAY,qCAAqC;IACjD;;OAEG;IACH,eAAe,qCAAqC;IACpD;;OAEG;IACH,gBAAgB,sCAAsC;CACvD;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB,uCAAuC,CAAC;AAEzE;;;GAGG;AACH,eAAO,MAAM,gBAAgB,8BAA8B,CAAC;AAE5D;;;GAGG;AACH,eAAO,MAAM,WAAW,EAAE,MAAM,EAAU,CAAC;AAE3C;;GAEG;AACH,eAAO,MAAM,gBAAgB,QAAQ,CAAC;AAEtC;;GAEG;AACH,eAAO,MAAM,oBAAoB,UAAU,CAAC;AAE5C;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,eAAe,CAAC"}

package/dist/commonjs/constants.js

@@ -6,7 +6,7 @@ exports.DEFAULT_TOKEN_CACHE_NAME = exports.CACHE_NON_CAE_SUFFIX = exports.CACHE_
 /**
  * Current version of the `@azure/identity` package.
  */
-exports.SDK_VERSION = `4.9.2`;
+exports.SDK_VERSION = `4.10.0`;
 /**
  * The default client ID for authentication
  * @internal

package/dist/commonjs/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAElC;;GAEG;AACU,QAAA,WAAW,GAAG,OAAO,CAAC;AAEnC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AAC1F,QAAA,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACU,QAAA,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,mCAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACU,QAAA,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACU,QAAA,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACU,QAAA,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACU,QAAA,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACU,QAAA,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACU,QAAA,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `4.9.2`;\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n  /**\n   * China-based Azure Authority Host\n   */\n  AzureChina = \"https://login.chinacloudapi.cn\",\n  /**\n   * Germany-based Azure Authority Host\n   *\n   * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n   *\n   * */\n  AzureGermany = \"https://login.microsoftonline.de\",\n  /**\n   * US Government Azure Authority Host\n   */\n  AzureGovernment = \"https://login.microsoftonline.us\",\n  /**\n   * Public Cloud Azure Authority Host\n   */\n  AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/**\n * @internal\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/**\n * @internal\n * The default environment host for Azure Public Cloud\n */\nexport const DefaultAuthority = \"login.microsoftonline.com\";\n\n/**\n * @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n */\nexport const ALL_TENANTS: string[] = [\"*\"];\n\n/**\n * @internal\n */\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/**\n * @internal\n */\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/**\n * @internal\n *\n * The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAElC;;GAEG;AACU,QAAA,WAAW,GAAG,QAAQ,CAAC;AAEpC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AAC1F,QAAA,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACU,QAAA,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,mCAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACU,QAAA,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACU,QAAA,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACU,QAAA,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACU,QAAA,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACU,QAAA,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACU,QAAA,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `4.10.0`;\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n  /**\n   * China-based Azure Authority Host\n   */\n  AzureChina = \"https://login.chinacloudapi.cn\",\n  /**\n   * Germany-based Azure Authority Host\n   *\n   * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n   *\n   * */\n  AzureGermany = \"https://login.microsoftonline.de\",\n  /**\n   * US Government Azure Authority Host\n   */\n  AzureGovernment = \"https://login.microsoftonline.us\",\n  /**\n   * Public Cloud Azure Authority Host\n   */\n  AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/**\n * @internal\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/**\n * @internal\n * The default environment host for Azure Public Cloud\n */\nexport const DefaultAuthority = \"login.microsoftonline.com\";\n\n/**\n * @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n */\nexport const ALL_TENANTS: string[] = [\"*\"];\n\n/**\n * @internal\n */\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/**\n * @internal\n */\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/**\n * @internal\n *\n * The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}

package/dist/commonjs/credentials/defaultAzureCredential.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"defaultAzureCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,qCAAqC,EACrC,6BAA6B,EAC7B,uCAAuC,EACxC,MAAM,oCAAoC,CAAC;AAU5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAOxD;;;;;GAKG;AACH,wBAAgB,sCAAsC,CACpD,OAAO,GACH,6BAA6B,GAC7B,uCAAuC,GACvC,qCAA0C,GAC7C,eAAe,CA8CjB;AA+ED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CACzC,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;GAGG;AACH,qBAAa,4BAA6B,YAAW,eAAe;IAClE,iCAAiC,EAAE,MAAM,CAAC;IAC1C,cAAc,EAAE,MAAM,CAAC;gBAEX,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAKnD,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAM1B;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,sBAAuB,SAAQ,sBAAsB;IAChE;;;;OAIG;gBACS,OAAO,CAAC,EAAE,qCAAqC;IAE3D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,uCAAuC;IAE7D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,6BAA6B;CA+BpD"}
+{"version":3,"file":"defaultAzureCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,qCAAqC,EACrC,6BAA6B,EAC7B,uCAAuC,EACxC,MAAM,oCAAoC,CAAC;AAU5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAOxD;;;;;GAKG;AACH,wBAAgB,sCAAsC,CACpD,OAAO,GACH,6BAA6B,GAC7B,uCAAuC,GACvC,qCAA0C,GAC7C,eAAe,CA8CjB;AA+ED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CACzC,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;GAGG;AACH,qBAAa,4BAA6B,YAAW,eAAe;IAClE,iCAAiC,EAAE,MAAM,CAAC;IAC1C,cAAc,EAAE,MAAM,CAAC;gBAEX,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAKnD,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAM1B;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,sBAAuB,SAAQ,sBAAsB;IAChE;;;;OAIG;gBACS,OAAO,CAAC,EAAE,qCAAqC;IAE3D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,uCAAuC;IAE7D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,6BAA6B;CA6DpD"}

package/dist/commonjs/credentials/defaultAzureCredential.js

@@ -142,15 +142,47 @@ exports.UnavailableDefaultCredential = UnavailableDefaultCredential;
  */
 class DefaultAzureCredential extends chainedTokenCredential_js_1.ChainedTokenCredential {
     constructor(options) {
-        const credentialFunctions = [
-            createEnvironmentCredential,
-            createDefaultWorkloadIdentityCredential,
-            createDefaultManagedIdentityCredential,
+        // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.
+        const azureTokenCredentials = process.env.AZURE_TOKEN_CREDENTIALS
+            ? process.env.AZURE_TOKEN_CREDENTIALS.trim().toLowerCase()
+            : undefined;
+        const devCredentialFunctions = [
             createDefaultAzureCliCredential,
             createDefaultAzurePowershellCredential,
             createDefaultAzureDeveloperCliCredential,
         ];
-        // DefaultCredential constructors should not throw, instead throwing on getToken() which is handled by ChainedTokenCredential.
+        const prodCredentialFunctions = [
+            createEnvironmentCredential,
+            createDefaultWorkloadIdentityCredential,
+            createDefaultManagedIdentityCredential,
+        ];
+        let credentialFunctions = [];
+        // If AZURE_TOKEN_CREDENTIALS is set, use it to determine which credentials to use.
+        // The value of AZURE_TOKEN_CREDENTIALS should be either "dev" or "prod".
+        if (azureTokenCredentials) {
+            switch (azureTokenCredentials) {
+                case "dev":
+                    // If AZURE_TOKEN_CREDENTIALS is set to "dev", use the developer tool-based credential chain.
+                    credentialFunctions = devCredentialFunctions;
+                    break;
+                case "prod":
+                    // If AZURE_TOKEN_CREDENTIALS is set to "prod", use the production credential chain.
+                    credentialFunctions = prodCredentialFunctions;
+                    break;
+                default: {
+                    // If AZURE_TOKEN_CREDENTIALS is set to an unsupported value, throw an error.
+                    // We will throw an error here to prevent the creation of the DefaultAzureCredential.
+                    const errorMessage = `Invalid value for AZURE_TOKEN_CREDENTIALS = ${process.env.AZURE_TOKEN_CREDENTIALS}. Valid values are 'prod' or 'dev'.`;
+                    logger.warning(errorMessage);
+                    throw new Error(errorMessage);
+                }
+            }
+        }
+        else {
+            // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.
+            credentialFunctions = [...prodCredentialFunctions, ...devCredentialFunctions];
+        }
+        // Errors from individual credentials should not be thrown in the DefaultAzureCredential constructor, instead throwing on getToken() which is handled by ChainedTokenCredential.
         // When adding new credentials to the default chain, consider:
         // 1. Making the constructor parameters required and explicit
         // 2. Validating any required parameters in the factory function

package/dist/commonjs/credentials/defaultAzureCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"defaultAzureCredential.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AA+BlC,wFAmDC;AAqFD,kEAIC;AAhKD,mEAAiF;AAEjF,mEAA6D;AAC7D,qFAA+E;AAC/E,iFAA2E;AAC3E,2EAAqE;AACrE,yEAAmE;AAEnE,mFAA6E;AAE7E,mDAAsD;AAEtD,MAAM,MAAM,GAAG,IAAA,6BAAgB,EAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;GAKG;AACH,SAAgB,sCAAsC,CACpD,UAG4C,EAAE;;IAE9C,MAAA,OAAO,CAAC,YAAY,oCAApB,OAAO,CAAC,YAAY,GAAK;QACvB,UAAU,EAAE,CAAC;QACb,cAAc,EAAE,GAAG;KACpB,EAAC;IACF,MAAM,uBAAuB,GAC3B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC5B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,wBAAwB,mCAC5E,uBAAuB,CAAC;IAC1B,MAAM,iBAAiB,GAAI,OAAmD,aAAnD,OAAO,uBAAP,OAAO,CAC9B,yBAAyB,CAAC;IAC9B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,gCAAgC,mCACjC,OAAO,KACV,UAAU,EAAE,iBAAiB,GAC9B,CAAC;QACF,OAAO,IAAI,oCAAyB,CAAC,gCAAgC,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,mCAClC,OAAO,KACV,QAAQ,EAAE,QAAQ,GACnB,CAAC;QAEF,OAAO,IAAI,oCAAyB,CAClC,wBAAwB,EACxB,iCAAiC,CAClC,CAAC;IACJ,CAAC;IAED,IAAI,uBAAuB,EAAE,CAAC;QAC5B,MAAM,4BAA4B,mCAC7B,OAAO,KACV,QAAQ,EAAE,uBAAuB,GAClC,CAAC;QAEF,OAAO,IAAI,oCAAyB,CAAC,4BAA4B,CAAC,CAAC;IACrE,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,oCAAyB,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,SAAS,uCAAuC,CAC9C,OAA+E;;IAE/E,MAAM,uBAAuB,GAC3B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC5B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,wBAAwB,mCAC5E,uBAAuB,CAAC;IAC1B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,mCAClC,OAAO,KACV,QAAQ,EACR,QAAQ,EAAE,wBAAwB,EAClC,aAAa,EAAE,YAAY,GAC5B,CAAC;QACF,OAAO,IAAI,0DAA0B,CAAC,iCAAiC,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,mCAAmC,mCACpC,OAAO,KACV,QAAQ,GACT,CAAC;QACF,OAAO,IAAI,0DAA0B,CAAC,mCAAmC,CAAC,CAAC;IAC7E,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,0DAA0B,CAAC,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,SAAS,wCAAwC,CAC/C,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,4DAA2B,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AAC7E,CAAC;AAED;;;;;GAKG;AACH,SAAS,+BAA+B,CACtC,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,0CAAkB,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AACpE,CAAC;AAED;;;;;GAKG;AACH,SAAS,sCAAsC,CAC7C,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,wDAAyB,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AAC3E,CAAC;AAED;;;;;GAKG;AACH,SAAgB,2BAA2B,CACzC,UAAyC,EAAE;IAE3C,OAAO,IAAI,gDAAqB,CAAC,OAAO,CAAC,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,MAAa,4BAA4B;IAIvC,YAAY,cAAsB,EAAE,OAAe;QACjD,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,iCAAiC,GAAG,OAAO,CAAC;IACnD,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,YAAY,IAAI,CAAC,cAAc,aAAa,IAAI,CAAC,iCAAiC,EAAE,CACrF,CAAC;QACF,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;CACF;AAfD,oEAeC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAa,sBAAuB,SAAQ,kDAAsB;IAsBhE,YAAY,OAAuC;QACjD,MAAM,mBAAmB,GAAG;YAC1B,2BAA2B;YAC3B,uCAAuC;YACvC,sCAAsC;YACtC,+BAA+B;YAC/B,sCAAsC;YACtC,wCAAwC;SACzC,CAAC;QAEF,8HAA8H;QAE9H,8DAA8D;QAC9D,6DAA6D;QAC7D,gEAAgE;QAChE,sHAAsH;QACtH,MAAM,WAAW,GAAsB,mBAAmB,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE;YACpF,IAAI,CAAC;gBACH,OAAO,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,OAAO,CACZ,WAAW,kBAAkB,CAAC,IAAI,iDAAiD,GAAG,EAAE,CACzF,CAAC;gBACF,OAAO,IAAI,4BAA4B,CAAC,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAChF,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,GAAG,WAAW,CAAC,CAAC;IACxB,CAAC;CACF;AAnDD,wDAmDC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type {\n  DefaultAzureCredentialClientIdOptions,\n  DefaultAzureCredentialOptions,\n  DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions.js\";\nimport type {\n  ManagedIdentityCredentialClientIdOptions,\n  ManagedIdentityCredentialResourceIdOptions,\n} from \"./managedIdentityCredential/options.js\";\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential/index.js\";\n\nimport { AzureCliCredential } from \"./azureCliCredential.js\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential.js\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential.js\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential.js\";\nimport { EnvironmentCredential } from \"./environmentCredential.js\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { credentialLogger } from \"../util/logging.js\";\n\nconst logger = credentialLogger(\"DefaultAzureCredential\");\n\n/**\n * Creates a {@link ManagedIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultManagedIdentityCredential(\n  options:\n    | DefaultAzureCredentialOptions\n    | DefaultAzureCredentialResourceIdOptions\n    | DefaultAzureCredentialClientIdOptions = {},\n): TokenCredential {\n  options.retryOptions ??= {\n    maxRetries: 5,\n    retryDelayInMs: 800,\n  };\n  const managedIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n    process.env.AZURE_CLIENT_ID;\n  const workloadIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n    managedIdentityClientId;\n  const managedResourceId = (options as DefaultAzureCredentialResourceIdOptions)\n    ?.managedIdentityResourceId;\n  const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n  const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n  if (managedResourceId) {\n    const managedIdentityResourceIdOptions: ManagedIdentityCredentialResourceIdOptions = {\n      ...options,\n      resourceId: managedResourceId,\n    };\n    return new ManagedIdentityCredential(managedIdentityResourceIdOptions);\n  }\n\n  if (workloadFile && workloadIdentityClientId) {\n    const workloadIdentityCredentialOptions: DefaultAzureCredentialOptions = {\n      ...options,\n      tenantId: tenantId,\n    };\n\n    return new ManagedIdentityCredential(\n      workloadIdentityClientId,\n      workloadIdentityCredentialOptions,\n    );\n  }\n\n  if (managedIdentityClientId) {\n    const managedIdentityClientOptions: ManagedIdentityCredentialClientIdOptions = {\n      ...options,\n      clientId: managedIdentityClientId,\n    };\n\n    return new ManagedIdentityCredential(managedIdentityClientOptions);\n  }\n\n  // We may be able to return a UnavailableCredential here, but that may be a breaking change\n  return new ManagedIdentityCredential(options);\n}\n\n/**\n * Creates a {@link WorkloadIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultWorkloadIdentityCredential(\n  options?: DefaultAzureCredentialOptions | DefaultAzureCredentialClientIdOptions,\n): TokenCredential {\n  const managedIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n    process.env.AZURE_CLIENT_ID;\n  const workloadIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n    managedIdentityClientId;\n  const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n  const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n  if (workloadFile && workloadIdentityClientId) {\n    const workloadIdentityCredentialOptions: WorkloadIdentityCredentialOptions = {\n      ...options,\n      tenantId,\n      clientId: workloadIdentityClientId,\n      tokenFilePath: workloadFile,\n    };\n    return new WorkloadIdentityCredential(workloadIdentityCredentialOptions);\n  }\n  if (tenantId) {\n    const workloadIdentityClientTenantOptions: WorkloadIdentityCredentialOptions = {\n      ...options,\n      tenantId,\n    };\n    return new WorkloadIdentityCredential(workloadIdentityClientTenantOptions);\n  }\n\n  // We may be able to return a UnavailableCredential here, but that may be a breaking change\n  return new WorkloadIdentityCredential(options);\n}\n\n/**\n * Creates a {@link AzureDeveloperCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzureDeveloperCliCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzureDeveloperCliCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates a {@link AzureCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzureCliCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzureCliCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates a {@link AzurePowerShellCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzurePowershellCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzurePowerShellCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates an {@link EnvironmentCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createEnvironmentCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  return new EnvironmentCredential(options);\n}\n\n/**\n * A no-op credential that logs the reason it was skipped if getToken is called.\n * @internal\n */\nexport class UnavailableDefaultCredential implements TokenCredential {\n  credentialUnavailableErrorMessage: string;\n  credentialName: string;\n\n  constructor(credentialName: string, message: string) {\n    this.credentialName = credentialName;\n    this.credentialUnavailableErrorMessage = message;\n  }\n\n  getToken(): Promise<null> {\n    logger.getToken.info(\n      `Skipping ${this.credentialName}, reason: ${this.credentialUnavailableErrorMessage}`,\n    );\n    return Promise.resolve(null);\n  }\n}\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that works for most\n * applications that use Azure SDK client libraries. For more information, see\n * [DefaultAzureCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-defaultazurecredential-for-flexibility).\n *\n * The following credential types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link WorkloadIdentityCredential}\n * - {@link ManagedIdentityCredential}\n * - {@link AzureCliCredential}\n * - {@link AzurePowerShellCredential}\n * - {@link AzureDeveloperCliCredential}\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n */\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialClientIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialResourceIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialOptions);\n\n  constructor(options?: DefaultAzureCredentialOptions) {\n    const credentialFunctions = [\n      createEnvironmentCredential,\n      createDefaultWorkloadIdentityCredential,\n      createDefaultManagedIdentityCredential,\n      createDefaultAzureCliCredential,\n      createDefaultAzurePowershellCredential,\n      createDefaultAzureDeveloperCliCredential,\n    ];\n\n    // DefaultCredential constructors should not throw, instead throwing on getToken() which is handled by ChainedTokenCredential.\n\n    // When adding new credentials to the default chain, consider:\n    // 1. Making the constructor parameters required and explicit\n    // 2. Validating any required parameters in the factory function\n    // 3. Returning a UnavailableDefaultCredential from the factory function if a credential is unavailable for any reason\n    const credentials: TokenCredential[] = credentialFunctions.map((createCredentialFn) => {\n      try {\n        return createCredentialFn(options);\n      } catch (err: any) {\n        logger.warning(\n          `Skipped ${createCredentialFn.name} because of an error creating the credential: ${err}`,\n        );\n        return new UnavailableDefaultCredential(createCredentialFn.name, err.message);\n      }\n    });\n\n    super(...credentials);\n  }\n}\n"]}
+{"version":3,"file":"defaultAzureCredential.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AA+BlC,wFAmDC;AAqFD,kEAIC;AAhKD,mEAAiF;AAEjF,mEAA6D;AAC7D,qFAA+E;AAC/E,iFAA2E;AAC3E,2EAAqE;AACrE,yEAAmE;AAEnE,mFAA6E;AAE7E,mDAAsD;AAEtD,MAAM,MAAM,GAAG,IAAA,6BAAgB,EAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;GAKG;AACH,SAAgB,sCAAsC,CACpD,UAG4C,EAAE;;IAE9C,MAAA,OAAO,CAAC,YAAY,oCAApB,OAAO,CAAC,YAAY,GAAK;QACvB,UAAU,EAAE,CAAC;QACb,cAAc,EAAE,GAAG;KACpB,EAAC;IACF,MAAM,uBAAuB,GAC3B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC5B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,wBAAwB,mCAC5E,uBAAuB,CAAC;IAC1B,MAAM,iBAAiB,GAAI,OAAmD,aAAnD,OAAO,uBAAP,OAAO,CAC9B,yBAAyB,CAAC;IAC9B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,gCAAgC,mCACjC,OAAO,KACV,UAAU,EAAE,iBAAiB,GAC9B,CAAC;QACF,OAAO,IAAI,oCAAyB,CAAC,gCAAgC,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,mCAClC,OAAO,KACV,QAAQ,EAAE,QAAQ,GACnB,CAAC;QAEF,OAAO,IAAI,oCAAyB,CAClC,wBAAwB,EACxB,iCAAiC,CAClC,CAAC;IACJ,CAAC;IAED,IAAI,uBAAuB,EAAE,CAAC;QAC5B,MAAM,4BAA4B,mCAC7B,OAAO,KACV,QAAQ,EAAE,uBAAuB,GAClC,CAAC;QAEF,OAAO,IAAI,oCAAyB,CAAC,4BAA4B,CAAC,CAAC;IACrE,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,oCAAyB,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,SAAS,uCAAuC,CAC9C,OAA+E;;IAE/E,MAAM,uBAAuB,GAC3B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC5B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,wBAAwB,mCAC5E,uBAAuB,CAAC;IAC1B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,mCAClC,OAAO,KACV,QAAQ,EACR,QAAQ,EAAE,wBAAwB,EAClC,aAAa,EAAE,YAAY,GAC5B,CAAC;QACF,OAAO,IAAI,0DAA0B,CAAC,iCAAiC,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,mCAAmC,mCACpC,OAAO,KACV,QAAQ,GACT,CAAC;QACF,OAAO,IAAI,0DAA0B,CAAC,mCAAmC,CAAC,CAAC;IAC7E,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,0DAA0B,CAAC,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,SAAS,wCAAwC,CAC/C,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,4DAA2B,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AAC7E,CAAC;AAED;;;;;GAKG;AACH,SAAS,+BAA+B,CACtC,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,0CAAkB,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AACpE,CAAC;AAED;;;;;GAKG;AACH,SAAS,sCAAsC,CAC7C,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,wDAAyB,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AAC3E,CAAC;AAED;;;;;GAKG;AACH,SAAgB,2BAA2B,CACzC,UAAyC,EAAE;IAE3C,OAAO,IAAI,gDAAqB,CAAC,OAAO,CAAC,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,MAAa,4BAA4B;IAIvC,YAAY,cAAsB,EAAE,OAAe;QACjD,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,iCAAiC,GAAG,OAAO,CAAC;IACnD,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,YAAY,IAAI,CAAC,cAAc,aAAa,IAAI,CAAC,iCAAiC,EAAE,CACrF,CAAC;QACF,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;CACF;AAfD,oEAeC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAa,sBAAuB,SAAQ,kDAAsB;IAsBhE,YAAY,OAAuC;QACjD,2EAA2E;QAC3E,MAAM,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB;YAC/D,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE;YAC1D,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,sBAAsB,GAAG;YAC7B,+BAA+B;YAC/B,sCAAsC;YACtC,wCAAwC;SACzC,CAAC;QACF,MAAM,uBAAuB,GAAG;YAC9B,2BAA2B;YAC3B,uCAAuC;YACvC,sCAAsC;SACvC,CAAC;QACF,IAAI,mBAAmB,GAAG,EAAE,CAAC;QAC7B,mFAAmF;QACnF,yEAAyE;QACzE,IAAI,qBAAqB,EAAE,CAAC;YAC1B,QAAQ,qBAAqB,EAAE,CAAC;gBAC9B,KAAK,KAAK;oBACR,6FAA6F;oBAC7F,mBAAmB,GAAG,sBAAsB,CAAC;oBAC7C,MAAM;gBACR,KAAK,MAAM;oBACT,oFAAoF;oBACpF,mBAAmB,GAAG,uBAAuB,CAAC;oBAC9C,MAAM;gBACR,OAAO,CAAC,CAAC,CAAC;oBACR,6EAA6E;oBAC7E,qFAAqF;oBACrF,MAAM,YAAY,GAAG,+CAA+C,OAAO,CAAC,GAAG,CAAC,uBAAuB,qCAAqC,CAAC;oBAC7I,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;oBAC7B,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;gBAChC,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,2EAA2E;YAC3E,mBAAmB,GAAG,CAAC,GAAG,uBAAuB,EAAE,GAAG,sBAAsB,CAAC,CAAC;QAChF,CAAC;QAED,gLAAgL;QAChL,8DAA8D;QAC9D,6DAA6D;QAC7D,gEAAgE;QAChE,sHAAsH;QACtH,MAAM,WAAW,GAAsB,mBAAmB,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE;YACpF,IAAI,CAAC;gBACH,OAAO,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,OAAO,CACZ,WAAW,kBAAkB,CAAC,IAAI,iDAAiD,GAAG,EAAE,CACzF,CAAC;gBACF,OAAO,IAAI,4BAA4B,CAAC,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAChF,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,GAAG,WAAW,CAAC,CAAC;IACxB,CAAC;CACF;AAjFD,wDAiFC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type {\n  DefaultAzureCredentialClientIdOptions,\n  DefaultAzureCredentialOptions,\n  DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions.js\";\nimport type {\n  ManagedIdentityCredentialClientIdOptions,\n  ManagedIdentityCredentialResourceIdOptions,\n} from \"./managedIdentityCredential/options.js\";\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential/index.js\";\n\nimport { AzureCliCredential } from \"./azureCliCredential.js\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential.js\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential.js\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential.js\";\nimport { EnvironmentCredential } from \"./environmentCredential.js\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { credentialLogger } from \"../util/logging.js\";\n\nconst logger = credentialLogger(\"DefaultAzureCredential\");\n\n/**\n * Creates a {@link ManagedIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultManagedIdentityCredential(\n  options:\n    | DefaultAzureCredentialOptions\n    | DefaultAzureCredentialResourceIdOptions\n    | DefaultAzureCredentialClientIdOptions = {},\n): TokenCredential {\n  options.retryOptions ??= {\n    maxRetries: 5,\n    retryDelayInMs: 800,\n  };\n  const managedIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n    process.env.AZURE_CLIENT_ID;\n  const workloadIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n    managedIdentityClientId;\n  const managedResourceId = (options as DefaultAzureCredentialResourceIdOptions)\n    ?.managedIdentityResourceId;\n  const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n  const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n  if (managedResourceId) {\n    const managedIdentityResourceIdOptions: ManagedIdentityCredentialResourceIdOptions = {\n      ...options,\n      resourceId: managedResourceId,\n    };\n    return new ManagedIdentityCredential(managedIdentityResourceIdOptions);\n  }\n\n  if (workloadFile && workloadIdentityClientId) {\n    const workloadIdentityCredentialOptions: DefaultAzureCredentialOptions = {\n      ...options,\n      tenantId: tenantId,\n    };\n\n    return new ManagedIdentityCredential(\n      workloadIdentityClientId,\n      workloadIdentityCredentialOptions,\n    );\n  }\n\n  if (managedIdentityClientId) {\n    const managedIdentityClientOptions: ManagedIdentityCredentialClientIdOptions = {\n      ...options,\n      clientId: managedIdentityClientId,\n    };\n\n    return new ManagedIdentityCredential(managedIdentityClientOptions);\n  }\n\n  // We may be able to return a UnavailableCredential here, but that may be a breaking change\n  return new ManagedIdentityCredential(options);\n}\n\n/**\n * Creates a {@link WorkloadIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultWorkloadIdentityCredential(\n  options?: DefaultAzureCredentialOptions | DefaultAzureCredentialClientIdOptions,\n): TokenCredential {\n  const managedIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n    process.env.AZURE_CLIENT_ID;\n  const workloadIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n    managedIdentityClientId;\n  const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n  const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n  if (workloadFile && workloadIdentityClientId) {\n    const workloadIdentityCredentialOptions: WorkloadIdentityCredentialOptions = {\n      ...options,\n      tenantId,\n      clientId: workloadIdentityClientId,\n      tokenFilePath: workloadFile,\n    };\n    return new WorkloadIdentityCredential(workloadIdentityCredentialOptions);\n  }\n  if (tenantId) {\n    const workloadIdentityClientTenantOptions: WorkloadIdentityCredentialOptions = {\n      ...options,\n      tenantId,\n    };\n    return new WorkloadIdentityCredential(workloadIdentityClientTenantOptions);\n  }\n\n  // We may be able to return a UnavailableCredential here, but that may be a breaking change\n  return new WorkloadIdentityCredential(options);\n}\n\n/**\n * Creates a {@link AzureDeveloperCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzureDeveloperCliCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzureDeveloperCliCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates a {@link AzureCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzureCliCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzureCliCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates a {@link AzurePowerShellCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzurePowershellCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzurePowerShellCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates an {@link EnvironmentCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createEnvironmentCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  return new EnvironmentCredential(options);\n}\n\n/**\n * A no-op credential that logs the reason it was skipped if getToken is called.\n * @internal\n */\nexport class UnavailableDefaultCredential implements TokenCredential {\n  credentialUnavailableErrorMessage: string;\n  credentialName: string;\n\n  constructor(credentialName: string, message: string) {\n    this.credentialName = credentialName;\n    this.credentialUnavailableErrorMessage = message;\n  }\n\n  getToken(): Promise<null> {\n    logger.getToken.info(\n      `Skipping ${this.credentialName}, reason: ${this.credentialUnavailableErrorMessage}`,\n    );\n    return Promise.resolve(null);\n  }\n}\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that works for most\n * applications that use Azure SDK client libraries. For more information, see\n * [DefaultAzureCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-defaultazurecredential-for-flexibility).\n *\n * The following credential types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link WorkloadIdentityCredential}\n * - {@link ManagedIdentityCredential}\n * - {@link AzureCliCredential}\n * - {@link AzurePowerShellCredential}\n * - {@link AzureDeveloperCliCredential}\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n */\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialClientIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialResourceIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialOptions);\n\n  constructor(options?: DefaultAzureCredentialOptions) {\n    // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n    const azureTokenCredentials = process.env.AZURE_TOKEN_CREDENTIALS\n      ? process.env.AZURE_TOKEN_CREDENTIALS.trim().toLowerCase()\n      : undefined;\n    const devCredentialFunctions = [\n      createDefaultAzureCliCredential,\n      createDefaultAzurePowershellCredential,\n      createDefaultAzureDeveloperCliCredential,\n    ];\n    const prodCredentialFunctions = [\n      createEnvironmentCredential,\n      createDefaultWorkloadIdentityCredential,\n      createDefaultManagedIdentityCredential,\n    ];\n    let credentialFunctions = [];\n    // If AZURE_TOKEN_CREDENTIALS is set, use it to determine which credentials to use.\n    // The value of AZURE_TOKEN_CREDENTIALS should be either \"dev\" or \"prod\".\n    if (azureTokenCredentials) {\n      switch (azureTokenCredentials) {\n        case \"dev\":\n          // If AZURE_TOKEN_CREDENTIALS is set to \"dev\", use the developer tool-based credential chain.\n          credentialFunctions = devCredentialFunctions;\n          break;\n        case \"prod\":\n          // If AZURE_TOKEN_CREDENTIALS is set to \"prod\", use the production credential chain.\n          credentialFunctions = prodCredentialFunctions;\n          break;\n        default: {\n          // If AZURE_TOKEN_CREDENTIALS is set to an unsupported value, throw an error.\n          // We will throw an error here to prevent the creation of the DefaultAzureCredential.\n          const errorMessage = `Invalid value for AZURE_TOKEN_CREDENTIALS = ${process.env.AZURE_TOKEN_CREDENTIALS}. Valid values are 'prod' or 'dev'.`;\n          logger.warning(errorMessage);\n          throw new Error(errorMessage);\n        }\n      }\n    } else {\n      // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n      credentialFunctions = [...prodCredentialFunctions, ...devCredentialFunctions];\n    }\n\n    // Errors from individual credentials should not be thrown in the DefaultAzureCredential constructor, instead throwing on getToken() which is handled by ChainedTokenCredential.\n    // When adding new credentials to the default chain, consider:\n    // 1. Making the constructor parameters required and explicit\n    // 2. Validating any required parameters in the factory function\n    // 3. Returning a UnavailableDefaultCredential from the factory function if a credential is unavailable for any reason\n    const credentials: TokenCredential[] = credentialFunctions.map((createCredentialFn) => {\n      try {\n        return createCredentialFn(options);\n      } catch (err: any) {\n        logger.warning(\n          `Skipped ${createCredentialFn.name} because of an error creating the credential: ${err}`,\n        );\n        return new UnavailableDefaultCredential(createCredentialFn.name, err.message);\n      }\n    });\n\n    super(...credentials);\n  }\n}\n"]}

package/dist/esm/constants.d.ts

@@ -1,7 +1,7 @@
 /**
  * Current version of the `@azure/identity` package.
  */
-export declare const SDK_VERSION = "4.9.2";
+export declare const SDK_VERSION = "4.10.0";
 /**
  * The default client ID for authentication
  * @internal

package/dist/esm/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,eAAO,MAAM,WAAW,UAAU,CAAC;AAEnC;;;GAGG;AAIH,eAAO,MAAM,uBAAuB,yCAAyC,CAAC;AAE9E;;;GAGG;AACH,eAAO,MAAM,eAAe,WAAW,CAAC;AAExC;;GAEG;AACH,oBAAY,mBAAmB;IAC7B;;OAEG;IACH,UAAU,mCAAmC;IAC7C;;;;;SAKK;IACL,YAAY,qCAAqC;IACjD;;OAEG;IACH,eAAe,qCAAqC;IACpD;;OAEG;IACH,gBAAgB,sCAAsC;CACvD;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB,uCAAuC,CAAC;AAEzE;;;GAGG;AACH,eAAO,MAAM,gBAAgB,8BAA8B,CAAC;AAE5D;;;GAGG;AACH,eAAO,MAAM,WAAW,EAAE,MAAM,EAAU,CAAC;AAE3C;;GAEG;AACH,eAAO,MAAM,gBAAgB,QAAQ,CAAC;AAEtC;;GAEG;AACH,eAAO,MAAM,oBAAoB,UAAU,CAAC;AAE5C;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,eAAe,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,eAAO,MAAM,WAAW,WAAW,CAAC;AAEpC;;;GAGG;AAIH,eAAO,MAAM,uBAAuB,yCAAyC,CAAC;AAE9E;;;GAGG;AACH,eAAO,MAAM,eAAe,WAAW,CAAC;AAExC;;GAEG;AACH,oBAAY,mBAAmB;IAC7B;;OAEG;IACH,UAAU,mCAAmC;IAC7C;;;;;SAKK;IACL,YAAY,qCAAqC;IACjD;;OAEG;IACH,eAAe,qCAAqC;IACpD;;OAEG;IACH,gBAAgB,sCAAsC;CACvD;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB,uCAAuC,CAAC;AAEzE;;;GAGG;AACH,eAAO,MAAM,gBAAgB,8BAA8B,CAAC;AAE5D;;;GAGG;AACH,eAAO,MAAM,WAAW,EAAE,MAAM,EAAU,CAAC;AAE3C;;GAEG;AACH,eAAO,MAAM,gBAAgB,QAAQ,CAAC;AAEtC;;GAEG;AACH,eAAO,MAAM,oBAAoB,UAAU,CAAC;AAE5C;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,eAAe,CAAC"}

package/dist/esm/constants.js

@@ -3,7 +3,7 @@
 /**
  * Current version of the `@azure/identity` package.
  */
-export const SDK_VERSION = `4.9.2`;
+export const SDK_VERSION = `4.10.0`;
 /**
  * The default client ID for authentication
  * @internal

package/dist/esm/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,OAAO,CAAC;AAEnC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AACvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,KAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `4.9.2`;\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n  /**\n   * China-based Azure Authority Host\n   */\n  AzureChina = \"https://login.chinacloudapi.cn\",\n  /**\n   * Germany-based Azure Authority Host\n   *\n   * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n   *\n   * */\n  AzureGermany = \"https://login.microsoftonline.de\",\n  /**\n   * US Government Azure Authority Host\n   */\n  AzureGovernment = \"https://login.microsoftonline.us\",\n  /**\n   * Public Cloud Azure Authority Host\n   */\n  AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/**\n * @internal\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/**\n * @internal\n * The default environment host for Azure Public Cloud\n */\nexport const DefaultAuthority = \"login.microsoftonline.com\";\n\n/**\n * @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n */\nexport const ALL_TENANTS: string[] = [\"*\"];\n\n/**\n * @internal\n */\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/**\n * @internal\n */\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/**\n * @internal\n *\n * The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,QAAQ,CAAC;AAEpC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AACvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,KAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `4.10.0`;\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n  /**\n   * China-based Azure Authority Host\n   */\n  AzureChina = \"https://login.chinacloudapi.cn\",\n  /**\n   * Germany-based Azure Authority Host\n   *\n   * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n   *\n   * */\n  AzureGermany = \"https://login.microsoftonline.de\",\n  /**\n   * US Government Azure Authority Host\n   */\n  AzureGovernment = \"https://login.microsoftonline.us\",\n  /**\n   * Public Cloud Azure Authority Host\n   */\n  AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/**\n * @internal\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/**\n * @internal\n * The default environment host for Azure Public Cloud\n */\nexport const DefaultAuthority = \"login.microsoftonline.com\";\n\n/**\n * @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n */\nexport const ALL_TENANTS: string[] = [\"*\"];\n\n/**\n * @internal\n */\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/**\n * @internal\n */\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/**\n * @internal\n *\n * The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}

package/dist/esm/credentials/defaultAzureCredential.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"defaultAzureCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,qCAAqC,EACrC,6BAA6B,EAC7B,uCAAuC,EACxC,MAAM,oCAAoC,CAAC;AAU5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAOxD;;;;;GAKG;AACH,wBAAgB,sCAAsC,CACpD,OAAO,GACH,6BAA6B,GAC7B,uCAAuC,GACvC,qCAA0C,GAC7C,eAAe,CA8CjB;AA+ED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CACzC,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;GAGG;AACH,qBAAa,4BAA6B,YAAW,eAAe;IAClE,iCAAiC,EAAE,MAAM,CAAC;IAC1C,cAAc,EAAE,MAAM,CAAC;gBAEX,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAKnD,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAM1B;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,sBAAuB,SAAQ,sBAAsB;IAChE;;;;OAIG;gBACS,OAAO,CAAC,EAAE,qCAAqC;IAE3D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,uCAAuC;IAE7D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,6BAA6B;CA+BpD"}
+{"version":3,"file":"defaultAzureCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,qCAAqC,EACrC,6BAA6B,EAC7B,uCAAuC,EACxC,MAAM,oCAAoC,CAAC;AAU5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAOxD;;;;;GAKG;AACH,wBAAgB,sCAAsC,CACpD,OAAO,GACH,6BAA6B,GAC7B,uCAAuC,GACvC,qCAA0C,GAC7C,eAAe,CA8CjB;AA+ED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CACzC,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;GAGG;AACH,qBAAa,4BAA6B,YAAW,eAAe;IAClE,iCAAiC,EAAE,MAAM,CAAC;IAC1C,cAAc,EAAE,MAAM,CAAC;gBAEX,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAKnD,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAM1B;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,sBAAuB,SAAQ,sBAAsB;IAChE;;;;OAIG;gBACS,OAAO,CAAC,EAAE,qCAAqC;IAE3D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,uCAAuC;IAE7D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,6BAA6B;CA6DpD"}

package/dist/esm/credentials/defaultAzureCredential.js

@@ -136,15 +136,47 @@ export class UnavailableDefaultCredential {
  */
 export class DefaultAzureCredential extends ChainedTokenCredential {
     constructor(options) {
-        const credentialFunctions = [
-            createEnvironmentCredential,
-            createDefaultWorkloadIdentityCredential,
-            createDefaultManagedIdentityCredential,
+        // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.
+        const azureTokenCredentials = process.env.AZURE_TOKEN_CREDENTIALS
+            ? process.env.AZURE_TOKEN_CREDENTIALS.trim().toLowerCase()
+            : undefined;
+        const devCredentialFunctions = [
             createDefaultAzureCliCredential,
             createDefaultAzurePowershellCredential,
             createDefaultAzureDeveloperCliCredential,
         ];
-        // DefaultCredential constructors should not throw, instead throwing on getToken() which is handled by ChainedTokenCredential.
+        const prodCredentialFunctions = [
+            createEnvironmentCredential,
+            createDefaultWorkloadIdentityCredential,
+            createDefaultManagedIdentityCredential,
+        ];
+        let credentialFunctions = [];
+        // If AZURE_TOKEN_CREDENTIALS is set, use it to determine which credentials to use.
+        // The value of AZURE_TOKEN_CREDENTIALS should be either "dev" or "prod".
+        if (azureTokenCredentials) {
+            switch (azureTokenCredentials) {
+                case "dev":
+                    // If AZURE_TOKEN_CREDENTIALS is set to "dev", use the developer tool-based credential chain.
+                    credentialFunctions = devCredentialFunctions;
+                    break;
+                case "prod":
+                    // If AZURE_TOKEN_CREDENTIALS is set to "prod", use the production credential chain.
+                    credentialFunctions = prodCredentialFunctions;
+                    break;
+                default: {
+                    // If AZURE_TOKEN_CREDENTIALS is set to an unsupported value, throw an error.
+                    // We will throw an error here to prevent the creation of the DefaultAzureCredential.
+                    const errorMessage = `Invalid value for AZURE_TOKEN_CREDENTIALS = ${process.env.AZURE_TOKEN_CREDENTIALS}. Valid values are 'prod' or 'dev'.`;
+                    logger.warning(errorMessage);
+                    throw new Error(errorMessage);
+                }
+            }
+        }
+        else {
+            // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.
+            credentialFunctions = [...prodCredentialFunctions, ...devCredentialFunctions];
+        }
+        // Errors from individual credentials should not be thrown in the DefaultAzureCredential constructor, instead throwing on getToken() which is handled by ChainedTokenCredential.
         // When adding new credentials to the default chain, consider:
         // 1. Making the constructor parameters required and explicit
         // 2. Validating any required parameters in the factory function

package/dist/esm/credentials/defaultAzureCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"defaultAzureCredential.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAWlC,OAAO,EAAE,yBAAyB,EAAE,MAAM,sCAAsC,CAAC;AAEjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAEnE,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAE7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;GAKG;AACH,MAAM,UAAU,sCAAsC,CACpD,UAG4C,EAAE;;IAE9C,MAAA,OAAO,CAAC,YAAY,oCAApB,OAAO,CAAC,YAAY,GAAK;QACvB,UAAU,EAAE,CAAC;QACb,cAAc,EAAE,GAAG;KACpB,EAAC;IACF,MAAM,uBAAuB,GAC3B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC5B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,wBAAwB,mCAC5E,uBAAuB,CAAC;IAC1B,MAAM,iBAAiB,GAAI,OAAmD,aAAnD,OAAO,uBAAP,OAAO,CAC9B,yBAAyB,CAAC;IAC9B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,gCAAgC,mCACjC,OAAO,KACV,UAAU,EAAE,iBAAiB,GAC9B,CAAC;QACF,OAAO,IAAI,yBAAyB,CAAC,gCAAgC,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,mCAClC,OAAO,KACV,QAAQ,EAAE,QAAQ,GACnB,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAClC,wBAAwB,EACxB,iCAAiC,CAClC,CAAC;IACJ,CAAC;IAED,IAAI,uBAAuB,EAAE,CAAC;QAC5B,MAAM,4BAA4B,mCAC7B,OAAO,KACV,QAAQ,EAAE,uBAAuB,GAClC,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAAC,4BAA4B,CAAC,CAAC;IACrE,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,yBAAyB,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,SAAS,uCAAuC,CAC9C,OAA+E;;IAE/E,MAAM,uBAAuB,GAC3B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC5B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,wBAAwB,mCAC5E,uBAAuB,CAAC;IAC1B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,mCAClC,OAAO,KACV,QAAQ,EACR,QAAQ,EAAE,wBAAwB,EAClC,aAAa,EAAE,YAAY,GAC5B,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,iCAAiC,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,mCAAmC,mCACpC,OAAO,KACV,QAAQ,GACT,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,mCAAmC,CAAC,CAAC;IAC7E,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,SAAS,wCAAwC,CAC/C,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,2BAA2B,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AAC7E,CAAC;AAED;;;;;GAKG;AACH,SAAS,+BAA+B,CACtC,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,kBAAkB,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AACpE,CAAC;AAED;;;;;GAKG;AACH,SAAS,sCAAsC,CAC7C,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,yBAAyB,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AAC3E,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,2BAA2B,CACzC,UAAyC,EAAE;IAE3C,OAAO,IAAI,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IAIvC,YAAY,cAAsB,EAAE,OAAe;QACjD,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,iCAAiC,GAAG,OAAO,CAAC;IACnD,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,YAAY,IAAI,CAAC,cAAc,aAAa,IAAI,CAAC,iCAAiC,EAAE,CACrF,CAAC;QACF,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;CACF;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,OAAO,sBAAuB,SAAQ,sBAAsB;IAsBhE,YAAY,OAAuC;QACjD,MAAM,mBAAmB,GAAG;YAC1B,2BAA2B;YAC3B,uCAAuC;YACvC,sCAAsC;YACtC,+BAA+B;YAC/B,sCAAsC;YACtC,wCAAwC;SACzC,CAAC;QAEF,8HAA8H;QAE9H,8DAA8D;QAC9D,6DAA6D;QAC7D,gEAAgE;QAChE,sHAAsH;QACtH,MAAM,WAAW,GAAsB,mBAAmB,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE;YACpF,IAAI,CAAC;gBACH,OAAO,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,OAAO,CACZ,WAAW,kBAAkB,CAAC,IAAI,iDAAiD,GAAG,EAAE,CACzF,CAAC;gBACF,OAAO,IAAI,4BAA4B,CAAC,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAChF,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,GAAG,WAAW,CAAC,CAAC;IACxB,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type {\n  DefaultAzureCredentialClientIdOptions,\n  DefaultAzureCredentialOptions,\n  DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions.js\";\nimport type {\n  ManagedIdentityCredentialClientIdOptions,\n  ManagedIdentityCredentialResourceIdOptions,\n} from \"./managedIdentityCredential/options.js\";\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential/index.js\";\n\nimport { AzureCliCredential } from \"./azureCliCredential.js\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential.js\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential.js\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential.js\";\nimport { EnvironmentCredential } from \"./environmentCredential.js\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { credentialLogger } from \"../util/logging.js\";\n\nconst logger = credentialLogger(\"DefaultAzureCredential\");\n\n/**\n * Creates a {@link ManagedIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultManagedIdentityCredential(\n  options:\n    | DefaultAzureCredentialOptions\n    | DefaultAzureCredentialResourceIdOptions\n    | DefaultAzureCredentialClientIdOptions = {},\n): TokenCredential {\n  options.retryOptions ??= {\n    maxRetries: 5,\n    retryDelayInMs: 800,\n  };\n  const managedIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n    process.env.AZURE_CLIENT_ID;\n  const workloadIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n    managedIdentityClientId;\n  const managedResourceId = (options as DefaultAzureCredentialResourceIdOptions)\n    ?.managedIdentityResourceId;\n  const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n  const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n  if (managedResourceId) {\n    const managedIdentityResourceIdOptions: ManagedIdentityCredentialResourceIdOptions = {\n      ...options,\n      resourceId: managedResourceId,\n    };\n    return new ManagedIdentityCredential(managedIdentityResourceIdOptions);\n  }\n\n  if (workloadFile && workloadIdentityClientId) {\n    const workloadIdentityCredentialOptions: DefaultAzureCredentialOptions = {\n      ...options,\n      tenantId: tenantId,\n    };\n\n    return new ManagedIdentityCredential(\n      workloadIdentityClientId,\n      workloadIdentityCredentialOptions,\n    );\n  }\n\n  if (managedIdentityClientId) {\n    const managedIdentityClientOptions: ManagedIdentityCredentialClientIdOptions = {\n      ...options,\n      clientId: managedIdentityClientId,\n    };\n\n    return new ManagedIdentityCredential(managedIdentityClientOptions);\n  }\n\n  // We may be able to return a UnavailableCredential here, but that may be a breaking change\n  return new ManagedIdentityCredential(options);\n}\n\n/**\n * Creates a {@link WorkloadIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultWorkloadIdentityCredential(\n  options?: DefaultAzureCredentialOptions | DefaultAzureCredentialClientIdOptions,\n): TokenCredential {\n  const managedIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n    process.env.AZURE_CLIENT_ID;\n  const workloadIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n    managedIdentityClientId;\n  const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n  const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n  if (workloadFile && workloadIdentityClientId) {\n    const workloadIdentityCredentialOptions: WorkloadIdentityCredentialOptions = {\n      ...options,\n      tenantId,\n      clientId: workloadIdentityClientId,\n      tokenFilePath: workloadFile,\n    };\n    return new WorkloadIdentityCredential(workloadIdentityCredentialOptions);\n  }\n  if (tenantId) {\n    const workloadIdentityClientTenantOptions: WorkloadIdentityCredentialOptions = {\n      ...options,\n      tenantId,\n    };\n    return new WorkloadIdentityCredential(workloadIdentityClientTenantOptions);\n  }\n\n  // We may be able to return a UnavailableCredential here, but that may be a breaking change\n  return new WorkloadIdentityCredential(options);\n}\n\n/**\n * Creates a {@link AzureDeveloperCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzureDeveloperCliCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzureDeveloperCliCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates a {@link AzureCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzureCliCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzureCliCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates a {@link AzurePowerShellCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzurePowershellCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzurePowerShellCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates an {@link EnvironmentCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createEnvironmentCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  return new EnvironmentCredential(options);\n}\n\n/**\n * A no-op credential that logs the reason it was skipped if getToken is called.\n * @internal\n */\nexport class UnavailableDefaultCredential implements TokenCredential {\n  credentialUnavailableErrorMessage: string;\n  credentialName: string;\n\n  constructor(credentialName: string, message: string) {\n    this.credentialName = credentialName;\n    this.credentialUnavailableErrorMessage = message;\n  }\n\n  getToken(): Promise<null> {\n    logger.getToken.info(\n      `Skipping ${this.credentialName}, reason: ${this.credentialUnavailableErrorMessage}`,\n    );\n    return Promise.resolve(null);\n  }\n}\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that works for most\n * applications that use Azure SDK client libraries. For more information, see\n * [DefaultAzureCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-defaultazurecredential-for-flexibility).\n *\n * The following credential types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link WorkloadIdentityCredential}\n * - {@link ManagedIdentityCredential}\n * - {@link AzureCliCredential}\n * - {@link AzurePowerShellCredential}\n * - {@link AzureDeveloperCliCredential}\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n */\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialClientIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialResourceIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialOptions);\n\n  constructor(options?: DefaultAzureCredentialOptions) {\n    const credentialFunctions = [\n      createEnvironmentCredential,\n      createDefaultWorkloadIdentityCredential,\n      createDefaultManagedIdentityCredential,\n      createDefaultAzureCliCredential,\n      createDefaultAzurePowershellCredential,\n      createDefaultAzureDeveloperCliCredential,\n    ];\n\n    // DefaultCredential constructors should not throw, instead throwing on getToken() which is handled by ChainedTokenCredential.\n\n    // When adding new credentials to the default chain, consider:\n    // 1. Making the constructor parameters required and explicit\n    // 2. Validating any required parameters in the factory function\n    // 3. Returning a UnavailableDefaultCredential from the factory function if a credential is unavailable for any reason\n    const credentials: TokenCredential[] = credentialFunctions.map((createCredentialFn) => {\n      try {\n        return createCredentialFn(options);\n      } catch (err: any) {\n        logger.warning(\n          `Skipped ${createCredentialFn.name} because of an error creating the credential: ${err}`,\n        );\n        return new UnavailableDefaultCredential(createCredentialFn.name, err.message);\n      }\n    });\n\n    super(...credentials);\n  }\n}\n"]}
+{"version":3,"file":"defaultAzureCredential.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAWlC,OAAO,EAAE,yBAAyB,EAAE,MAAM,sCAAsC,CAAC;AAEjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAEnE,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAE7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;GAKG;AACH,MAAM,UAAU,sCAAsC,CACpD,UAG4C,EAAE;;IAE9C,MAAA,OAAO,CAAC,YAAY,oCAApB,OAAO,CAAC,YAAY,GAAK;QACvB,UAAU,EAAE,CAAC;QACb,cAAc,EAAE,GAAG;KACpB,EAAC;IACF,MAAM,uBAAuB,GAC3B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC5B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,wBAAwB,mCAC5E,uBAAuB,CAAC;IAC1B,MAAM,iBAAiB,GAAI,OAAmD,aAAnD,OAAO,uBAAP,OAAO,CAC9B,yBAAyB,CAAC;IAC9B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,gCAAgC,mCACjC,OAAO,KACV,UAAU,EAAE,iBAAiB,GAC9B,CAAC;QACF,OAAO,IAAI,yBAAyB,CAAC,gCAAgC,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,mCAClC,OAAO,KACV,QAAQ,EAAE,QAAQ,GACnB,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAClC,wBAAwB,EACxB,iCAAiC,CAClC,CAAC;IACJ,CAAC;IAED,IAAI,uBAAuB,EAAE,CAAC;QAC5B,MAAM,4BAA4B,mCAC7B,OAAO,KACV,QAAQ,EAAE,uBAAuB,GAClC,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAAC,4BAA4B,CAAC,CAAC;IACrE,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,yBAAyB,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,SAAS,uCAAuC,CAC9C,OAA+E;;IAE/E,MAAM,uBAAuB,GAC3B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC5B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,wBAAwB,mCAC5E,uBAAuB,CAAC;IAC1B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,mCAClC,OAAO,KACV,QAAQ,EACR,QAAQ,EAAE,wBAAwB,EAClC,aAAa,EAAE,YAAY,GAC5B,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,iCAAiC,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,mCAAmC,mCACpC,OAAO,KACV,QAAQ,GACT,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,mCAAmC,CAAC,CAAC;IAC7E,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,SAAS,wCAAwC,CAC/C,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,2BAA2B,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AAC7E,CAAC;AAED;;;;;GAKG;AACH,SAAS,+BAA+B,CACtC,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,kBAAkB,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AACpE,CAAC;AAED;;;;;GAKG;AACH,SAAS,sCAAsC,CAC7C,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,yBAAyB,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AAC3E,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,2BAA2B,CACzC,UAAyC,EAAE;IAE3C,OAAO,IAAI,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IAIvC,YAAY,cAAsB,EAAE,OAAe;QACjD,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,iCAAiC,GAAG,OAAO,CAAC;IACnD,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,YAAY,IAAI,CAAC,cAAc,aAAa,IAAI,CAAC,iCAAiC,EAAE,CACrF,CAAC;QACF,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;CACF;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,OAAO,sBAAuB,SAAQ,sBAAsB;IAsBhE,YAAY,OAAuC;QACjD,2EAA2E;QAC3E,MAAM,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB;YAC/D,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE;YAC1D,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,sBAAsB,GAAG;YAC7B,+BAA+B;YAC/B,sCAAsC;YACtC,wCAAwC;SACzC,CAAC;QACF,MAAM,uBAAuB,GAAG;YAC9B,2BAA2B;YAC3B,uCAAuC;YACvC,sCAAsC;SACvC,CAAC;QACF,IAAI,mBAAmB,GAAG,EAAE,CAAC;QAC7B,mFAAmF;QACnF,yEAAyE;QACzE,IAAI,qBAAqB,EAAE,CAAC;YAC1B,QAAQ,qBAAqB,EAAE,CAAC;gBAC9B,KAAK,KAAK;oBACR,6FAA6F;oBAC7F,mBAAmB,GAAG,sBAAsB,CAAC;oBAC7C,MAAM;gBACR,KAAK,MAAM;oBACT,oFAAoF;oBACpF,mBAAmB,GAAG,uBAAuB,CAAC;oBAC9C,MAAM;gBACR,OAAO,CAAC,CAAC,CAAC;oBACR,6EAA6E;oBAC7E,qFAAqF;oBACrF,MAAM,YAAY,GAAG,+CAA+C,OAAO,CAAC,GAAG,CAAC,uBAAuB,qCAAqC,CAAC;oBAC7I,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;oBAC7B,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;gBAChC,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,2EAA2E;YAC3E,mBAAmB,GAAG,CAAC,GAAG,uBAAuB,EAAE,GAAG,sBAAsB,CAAC,CAAC;QAChF,CAAC;QAED,gLAAgL;QAChL,8DAA8D;QAC9D,6DAA6D;QAC7D,gEAAgE;QAChE,sHAAsH;QACtH,MAAM,WAAW,GAAsB,mBAAmB,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE;YACpF,IAAI,CAAC;gBACH,OAAO,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,OAAO,CACZ,WAAW,kBAAkB,CAAC,IAAI,iDAAiD,GAAG,EAAE,CACzF,CAAC;gBACF,OAAO,IAAI,4BAA4B,CAAC,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAChF,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,GAAG,WAAW,CAAC,CAAC;IACxB,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type {\n  DefaultAzureCredentialClientIdOptions,\n  DefaultAzureCredentialOptions,\n  DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions.js\";\nimport type {\n  ManagedIdentityCredentialClientIdOptions,\n  ManagedIdentityCredentialResourceIdOptions,\n} from \"./managedIdentityCredential/options.js\";\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential/index.js\";\n\nimport { AzureCliCredential } from \"./azureCliCredential.js\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential.js\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential.js\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential.js\";\nimport { EnvironmentCredential } from \"./environmentCredential.js\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { credentialLogger } from \"../util/logging.js\";\n\nconst logger = credentialLogger(\"DefaultAzureCredential\");\n\n/**\n * Creates a {@link ManagedIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultManagedIdentityCredential(\n  options:\n    | DefaultAzureCredentialOptions\n    | DefaultAzureCredentialResourceIdOptions\n    | DefaultAzureCredentialClientIdOptions = {},\n): TokenCredential {\n  options.retryOptions ??= {\n    maxRetries: 5,\n    retryDelayInMs: 800,\n  };\n  const managedIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n    process.env.AZURE_CLIENT_ID;\n  const workloadIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n    managedIdentityClientId;\n  const managedResourceId = (options as DefaultAzureCredentialResourceIdOptions)\n    ?.managedIdentityResourceId;\n  const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n  const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n  if (managedResourceId) {\n    const managedIdentityResourceIdOptions: ManagedIdentityCredentialResourceIdOptions = {\n      ...options,\n      resourceId: managedResourceId,\n    };\n    return new ManagedIdentityCredential(managedIdentityResourceIdOptions);\n  }\n\n  if (workloadFile && workloadIdentityClientId) {\n    const workloadIdentityCredentialOptions: DefaultAzureCredentialOptions = {\n      ...options,\n      tenantId: tenantId,\n    };\n\n    return new ManagedIdentityCredential(\n      workloadIdentityClientId,\n      workloadIdentityCredentialOptions,\n    );\n  }\n\n  if (managedIdentityClientId) {\n    const managedIdentityClientOptions: ManagedIdentityCredentialClientIdOptions = {\n      ...options,\n      clientId: managedIdentityClientId,\n    };\n\n    return new ManagedIdentityCredential(managedIdentityClientOptions);\n  }\n\n  // We may be able to return a UnavailableCredential here, but that may be a breaking change\n  return new ManagedIdentityCredential(options);\n}\n\n/**\n * Creates a {@link WorkloadIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultWorkloadIdentityCredential(\n  options?: DefaultAzureCredentialOptions | DefaultAzureCredentialClientIdOptions,\n): TokenCredential {\n  const managedIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n    process.env.AZURE_CLIENT_ID;\n  const workloadIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n    managedIdentityClientId;\n  const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n  const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n  if (workloadFile && workloadIdentityClientId) {\n    const workloadIdentityCredentialOptions: WorkloadIdentityCredentialOptions = {\n      ...options,\n      tenantId,\n      clientId: workloadIdentityClientId,\n      tokenFilePath: workloadFile,\n    };\n    return new WorkloadIdentityCredential(workloadIdentityCredentialOptions);\n  }\n  if (tenantId) {\n    const workloadIdentityClientTenantOptions: WorkloadIdentityCredentialOptions = {\n      ...options,\n      tenantId,\n    };\n    return new WorkloadIdentityCredential(workloadIdentityClientTenantOptions);\n  }\n\n  // We may be able to return a UnavailableCredential here, but that may be a breaking change\n  return new WorkloadIdentityCredential(options);\n}\n\n/**\n * Creates a {@link AzureDeveloperCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzureDeveloperCliCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzureDeveloperCliCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates a {@link AzureCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzureCliCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzureCliCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates a {@link AzurePowerShellCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzurePowershellCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzurePowerShellCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates an {@link EnvironmentCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createEnvironmentCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  return new EnvironmentCredential(options);\n}\n\n/**\n * A no-op credential that logs the reason it was skipped if getToken is called.\n * @internal\n */\nexport class UnavailableDefaultCredential implements TokenCredential {\n  credentialUnavailableErrorMessage: string;\n  credentialName: string;\n\n  constructor(credentialName: string, message: string) {\n    this.credentialName = credentialName;\n    this.credentialUnavailableErrorMessage = message;\n  }\n\n  getToken(): Promise<null> {\n    logger.getToken.info(\n      `Skipping ${this.credentialName}, reason: ${this.credentialUnavailableErrorMessage}`,\n    );\n    return Promise.resolve(null);\n  }\n}\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that works for most\n * applications that use Azure SDK client libraries. For more information, see\n * [DefaultAzureCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-defaultazurecredential-for-flexibility).\n *\n * The following credential types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link WorkloadIdentityCredential}\n * - {@link ManagedIdentityCredential}\n * - {@link AzureCliCredential}\n * - {@link AzurePowerShellCredential}\n * - {@link AzureDeveloperCliCredential}\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n */\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialClientIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialResourceIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialOptions);\n\n  constructor(options?: DefaultAzureCredentialOptions) {\n    // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n    const azureTokenCredentials = process.env.AZURE_TOKEN_CREDENTIALS\n      ? process.env.AZURE_TOKEN_CREDENTIALS.trim().toLowerCase()\n      : undefined;\n    const devCredentialFunctions = [\n      createDefaultAzureCliCredential,\n      createDefaultAzurePowershellCredential,\n      createDefaultAzureDeveloperCliCredential,\n    ];\n    const prodCredentialFunctions = [\n      createEnvironmentCredential,\n      createDefaultWorkloadIdentityCredential,\n      createDefaultManagedIdentityCredential,\n    ];\n    let credentialFunctions = [];\n    // If AZURE_TOKEN_CREDENTIALS is set, use it to determine which credentials to use.\n    // The value of AZURE_TOKEN_CREDENTIALS should be either \"dev\" or \"prod\".\n    if (azureTokenCredentials) {\n      switch (azureTokenCredentials) {\n        case \"dev\":\n          // If AZURE_TOKEN_CREDENTIALS is set to \"dev\", use the developer tool-based credential chain.\n          credentialFunctions = devCredentialFunctions;\n          break;\n        case \"prod\":\n          // If AZURE_TOKEN_CREDENTIALS is set to \"prod\", use the production credential chain.\n          credentialFunctions = prodCredentialFunctions;\n          break;\n        default: {\n          // If AZURE_TOKEN_CREDENTIALS is set to an unsupported value, throw an error.\n          // We will throw an error here to prevent the creation of the DefaultAzureCredential.\n          const errorMessage = `Invalid value for AZURE_TOKEN_CREDENTIALS = ${process.env.AZURE_TOKEN_CREDENTIALS}. Valid values are 'prod' or 'dev'.`;\n          logger.warning(errorMessage);\n          throw new Error(errorMessage);\n        }\n      }\n    } else {\n      // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n      credentialFunctions = [...prodCredentialFunctions, ...devCredentialFunctions];\n    }\n\n    // Errors from individual credentials should not be thrown in the DefaultAzureCredential constructor, instead throwing on getToken() which is handled by ChainedTokenCredential.\n    // When adding new credentials to the default chain, consider:\n    // 1. Making the constructor parameters required and explicit\n    // 2. Validating any required parameters in the factory function\n    // 3. Returning a UnavailableDefaultCredential from the factory function if a credential is unavailable for any reason\n    const credentials: TokenCredential[] = credentialFunctions.map((createCredentialFn) => {\n      try {\n        return createCredentialFn(options);\n      } catch (err: any) {\n        logger.warning(\n          `Skipped ${createCredentialFn.name} because of an error creating the credential: ${err}`,\n        );\n        return new UnavailableDefaultCredential(createCredentialFn.name, err.message);\n      }\n    });\n\n    super(...credentials);\n  }\n}\n"]}

package/dist/workerd/constants.d.ts

@@ -1,7 +1,7 @@
 /**
  * Current version of the `@azure/identity` package.
  */
-export declare const SDK_VERSION = "4.9.2";
+export declare const SDK_VERSION = "4.10.0";
 /**
  * The default client ID for authentication
  * @internal

package/dist/workerd/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,eAAO,MAAM,WAAW,UAAU,CAAC;AAEnC;;;GAGG;AAIH,eAAO,MAAM,uBAAuB,yCAAyC,CAAC;AAE9E;;;GAGG;AACH,eAAO,MAAM,eAAe,WAAW,CAAC;AAExC;;GAEG;AACH,oBAAY,mBAAmB;IAC7B;;OAEG;IACH,UAAU,mCAAmC;IAC7C;;;;;SAKK;IACL,YAAY,qCAAqC;IACjD;;OAEG;IACH,eAAe,qCAAqC;IACpD;;OAEG;IACH,gBAAgB,sCAAsC;CACvD;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB,uCAAuC,CAAC;AAEzE;;;GAGG;AACH,eAAO,MAAM,gBAAgB,8BAA8B,CAAC;AAE5D;;;GAGG;AACH,eAAO,MAAM,WAAW,EAAE,MAAM,EAAU,CAAC;AAE3C;;GAEG;AACH,eAAO,MAAM,gBAAgB,QAAQ,CAAC;AAEtC;;GAEG;AACH,eAAO,MAAM,oBAAoB,UAAU,CAAC;AAE5C;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,eAAe,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,eAAO,MAAM,WAAW,WAAW,CAAC;AAEpC;;;GAGG;AAIH,eAAO,MAAM,uBAAuB,yCAAyC,CAAC;AAE9E;;;GAGG;AACH,eAAO,MAAM,eAAe,WAAW,CAAC;AAExC;;GAEG;AACH,oBAAY,mBAAmB;IAC7B;;OAEG;IACH,UAAU,mCAAmC;IAC7C;;;;;SAKK;IACL,YAAY,qCAAqC;IACjD;;OAEG;IACH,eAAe,qCAAqC;IACpD;;OAEG;IACH,gBAAgB,sCAAsC;CACvD;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB,uCAAuC,CAAC;AAEzE;;;GAGG;AACH,eAAO,MAAM,gBAAgB,8BAA8B,CAAC;AAE5D;;;GAGG;AACH,eAAO,MAAM,WAAW,EAAE,MAAM,EAAU,CAAC;AAE3C;;GAEG;AACH,eAAO,MAAM,gBAAgB,QAAQ,CAAC;AAEtC;;GAEG;AACH,eAAO,MAAM,oBAAoB,UAAU,CAAC;AAE5C;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,eAAe,CAAC"}

package/dist/workerd/constants.js

@@ -3,7 +3,7 @@
 /**
  * Current version of the `@azure/identity` package.
  */
-export const SDK_VERSION = `4.9.2`;
+export const SDK_VERSION = `4.10.0`;
 /**
  * The default client ID for authentication
  * @internal

package/dist/workerd/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,OAAO,CAAC;AAEnC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AACvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,KAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `4.9.2`;\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n  /**\n   * China-based Azure Authority Host\n   */\n  AzureChina = \"https://login.chinacloudapi.cn\",\n  /**\n   * Germany-based Azure Authority Host\n   *\n   * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n   *\n   * */\n  AzureGermany = \"https://login.microsoftonline.de\",\n  /**\n   * US Government Azure Authority Host\n   */\n  AzureGovernment = \"https://login.microsoftonline.us\",\n  /**\n   * Public Cloud Azure Authority Host\n   */\n  AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/**\n * @internal\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/**\n * @internal\n * The default environment host for Azure Public Cloud\n */\nexport const DefaultAuthority = \"login.microsoftonline.com\";\n\n/**\n * @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n */\nexport const ALL_TENANTS: string[] = [\"*\"];\n\n/**\n * @internal\n */\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/**\n * @internal\n */\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/**\n * @internal\n *\n * The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,QAAQ,CAAC;AAEpC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AACvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,KAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `4.10.0`;\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n  /**\n   * China-based Azure Authority Host\n   */\n  AzureChina = \"https://login.chinacloudapi.cn\",\n  /**\n   * Germany-based Azure Authority Host\n   *\n   * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n   *\n   * */\n  AzureGermany = \"https://login.microsoftonline.de\",\n  /**\n   * US Government Azure Authority Host\n   */\n  AzureGovernment = \"https://login.microsoftonline.us\",\n  /**\n   * Public Cloud Azure Authority Host\n   */\n  AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/**\n * @internal\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/**\n * @internal\n * The default environment host for Azure Public Cloud\n */\nexport const DefaultAuthority = \"login.microsoftonline.com\";\n\n/**\n * @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n */\nexport const ALL_TENANTS: string[] = [\"*\"];\n\n/**\n * @internal\n */\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/**\n * @internal\n */\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/**\n * @internal\n *\n * The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}

package/dist/workerd/credentials/defaultAzureCredential.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"defaultAzureCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,qCAAqC,EACrC,6BAA6B,EAC7B,uCAAuC,EACxC,MAAM,oCAAoC,CAAC;AAU5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAOxD;;;;;GAKG;AACH,wBAAgB,sCAAsC,CACpD,OAAO,GACH,6BAA6B,GAC7B,uCAAuC,GACvC,qCAA0C,GAC7C,eAAe,CA8CjB;AA+ED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CACzC,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;GAGG;AACH,qBAAa,4BAA6B,YAAW,eAAe;IAClE,iCAAiC,EAAE,MAAM,CAAC;IAC1C,cAAc,EAAE,MAAM,CAAC;gBAEX,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAKnD,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAM1B;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,sBAAuB,SAAQ,sBAAsB;IAChE;;;;OAIG;gBACS,OAAO,CAAC,EAAE,qCAAqC;IAE3D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,uCAAuC;IAE7D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,6BAA6B;CA+BpD"}
+{"version":3,"file":"defaultAzureCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,qCAAqC,EACrC,6BAA6B,EAC7B,uCAAuC,EACxC,MAAM,oCAAoC,CAAC;AAU5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAOxD;;;;;GAKG;AACH,wBAAgB,sCAAsC,CACpD,OAAO,GACH,6BAA6B,GAC7B,uCAAuC,GACvC,qCAA0C,GAC7C,eAAe,CA8CjB;AA+ED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CACzC,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;GAGG;AACH,qBAAa,4BAA6B,YAAW,eAAe;IAClE,iCAAiC,EAAE,MAAM,CAAC;IAC1C,cAAc,EAAE,MAAM,CAAC;gBAEX,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAKnD,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAM1B;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,sBAAuB,SAAQ,sBAAsB;IAChE;;;;OAIG;gBACS,OAAO,CAAC,EAAE,qCAAqC;IAE3D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,uCAAuC;IAE7D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,6BAA6B;CA6DpD"}

package/dist/workerd/credentials/defaultAzureCredential.js

@@ -136,15 +136,47 @@ export class UnavailableDefaultCredential {
  */
 export class DefaultAzureCredential extends ChainedTokenCredential {
     constructor(options) {
-        const credentialFunctions = [
-            createEnvironmentCredential,
-            createDefaultWorkloadIdentityCredential,
-            createDefaultManagedIdentityCredential,
+        // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.
+        const azureTokenCredentials = process.env.AZURE_TOKEN_CREDENTIALS
+            ? process.env.AZURE_TOKEN_CREDENTIALS.trim().toLowerCase()
+            : undefined;
+        const devCredentialFunctions = [
             createDefaultAzureCliCredential,
             createDefaultAzurePowershellCredential,
             createDefaultAzureDeveloperCliCredential,
         ];
-        // DefaultCredential constructors should not throw, instead throwing on getToken() which is handled by ChainedTokenCredential.
+        const prodCredentialFunctions = [
+            createEnvironmentCredential,
+            createDefaultWorkloadIdentityCredential,
+            createDefaultManagedIdentityCredential,
+        ];
+        let credentialFunctions = [];
+        // If AZURE_TOKEN_CREDENTIALS is set, use it to determine which credentials to use.
+        // The value of AZURE_TOKEN_CREDENTIALS should be either "dev" or "prod".
+        if (azureTokenCredentials) {
+            switch (azureTokenCredentials) {
+                case "dev":
+                    // If AZURE_TOKEN_CREDENTIALS is set to "dev", use the developer tool-based credential chain.
+                    credentialFunctions = devCredentialFunctions;
+                    break;
+                case "prod":
+                    // If AZURE_TOKEN_CREDENTIALS is set to "prod", use the production credential chain.
+                    credentialFunctions = prodCredentialFunctions;
+                    break;
+                default: {
+                    // If AZURE_TOKEN_CREDENTIALS is set to an unsupported value, throw an error.
+                    // We will throw an error here to prevent the creation of the DefaultAzureCredential.
+                    const errorMessage = `Invalid value for AZURE_TOKEN_CREDENTIALS = ${process.env.AZURE_TOKEN_CREDENTIALS}. Valid values are 'prod' or 'dev'.`;
+                    logger.warning(errorMessage);
+                    throw new Error(errorMessage);
+                }
+            }
+        }
+        else {
+            // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.
+            credentialFunctions = [...prodCredentialFunctions, ...devCredentialFunctions];
+        }
+        // Errors from individual credentials should not be thrown in the DefaultAzureCredential constructor, instead throwing on getToken() which is handled by ChainedTokenCredential.
         // When adding new credentials to the default chain, consider:
         // 1. Making the constructor parameters required and explicit
         // 2. Validating any required parameters in the factory function

package/dist/workerd/credentials/defaultAzureCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"defaultAzureCredential.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAWlC,OAAO,EAAE,yBAAyB,EAAE,MAAM,sCAAsC,CAAC;AAEjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAEnE,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAE7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;GAKG;AACH,MAAM,UAAU,sCAAsC,CACpD,UAG4C,EAAE;;IAE9C,MAAA,OAAO,CAAC,YAAY,oCAApB,OAAO,CAAC,YAAY,GAAK;QACvB,UAAU,EAAE,CAAC;QACb,cAAc,EAAE,GAAG;KACpB,EAAC;IACF,MAAM,uBAAuB,GAC3B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC5B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,wBAAwB,mCAC5E,uBAAuB,CAAC;IAC1B,MAAM,iBAAiB,GAAI,OAAmD,aAAnD,OAAO,uBAAP,OAAO,CAC9B,yBAAyB,CAAC;IAC9B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,gCAAgC,mCACjC,OAAO,KACV,UAAU,EAAE,iBAAiB,GAC9B,CAAC;QACF,OAAO,IAAI,yBAAyB,CAAC,gCAAgC,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,mCAClC,OAAO,KACV,QAAQ,EAAE,QAAQ,GACnB,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAClC,wBAAwB,EACxB,iCAAiC,CAClC,CAAC;IACJ,CAAC;IAED,IAAI,uBAAuB,EAAE,CAAC;QAC5B,MAAM,4BAA4B,mCAC7B,OAAO,KACV,QAAQ,EAAE,uBAAuB,GAClC,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAAC,4BAA4B,CAAC,CAAC;IACrE,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,yBAAyB,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,SAAS,uCAAuC,CAC9C,OAA+E;;IAE/E,MAAM,uBAAuB,GAC3B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC5B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,wBAAwB,mCAC5E,uBAAuB,CAAC;IAC1B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,mCAClC,OAAO,KACV,QAAQ,EACR,QAAQ,EAAE,wBAAwB,EAClC,aAAa,EAAE,YAAY,GAC5B,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,iCAAiC,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,mCAAmC,mCACpC,OAAO,KACV,QAAQ,GACT,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,mCAAmC,CAAC,CAAC;IAC7E,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,SAAS,wCAAwC,CAC/C,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,2BAA2B,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AAC7E,CAAC;AAED;;;;;GAKG;AACH,SAAS,+BAA+B,CACtC,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,kBAAkB,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AACpE,CAAC;AAED;;;;;GAKG;AACH,SAAS,sCAAsC,CAC7C,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,yBAAyB,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AAC3E,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,2BAA2B,CACzC,UAAyC,EAAE;IAE3C,OAAO,IAAI,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IAIvC,YAAY,cAAsB,EAAE,OAAe;QACjD,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,iCAAiC,GAAG,OAAO,CAAC;IACnD,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,YAAY,IAAI,CAAC,cAAc,aAAa,IAAI,CAAC,iCAAiC,EAAE,CACrF,CAAC;QACF,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;CACF;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,OAAO,sBAAuB,SAAQ,sBAAsB;IAsBhE,YAAY,OAAuC;QACjD,MAAM,mBAAmB,GAAG;YAC1B,2BAA2B;YAC3B,uCAAuC;YACvC,sCAAsC;YACtC,+BAA+B;YAC/B,sCAAsC;YACtC,wCAAwC;SACzC,CAAC;QAEF,8HAA8H;QAE9H,8DAA8D;QAC9D,6DAA6D;QAC7D,gEAAgE;QAChE,sHAAsH;QACtH,MAAM,WAAW,GAAsB,mBAAmB,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE;YACpF,IAAI,CAAC;gBACH,OAAO,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,OAAO,CACZ,WAAW,kBAAkB,CAAC,IAAI,iDAAiD,GAAG,EAAE,CACzF,CAAC;gBACF,OAAO,IAAI,4BAA4B,CAAC,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAChF,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,GAAG,WAAW,CAAC,CAAC;IACxB,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type {\n  DefaultAzureCredentialClientIdOptions,\n  DefaultAzureCredentialOptions,\n  DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions.js\";\nimport type {\n  ManagedIdentityCredentialClientIdOptions,\n  ManagedIdentityCredentialResourceIdOptions,\n} from \"./managedIdentityCredential/options.js\";\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential/index.js\";\n\nimport { AzureCliCredential } from \"./azureCliCredential.js\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential.js\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential.js\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential.js\";\nimport { EnvironmentCredential } from \"./environmentCredential.js\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { credentialLogger } from \"../util/logging.js\";\n\nconst logger = credentialLogger(\"DefaultAzureCredential\");\n\n/**\n * Creates a {@link ManagedIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultManagedIdentityCredential(\n  options:\n    | DefaultAzureCredentialOptions\n    | DefaultAzureCredentialResourceIdOptions\n    | DefaultAzureCredentialClientIdOptions = {},\n): TokenCredential {\n  options.retryOptions ??= {\n    maxRetries: 5,\n    retryDelayInMs: 800,\n  };\n  const managedIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n    process.env.AZURE_CLIENT_ID;\n  const workloadIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n    managedIdentityClientId;\n  const managedResourceId = (options as DefaultAzureCredentialResourceIdOptions)\n    ?.managedIdentityResourceId;\n  const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n  const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n  if (managedResourceId) {\n    const managedIdentityResourceIdOptions: ManagedIdentityCredentialResourceIdOptions = {\n      ...options,\n      resourceId: managedResourceId,\n    };\n    return new ManagedIdentityCredential(managedIdentityResourceIdOptions);\n  }\n\n  if (workloadFile && workloadIdentityClientId) {\n    const workloadIdentityCredentialOptions: DefaultAzureCredentialOptions = {\n      ...options,\n      tenantId: tenantId,\n    };\n\n    return new ManagedIdentityCredential(\n      workloadIdentityClientId,\n      workloadIdentityCredentialOptions,\n    );\n  }\n\n  if (managedIdentityClientId) {\n    const managedIdentityClientOptions: ManagedIdentityCredentialClientIdOptions = {\n      ...options,\n      clientId: managedIdentityClientId,\n    };\n\n    return new ManagedIdentityCredential(managedIdentityClientOptions);\n  }\n\n  // We may be able to return a UnavailableCredential here, but that may be a breaking change\n  return new ManagedIdentityCredential(options);\n}\n\n/**\n * Creates a {@link WorkloadIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultWorkloadIdentityCredential(\n  options?: DefaultAzureCredentialOptions | DefaultAzureCredentialClientIdOptions,\n): TokenCredential {\n  const managedIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n    process.env.AZURE_CLIENT_ID;\n  const workloadIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n    managedIdentityClientId;\n  const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n  const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n  if (workloadFile && workloadIdentityClientId) {\n    const workloadIdentityCredentialOptions: WorkloadIdentityCredentialOptions = {\n      ...options,\n      tenantId,\n      clientId: workloadIdentityClientId,\n      tokenFilePath: workloadFile,\n    };\n    return new WorkloadIdentityCredential(workloadIdentityCredentialOptions);\n  }\n  if (tenantId) {\n    const workloadIdentityClientTenantOptions: WorkloadIdentityCredentialOptions = {\n      ...options,\n      tenantId,\n    };\n    return new WorkloadIdentityCredential(workloadIdentityClientTenantOptions);\n  }\n\n  // We may be able to return a UnavailableCredential here, but that may be a breaking change\n  return new WorkloadIdentityCredential(options);\n}\n\n/**\n * Creates a {@link AzureDeveloperCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzureDeveloperCliCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzureDeveloperCliCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates a {@link AzureCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzureCliCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzureCliCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates a {@link AzurePowerShellCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzurePowershellCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzurePowerShellCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates an {@link EnvironmentCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createEnvironmentCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  return new EnvironmentCredential(options);\n}\n\n/**\n * A no-op credential that logs the reason it was skipped if getToken is called.\n * @internal\n */\nexport class UnavailableDefaultCredential implements TokenCredential {\n  credentialUnavailableErrorMessage: string;\n  credentialName: string;\n\n  constructor(credentialName: string, message: string) {\n    this.credentialName = credentialName;\n    this.credentialUnavailableErrorMessage = message;\n  }\n\n  getToken(): Promise<null> {\n    logger.getToken.info(\n      `Skipping ${this.credentialName}, reason: ${this.credentialUnavailableErrorMessage}`,\n    );\n    return Promise.resolve(null);\n  }\n}\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that works for most\n * applications that use Azure SDK client libraries. For more information, see\n * [DefaultAzureCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-defaultazurecredential-for-flexibility).\n *\n * The following credential types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link WorkloadIdentityCredential}\n * - {@link ManagedIdentityCredential}\n * - {@link AzureCliCredential}\n * - {@link AzurePowerShellCredential}\n * - {@link AzureDeveloperCliCredential}\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n */\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialClientIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialResourceIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialOptions);\n\n  constructor(options?: DefaultAzureCredentialOptions) {\n    const credentialFunctions = [\n      createEnvironmentCredential,\n      createDefaultWorkloadIdentityCredential,\n      createDefaultManagedIdentityCredential,\n      createDefaultAzureCliCredential,\n      createDefaultAzurePowershellCredential,\n      createDefaultAzureDeveloperCliCredential,\n    ];\n\n    // DefaultCredential constructors should not throw, instead throwing on getToken() which is handled by ChainedTokenCredential.\n\n    // When adding new credentials to the default chain, consider:\n    // 1. Making the constructor parameters required and explicit\n    // 2. Validating any required parameters in the factory function\n    // 3. Returning a UnavailableDefaultCredential from the factory function if a credential is unavailable for any reason\n    const credentials: TokenCredential[] = credentialFunctions.map((createCredentialFn) => {\n      try {\n        return createCredentialFn(options);\n      } catch (err: any) {\n        logger.warning(\n          `Skipped ${createCredentialFn.name} because of an error creating the credential: ${err}`,\n        );\n        return new UnavailableDefaultCredential(createCredentialFn.name, err.message);\n      }\n    });\n\n    super(...credentials);\n  }\n}\n"]}
+{"version":3,"file":"defaultAzureCredential.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAWlC,OAAO,EAAE,yBAAyB,EAAE,MAAM,sCAAsC,CAAC;AAEjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAEnE,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAE7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;GAKG;AACH,MAAM,UAAU,sCAAsC,CACpD,UAG4C,EAAE;;IAE9C,MAAA,OAAO,CAAC,YAAY,oCAApB,OAAO,CAAC,YAAY,GAAK;QACvB,UAAU,EAAE,CAAC;QACb,cAAc,EAAE,GAAG;KACpB,EAAC;IACF,MAAM,uBAAuB,GAC3B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC5B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,wBAAwB,mCAC5E,uBAAuB,CAAC;IAC1B,MAAM,iBAAiB,GAAI,OAAmD,aAAnD,OAAO,uBAAP,OAAO,CAC9B,yBAAyB,CAAC;IAC9B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,gCAAgC,mCACjC,OAAO,KACV,UAAU,EAAE,iBAAiB,GAC9B,CAAC;QACF,OAAO,IAAI,yBAAyB,CAAC,gCAAgC,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,mCAClC,OAAO,KACV,QAAQ,EAAE,QAAQ,GACnB,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAClC,wBAAwB,EACxB,iCAAiC,CAClC,CAAC;IACJ,CAAC;IAED,IAAI,uBAAuB,EAAE,CAAC;QAC5B,MAAM,4BAA4B,mCAC7B,OAAO,KACV,QAAQ,EAAE,uBAAuB,GAClC,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAAC,4BAA4B,CAAC,CAAC;IACrE,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,yBAAyB,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,SAAS,uCAAuC,CAC9C,OAA+E;;IAE/E,MAAM,uBAAuB,GAC3B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC5B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,wBAAwB,mCAC5E,uBAAuB,CAAC;IAC1B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,mCAClC,OAAO,KACV,QAAQ,EACR,QAAQ,EAAE,wBAAwB,EAClC,aAAa,EAAE,YAAY,GAC5B,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,iCAAiC,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,mCAAmC,mCACpC,OAAO,KACV,QAAQ,GACT,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,mCAAmC,CAAC,CAAC;IAC7E,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,SAAS,wCAAwC,CAC/C,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,2BAA2B,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AAC7E,CAAC;AAED;;;;;GAKG;AACH,SAAS,+BAA+B,CACtC,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,kBAAkB,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AACpE,CAAC;AAED;;;;;GAKG;AACH,SAAS,sCAAsC,CAC7C,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,yBAAyB,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AAC3E,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,2BAA2B,CACzC,UAAyC,EAAE;IAE3C,OAAO,IAAI,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IAIvC,YAAY,cAAsB,EAAE,OAAe;QACjD,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,iCAAiC,GAAG,OAAO,CAAC;IACnD,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,YAAY,IAAI,CAAC,cAAc,aAAa,IAAI,CAAC,iCAAiC,EAAE,CACrF,CAAC;QACF,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;CACF;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,OAAO,sBAAuB,SAAQ,sBAAsB;IAsBhE,YAAY,OAAuC;QACjD,2EAA2E;QAC3E,MAAM,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB;YAC/D,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE;YAC1D,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,sBAAsB,GAAG;YAC7B,+BAA+B;YAC/B,sCAAsC;YACtC,wCAAwC;SACzC,CAAC;QACF,MAAM,uBAAuB,GAAG;YAC9B,2BAA2B;YAC3B,uCAAuC;YACvC,sCAAsC;SACvC,CAAC;QACF,IAAI,mBAAmB,GAAG,EAAE,CAAC;QAC7B,mFAAmF;QACnF,yEAAyE;QACzE,IAAI,qBAAqB,EAAE,CAAC;YAC1B,QAAQ,qBAAqB,EAAE,CAAC;gBAC9B,KAAK,KAAK;oBACR,6FAA6F;oBAC7F,mBAAmB,GAAG,sBAAsB,CAAC;oBAC7C,MAAM;gBACR,KAAK,MAAM;oBACT,oFAAoF;oBACpF,mBAAmB,GAAG,uBAAuB,CAAC;oBAC9C,MAAM;gBACR,OAAO,CAAC,CAAC,CAAC;oBACR,6EAA6E;oBAC7E,qFAAqF;oBACrF,MAAM,YAAY,GAAG,+CAA+C,OAAO,CAAC,GAAG,CAAC,uBAAuB,qCAAqC,CAAC;oBAC7I,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;oBAC7B,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;gBAChC,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,2EAA2E;YAC3E,mBAAmB,GAAG,CAAC,GAAG,uBAAuB,EAAE,GAAG,sBAAsB,CAAC,CAAC;QAChF,CAAC;QAED,gLAAgL;QAChL,8DAA8D;QAC9D,6DAA6D;QAC7D,gEAAgE;QAChE,sHAAsH;QACtH,MAAM,WAAW,GAAsB,mBAAmB,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE;YACpF,IAAI,CAAC;gBACH,OAAO,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,OAAO,CACZ,WAAW,kBAAkB,CAAC,IAAI,iDAAiD,GAAG,EAAE,CACzF,CAAC;gBACF,OAAO,IAAI,4BAA4B,CAAC,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAChF,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,GAAG,WAAW,CAAC,CAAC;IACxB,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type {\n  DefaultAzureCredentialClientIdOptions,\n  DefaultAzureCredentialOptions,\n  DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions.js\";\nimport type {\n  ManagedIdentityCredentialClientIdOptions,\n  ManagedIdentityCredentialResourceIdOptions,\n} from \"./managedIdentityCredential/options.js\";\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential/index.js\";\n\nimport { AzureCliCredential } from \"./azureCliCredential.js\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential.js\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential.js\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential.js\";\nimport { EnvironmentCredential } from \"./environmentCredential.js\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { credentialLogger } from \"../util/logging.js\";\n\nconst logger = credentialLogger(\"DefaultAzureCredential\");\n\n/**\n * Creates a {@link ManagedIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultManagedIdentityCredential(\n  options:\n    | DefaultAzureCredentialOptions\n    | DefaultAzureCredentialResourceIdOptions\n    | DefaultAzureCredentialClientIdOptions = {},\n): TokenCredential {\n  options.retryOptions ??= {\n    maxRetries: 5,\n    retryDelayInMs: 800,\n  };\n  const managedIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n    process.env.AZURE_CLIENT_ID;\n  const workloadIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n    managedIdentityClientId;\n  const managedResourceId = (options as DefaultAzureCredentialResourceIdOptions)\n    ?.managedIdentityResourceId;\n  const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n  const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n  if (managedResourceId) {\n    const managedIdentityResourceIdOptions: ManagedIdentityCredentialResourceIdOptions = {\n      ...options,\n      resourceId: managedResourceId,\n    };\n    return new ManagedIdentityCredential(managedIdentityResourceIdOptions);\n  }\n\n  if (workloadFile && workloadIdentityClientId) {\n    const workloadIdentityCredentialOptions: DefaultAzureCredentialOptions = {\n      ...options,\n      tenantId: tenantId,\n    };\n\n    return new ManagedIdentityCredential(\n      workloadIdentityClientId,\n      workloadIdentityCredentialOptions,\n    );\n  }\n\n  if (managedIdentityClientId) {\n    const managedIdentityClientOptions: ManagedIdentityCredentialClientIdOptions = {\n      ...options,\n      clientId: managedIdentityClientId,\n    };\n\n    return new ManagedIdentityCredential(managedIdentityClientOptions);\n  }\n\n  // We may be able to return a UnavailableCredential here, but that may be a breaking change\n  return new ManagedIdentityCredential(options);\n}\n\n/**\n * Creates a {@link WorkloadIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultWorkloadIdentityCredential(\n  options?: DefaultAzureCredentialOptions | DefaultAzureCredentialClientIdOptions,\n): TokenCredential {\n  const managedIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n    process.env.AZURE_CLIENT_ID;\n  const workloadIdentityClientId =\n    (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n    managedIdentityClientId;\n  const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n  const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n  if (workloadFile && workloadIdentityClientId) {\n    const workloadIdentityCredentialOptions: WorkloadIdentityCredentialOptions = {\n      ...options,\n      tenantId,\n      clientId: workloadIdentityClientId,\n      tokenFilePath: workloadFile,\n    };\n    return new WorkloadIdentityCredential(workloadIdentityCredentialOptions);\n  }\n  if (tenantId) {\n    const workloadIdentityClientTenantOptions: WorkloadIdentityCredentialOptions = {\n      ...options,\n      tenantId,\n    };\n    return new WorkloadIdentityCredential(workloadIdentityClientTenantOptions);\n  }\n\n  // We may be able to return a UnavailableCredential here, but that may be a breaking change\n  return new WorkloadIdentityCredential(options);\n}\n\n/**\n * Creates a {@link AzureDeveloperCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzureDeveloperCliCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzureDeveloperCliCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates a {@link AzureCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzureCliCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzureCliCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates a {@link AzurePowerShellCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzurePowershellCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  const processTimeoutInMs = options.processTimeoutInMs;\n  return new AzurePowerShellCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates an {@link EnvironmentCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createEnvironmentCredential(\n  options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n  return new EnvironmentCredential(options);\n}\n\n/**\n * A no-op credential that logs the reason it was skipped if getToken is called.\n * @internal\n */\nexport class UnavailableDefaultCredential implements TokenCredential {\n  credentialUnavailableErrorMessage: string;\n  credentialName: string;\n\n  constructor(credentialName: string, message: string) {\n    this.credentialName = credentialName;\n    this.credentialUnavailableErrorMessage = message;\n  }\n\n  getToken(): Promise<null> {\n    logger.getToken.info(\n      `Skipping ${this.credentialName}, reason: ${this.credentialUnavailableErrorMessage}`,\n    );\n    return Promise.resolve(null);\n  }\n}\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that works for most\n * applications that use Azure SDK client libraries. For more information, see\n * [DefaultAzureCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-defaultazurecredential-for-flexibility).\n *\n * The following credential types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link WorkloadIdentityCredential}\n * - {@link ManagedIdentityCredential}\n * - {@link AzureCliCredential}\n * - {@link AzurePowerShellCredential}\n * - {@link AzureDeveloperCliCredential}\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n */\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialClientIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialResourceIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialOptions);\n\n  constructor(options?: DefaultAzureCredentialOptions) {\n    // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n    const azureTokenCredentials = process.env.AZURE_TOKEN_CREDENTIALS\n      ? process.env.AZURE_TOKEN_CREDENTIALS.trim().toLowerCase()\n      : undefined;\n    const devCredentialFunctions = [\n      createDefaultAzureCliCredential,\n      createDefaultAzurePowershellCredential,\n      createDefaultAzureDeveloperCliCredential,\n    ];\n    const prodCredentialFunctions = [\n      createEnvironmentCredential,\n      createDefaultWorkloadIdentityCredential,\n      createDefaultManagedIdentityCredential,\n    ];\n    let credentialFunctions = [];\n    // If AZURE_TOKEN_CREDENTIALS is set, use it to determine which credentials to use.\n    // The value of AZURE_TOKEN_CREDENTIALS should be either \"dev\" or \"prod\".\n    if (azureTokenCredentials) {\n      switch (azureTokenCredentials) {\n        case \"dev\":\n          // If AZURE_TOKEN_CREDENTIALS is set to \"dev\", use the developer tool-based credential chain.\n          credentialFunctions = devCredentialFunctions;\n          break;\n        case \"prod\":\n          // If AZURE_TOKEN_CREDENTIALS is set to \"prod\", use the production credential chain.\n          credentialFunctions = prodCredentialFunctions;\n          break;\n        default: {\n          // If AZURE_TOKEN_CREDENTIALS is set to an unsupported value, throw an error.\n          // We will throw an error here to prevent the creation of the DefaultAzureCredential.\n          const errorMessage = `Invalid value for AZURE_TOKEN_CREDENTIALS = ${process.env.AZURE_TOKEN_CREDENTIALS}. Valid values are 'prod' or 'dev'.`;\n          logger.warning(errorMessage);\n          throw new Error(errorMessage);\n        }\n      }\n    } else {\n      // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n      credentialFunctions = [...prodCredentialFunctions, ...devCredentialFunctions];\n    }\n\n    // Errors from individual credentials should not be thrown in the DefaultAzureCredential constructor, instead throwing on getToken() which is handled by ChainedTokenCredential.\n    // When adding new credentials to the default chain, consider:\n    // 1. Making the constructor parameters required and explicit\n    // 2. Validating any required parameters in the factory function\n    // 3. Returning a UnavailableDefaultCredential from the factory function if a credential is unavailable for any reason\n    const credentials: TokenCredential[] = credentialFunctions.map((createCredentialFn) => {\n      try {\n        return createCredentialFn(options);\n      } catch (err: any) {\n        logger.warning(\n          `Skipped ${createCredentialFn.name} because of an error creating the credential: ${err}`,\n        );\n        return new UnavailableDefaultCredential(createCredentialFn.name, err.message);\n      }\n    });\n\n    super(...credentials);\n  }\n}\n"]}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@azure/identity",
   "sdk-type": "client",
-  "version": "4.9.2-alpha.20250513.1",
+  "version": "4.10.0",
   "description": "Provides credential implementations for Azure SDK libraries that can authenticate with Microsoft Entra ID",
   "main": "./dist/commonjs/index.js",
   "module": "./dist/esm/index.js",
@@ -86,10 +86,10 @@
     "tslib": "^2.2.0"
   },
   "devDependencies": {
-    "@azure-tools/test-recorder": ">=4.1.0-alpha <4.1.0-alphb",
-    "@azure-tools/test-utils-vitest": ">=1.0.0-alpha <1.0.0-alphb",
-    "@azure/dev-tool": ">=1.0.0-alpha <1.0.0-alphb",
-    "@azure/eslint-plugin-azure-sdk": ">=3.0.0-alpha <3.0.0-alphb",
+    "@azure-tools/test-recorder": "^4.1.0",
+    "@azure-tools/test-utils-vitest": "^1.0.0",
+    "@azure/dev-tool": "^1.0.0",
+    "@azure/eslint-plugin-azure-sdk": "^3.0.0",
     "@azure/keyvault-keys": "^4.2.0",
     "@types/jsonwebtoken": "^9.0.0",
     "@types/ms": "^2.1.0",