@databricks/sdk-auth 0.0.0-dev → 0.1.0-dev.2

package/dist/credentials/u2m.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"u2m.js","sourceRoot":"","sources":["../../src/credentials/u2m.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAC,QAAQ,EAAC,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAC,IAAI,EAAC,MAAM,kBAAkB,CAAC;AACtC,OAAO,EAAC,IAAI,EAAE,GAAG,EAAC,MAAM,WAAW,CAAC;AACpC,OAAO,EAAC,GAAG,EAAE,QAAQ,EAAC,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAC,SAAS,EAAC,MAAM,WAAW,CAAC;AAEpC,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,EAAC,mBAAmB,EAAE,eAAe,EAAC,MAAM,SAAS,CAAC;AAE7D,OAAO,EAAC,mBAAmB,EAAC,MAAM,UAAU,CAAC;AAE7C,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C;;;GAGG;AACH,MAAM,uBAAuB,GAAG,IAAI,GAAG,IAAI,CAAC;AAiB5C;;;;;;;GAOG;AACH,MAAM,UAAU,iBAAiB,CAC/B,OAA8B;IAE9B,IAAI,OAAO,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;QAC3B,MAAM,IAAI,mBAAmB,CAAC,kBAAkB,EAAE,qBAAqB,CAAC,CAAC;IAC3E,CAAC;IACD,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC;IAC/D,OAAO,mBAAmB,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;AACzD,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,OAA8B;IACzD,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACzD,OAAO,cAAc,CAAC;QACpB,OAAO;QACP,MAAM;QACN,OAAO;QACP,WAAW;QACX,OAAO,CAAC,OAAO;KAChB,CAAC,CAAC;AACL,CAAC;AAED,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;CACnB,CAAC,CAAC;AAEH,KAAK,UAAU,cAAc,CAAC,IAAc;IAC1C,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;IAEhC,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAClD,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IACzB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,mBAAmB,CAC3B,oBAAoB,EACpB,4BAA4B,eAAe,CAAC,CAAC,CAAC,EAAE,CACjD,CAAC;IACJ,CAAC;IAED,IAAI,GAAY,CAAC;IACjB,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,KAAK,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACzD,MAAM,IAAI,mBAAmB,CAC3B,kBAAkB,EAClB,8BAA8B,KAAK,EAAE,CACtC,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,sBAAsB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACrD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,mBAAmB,CAC3B,kBAAkB,EAClB,yBAAyB,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAChD,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC;IAE3B,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACvC,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,mBAAmB,CAC3B,kBAAkB,EAClB,8BAA8B,MAAM,CAAC,MAAM,EAAE,CAC9C,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,YAAY;QAC1B,GAAG,CAAC,MAAM,CAAC,UAAU,KAAK,SAAS,IAAI,EAAC,IAAI,EAAE,MAAM,CAAC,UAAU,EAAC,CAAC;QACjE,MAAM;KACP,CAAC;AACJ,CAAC;AAOD,SAAS,eAAe,CAAC,CAAU;IACjC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,CAAkB,CAAC;QAC/B,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC;QACtC,CAAC;QACD,OAAO,GAAG,CAAC,OAAO,CAAC;IACrB,CAAC;IACD,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;AACnB,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,iBAAiB,CAAC,OAAgB;IAC/C,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACnD,OAAO,eAAe,CAAC,OAAO,CAAC,CAAC;QAClC,CAAC;QACD,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IACD,IAAI,CAAC;QACH,OAAO,MAAM,UAAU,CAAC,YAAY,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YACzB,OAAO,UAAU,CAAC,gBAAgB,CAAC,CAAC;QACtC,CAAC;QACD,MAAM,CAAC,CAAC;IACV,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,IAAY;IACpC,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;IAC/B,IAAI,OAAO,KAAK,EAAE,EAAE,CAAC;QACnB,MAAM,IAAI,mBAAmB,CAAC,eAAe,EAAE,0BAA0B,CAAC,CAAC;IAC7E,CAAC;IACD,MAAM,KAAK,GAAG,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAC/C,IAAI,WAA4C,CAAC;IACjD,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QACvC,IAAI,GAAG,KAAK,EAAE,EAAE,CAAC;YACf,SAAS;QACX,CAAC;QACD,IAAI,CAAC;YACH,OAAO,MAAM,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;QAChD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IACE,CAAC,YAAY,mBAAmB;gBAChC,CAAC,CAAC,IAAI,KAAK,qBAAqB,EAChC,CAAC;gBACD,WAAW,GAAG,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;IACH,CAAC;IACD,MAAM,CACJ,WAAW;QACX,IAAI,mBAAmB,CAAC,eAAe,EAAE,0BAA0B,CAAC,CACrE,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,IAAY;IACzC,IAAI,IAAI,CAAC;IACT,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,mBAAmB,CAAC,eAAe,EAAE,0BAA0B,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;QACvB,MAAM,IAAI,mBAAmB,CAAC,eAAe,EAAE,0BAA0B,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,GAAG,uBAAuB,EAAE,CAAC;QACxC,MAAM,IAAI,mBAAmB,CAC3B,qBAAqB,EACrB,uDAAuD,CACxD,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Databricks authentication library for JavaScript/TypeScript.
+ *
+ * @packageDocumentation
+ */
+export type { Header, Token, Credentials, TokenProvider, TokenCredentials, } from './auth';
+export { newTokenCredentials, tokenProviderFn } from './auth';
+/** Version of this auth library, sourced from package.json. */
+export declare const VERSION: string;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,YAAY,EACV,MAAM,EACN,KAAK,EACL,WAAW,EACX,aAAa,EACb,gBAAgB,GACjB,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAC,mBAAmB,EAAE,eAAe,EAAC,MAAM,QAAQ,CAAC;AAE5D,+DAA+D;AAC/D,eAAO,MAAM,OAAO,EAAE,MAAwB,CAAC"}

package/dist/index.js

@@ -0,0 +1,10 @@
+/**
+ * Databricks authentication library for JavaScript/TypeScript.
+ *
+ * @packageDocumentation
+ */
+import pkgJson from '../package.json' with { type: 'json' };
+export { newTokenCredentials, tokenProviderFn } from './auth';
+/** Version of this auth library, sourced from package.json. */
+export const VERSION = pkgJson.version;
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,OAAO,MAAM,iBAAiB,CAAC,OAAM,IAAI,EAAE,MAAM,EAAC,CAAC;AAS1D,OAAO,EAAC,mBAAmB,EAAE,eAAe,EAAC,MAAM,QAAQ,CAAC;AAE5D,+DAA+D;AAC/D,MAAM,CAAC,MAAM,OAAO,GAAW,OAAO,CAAC,OAAO,CAAC"}

package/dist/oidc/env.d.ts

@@ -0,0 +1,10 @@
+import type { IdTokenProvider } from './oidc';
+/**
+ * Returns an IdTokenProvider that reads the ID token from environment variable
+ * `name`.
+ *
+ * Note that the IdTokenProvider does not cache the token and will read the
+ * token from environment variable `name` each time.
+ */
+export declare function newEnvIdTokenProvider(name: string): IdTokenProvider;
+//# sourceMappingURL=env.d.ts.map

package/dist/oidc/env.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../../src/oidc/env.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,QAAQ,CAAC;AAG5C;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,CAQnE"}

package/dist/oidc/env.js

@@ -0,0 +1,19 @@
+import { env } from 'node:process';
+import { idTokenProviderFn } from './oidc';
+/**
+ * Returns an IdTokenProvider that reads the ID token from environment variable
+ * `name`.
+ *
+ * Note that the IdTokenProvider does not cache the token and will read the
+ * token from environment variable `name` each time.
+ */
+export function newEnvIdTokenProvider(name) {
+    return idTokenProviderFn(() => {
+        const t = env[name];
+        if (t === undefined || t === '') {
+            return Promise.reject(new Error(`missing env var "${name}"`));
+        }
+        return Promise.resolve({ value: t });
+    });
+}
+//# sourceMappingURL=env.js.map

package/dist/oidc/env.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.js","sourceRoot":"","sources":["../../src/oidc/env.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,GAAG,EAAC,MAAM,cAAc,CAAC;AAGjC,OAAO,EAAC,iBAAiB,EAAC,MAAM,QAAQ,CAAC;AAEzC;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAY;IAChD,OAAO,iBAAiB,CAAC,GAAG,EAAE;QAC5B,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;QACpB,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAChC,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,oBAAoB,IAAI,GAAG,CAAC,CAAC,CAAC;QAChE,CAAC;QACD,OAAO,OAAO,CAAC,OAAO,CAAC,EAAC,KAAK,EAAE,CAAC,EAAC,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/oidc/file.d.ts

@@ -0,0 +1,7 @@
+import type { IdTokenProvider } from './oidc';
+/**
+ * Returns an IdTokenProvider that reads the ID token from a file. The file
+ * should contain a single line with the token.
+ */
+export declare function newFileTokenProvider(path: string): IdTokenProvider;
+//# sourceMappingURL=file.d.ts.map

package/dist/oidc/file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"file.d.ts","sourceRoot":"","sources":["../../src/oidc/file.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,QAAQ,CAAC;AAG5C;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,CAmBlE"}

package/dist/oidc/file.js

@@ -0,0 +1,28 @@
+import { readFile } from 'node:fs/promises';
+import { idTokenProviderFn } from './oidc';
+/**
+ * Returns an IdTokenProvider that reads the ID token from a file. The file
+ * should contain a single line with the token.
+ */
+export function newFileTokenProvider(path) {
+    return idTokenProviderFn(async () => {
+        if (path === '') {
+            throw new Error('missing path');
+        }
+        let content;
+        try {
+            content = await readFile(path, 'utf-8');
+        }
+        catch (e) {
+            if (e instanceof Error && 'code' in e && e.code === 'ENOENT') {
+                throw new Error(`file "${path}" does not exist`);
+            }
+            throw e;
+        }
+        if (content.length === 0) {
+            throw new Error(`file "${path}" is empty`);
+        }
+        return { value: content };
+    });
+}
+//# sourceMappingURL=file.js.map

package/dist/oidc/file.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"file.js","sourceRoot":"","sources":["../../src/oidc/file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,QAAQ,EAAC,MAAM,kBAAkB,CAAC;AAG1C,OAAO,EAAC,iBAAiB,EAAC,MAAM,QAAQ,CAAC;AAEzC;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAAC,IAAY;IAC/C,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;QAClC,IAAI,IAAI,KAAK,EAAE,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,IAAI,CAAC,YAAY,KAAK,IAAI,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC7D,MAAM,IAAI,KAAK,CAAC,SAAS,IAAI,kBAAkB,CAAC,CAAC;YACnD,CAAC;YACD,MAAM,CAAC,CAAC;QACV,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,SAAS,IAAI,YAAY,CAAC,CAAC;QAC7C,CAAC;QACD,OAAO,EAAC,KAAK,EAAE,OAAO,EAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/oidc/index.browser.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Browser entry point for OIDC ID token utilities and the Databricks OIDC
+ * token-exchange provider.
+ *
+ * This package is experimental and subject to change.
+ *
+ * @packageDocumentation
+ */
+export type { IdToken, IdTokenProvider } from './oidc';
+export { idTokenProviderFn } from './oidc';
+export type { DatabricksOidcTokenProviderConfig, OAuthAuthorizationServer, } from './tokensource';
+export { newDatabricksOidcTokenProvider } from './tokensource';
+//# sourceMappingURL=index.browser.d.ts.map

package/dist/oidc/index.browser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.browser.d.ts","sourceRoot":"","sources":["../../src/oidc/index.browser.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,YAAY,EAAC,OAAO,EAAE,eAAe,EAAC,MAAM,QAAQ,CAAC;AACrD,OAAO,EAAC,iBAAiB,EAAC,MAAM,QAAQ,CAAC;AACzC,YAAY,EACV,iCAAiC,EACjC,wBAAwB,GACzB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAC,8BAA8B,EAAC,MAAM,eAAe,CAAC"}

package/dist/oidc/index.browser.js

@@ -0,0 +1,11 @@
+/**
+ * Browser entry point for OIDC ID token utilities and the Databricks OIDC
+ * token-exchange provider.
+ *
+ * This package is experimental and subject to change.
+ *
+ * @packageDocumentation
+ */
+export { idTokenProviderFn } from './oidc';
+export { newDatabricksOidcTokenProvider } from './tokensource';
+//# sourceMappingURL=index.browser.js.map

package/dist/oidc/index.browser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.browser.js","sourceRoot":"","sources":["../../src/oidc/index.browser.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAC,iBAAiB,EAAC,MAAM,QAAQ,CAAC;AAKzC,OAAO,EAAC,8BAA8B,EAAC,MAAM,eAAe,CAAC"}

package/dist/oidc/index.d.ts

@@ -0,0 +1,14 @@
+/**
+ * OIDC ID token utilities and Databricks OIDC token-exchange provider.
+ *
+ * This package is experimental and subject to change.
+ *
+ * @packageDocumentation
+ */
+export type { IdToken, IdTokenProvider } from './oidc';
+export { idTokenProviderFn } from './oidc';
+export { newEnvIdTokenProvider } from './env';
+export { newFileTokenProvider } from './file';
+export type { DatabricksOidcTokenProviderConfig, OAuthAuthorizationServer, } from './tokensource';
+export { newDatabricksOidcTokenProvider } from './tokensource';
+//# sourceMappingURL=index.d.ts.map

package/dist/oidc/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/oidc/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,YAAY,EAAC,OAAO,EAAE,eAAe,EAAC,MAAM,QAAQ,CAAC;AACrD,OAAO,EAAC,iBAAiB,EAAC,MAAM,QAAQ,CAAC;AACzC,OAAO,EAAC,qBAAqB,EAAC,MAAM,OAAO,CAAC;AAC5C,OAAO,EAAC,oBAAoB,EAAC,MAAM,QAAQ,CAAC;AAC5C,YAAY,EACV,iCAAiC,EACjC,wBAAwB,GACzB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAC,8BAA8B,EAAC,MAAM,eAAe,CAAC"}

package/dist/oidc/index.js

@@ -0,0 +1,12 @@
+/**
+ * OIDC ID token utilities and Databricks OIDC token-exchange provider.
+ *
+ * This package is experimental and subject to change.
+ *
+ * @packageDocumentation
+ */
+export { idTokenProviderFn } from './oidc';
+export { newEnvIdTokenProvider } from './env';
+export { newFileTokenProvider } from './file';
+export { newDatabricksOidcTokenProvider } from './tokensource';
+//# sourceMappingURL=index.js.map

package/dist/oidc/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/oidc/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAC,iBAAiB,EAAC,MAAM,QAAQ,CAAC;AACzC,OAAO,EAAC,qBAAqB,EAAC,MAAM,OAAO,CAAC;AAC5C,OAAO,EAAC,oBAAoB,EAAC,MAAM,QAAQ,CAAC;AAK5C,OAAO,EAAC,8BAA8B,EAAC,MAAM,eAAe,CAAC"}

package/dist/oidc/oidc.d.ts

@@ -0,0 +1,21 @@
+/**
+ * IdToken represents an OIDC ID token that can be exchanged for a Databricks
+ * access token.
+ */
+export interface IdToken {
+    value: string;
+}
+/**
+ * IdTokenProvider is anything that returns an IdToken given an audience.
+ */
+export interface IdTokenProvider {
+    idToken(audience: string): Promise<IdToken>;
+}
+/**
+ * Adapter to allow the use of ordinary functions as IdTokenProvider.
+ *
+ * @example
+ * const provider = idTokenProviderFn(async () => ({ value: 'my-id-token' }));
+ */
+export declare function idTokenProviderFn(fn: (audience: string) => Promise<IdToken>): IdTokenProvider;
+//# sourceMappingURL=oidc.d.ts.map

package/dist/oidc/oidc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../src/oidc/oidc.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,WAAW,OAAO;IACtB,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7C;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAC/B,EAAE,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,GACzC,eAAe,CAEjB"}

package/dist/oidc/oidc.js

@@ -0,0 +1,10 @@
+/**
+ * Adapter to allow the use of ordinary functions as IdTokenProvider.
+ *
+ * @example
+ * const provider = idTokenProviderFn(async () => ({ value: 'my-id-token' }));
+ */
+export function idTokenProviderFn(fn) {
+    return { idToken: fn };
+}
+//# sourceMappingURL=oidc.js.map

package/dist/oidc/oidc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.js","sourceRoot":"","sources":["../../src/oidc/oidc.ts"],"names":[],"mappings":"AAeA;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAC/B,EAA0C;IAE1C,OAAO,EAAC,OAAO,EAAE,EAAE,EAAC,CAAC;AACvB,CAAC"}

package/dist/oidc/tokensource.d.ts

@@ -0,0 +1,56 @@
+/**
+ * Databricks OIDC token-exchange provider. Exchanges an OIDC ID token for a
+ * Databricks access token using the OAuth 2.0 token-exchange grant.
+ */
+import type { TokenProvider } from '../auth';
+import type { IdTokenProvider } from './oidc';
+/**
+ * OAuthAuthorizationServer describes the OAuth endpoints used to mint
+ * Databricks access tokens.
+ */
+export interface OAuthAuthorizationServer {
+    tokenEndpoint: string;
+}
+/**
+ * DatabricksOidcTokenProviderConfig is the configuration for a Databricks OIDC
+ * TokenProvider.
+ */
+export interface DatabricksOidcTokenProviderConfig {
+    /**
+     * Client ID of the Databricks OIDC application. It corresponds to the
+     * Application ID of the Databricks Service Principal.
+     *
+     * This field is only required for Workload Identity Federation and should
+     * be empty for Account-wide token federation.
+     */
+    clientId?: string;
+    /**
+     * Account ID of the Databricks Account. This field is only required for
+     * Account-wide token federation.
+     */
+    accountId?: string;
+    /**
+     * Host is the host of the Databricks account or workspace.
+     */
+    host: string;
+    /**
+     * TokenEndpointProvider returns the token endpoint for the Databricks OIDC
+     * application.
+     */
+    tokenEndpointProvider: () => Promise<OAuthAuthorizationServer>;
+    /**
+     * Audience is the audience of the Databricks OIDC application.
+     * This is only used for Workspace level tokens.
+     */
+    audience?: string;
+    /**
+     * IdTokenProvider returns the ID token to be used for the token exchange.
+     */
+    idTokenProvider: IdTokenProvider;
+}
+/**
+ * Returns a new Databricks OIDC TokenProvider that exchanges an OIDC ID token
+ * for a Databricks access token using the OAuth 2.0 token-exchange grant.
+ */
+export declare function newDatabricksOidcTokenProvider(config: DatabricksOidcTokenProviderConfig): TokenProvider;
+//# sourceMappingURL=tokensource.d.ts.map

package/dist/oidc/tokensource.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokensource.d.ts","sourceRoot":"","sources":["../../src/oidc/tokensource.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,KAAK,EAAQ,aAAa,EAAC,MAAM,SAAS,CAAC;AAGlD,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,QAAQ,CAAC;AAE5C;;;GAGG;AACH,MAAM,WAAW,wBAAwB;IACvC,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;;GAGG;AACH,MAAM,WAAW,iCAAiC;IAChD;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,qBAAqB,EAAE,MAAM,OAAO,CAAC,wBAAwB,CAAC,CAAC;IAE/D;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,eAAe,EAAE,eAAe,CAAC;CAClC;AAED;;;GAGG;AACH,wBAAgB,8BAA8B,CAC5C,MAAM,EAAE,iCAAiC,GACxC,aAAa,CAEf"}

package/dist/oidc/tokensource.js

@@ -0,0 +1,62 @@
+/**
+ * Databricks OIDC token-exchange provider. Exchanges an OIDC ID token for a
+ * Databricks access token using the OAuth 2.0 token-exchange grant.
+ */
+import { z } from 'zod';
+import { tokenProviderFn } from '../auth';
+/**
+ * Returns a new Databricks OIDC TokenProvider that exchanges an OIDC ID token
+ * for a Databricks access token using the OAuth 2.0 token-exchange grant.
+ */
+export function newDatabricksOidcTokenProvider(config) {
+    return tokenProviderFn(() => exchangeIdToken(config));
+}
+async function exchangeIdToken(config) {
+    if (config.host === '') {
+        throw new Error('missing Host');
+    }
+    const endpoints = await config.tokenEndpointProvider();
+    const audience = determineAudience(config, endpoints);
+    const idToken = await config.idTokenProvider.idToken(audience);
+    const params = new URLSearchParams();
+    if (config.clientId !== undefined && config.clientId !== '') {
+        params.set('client_id', config.clientId);
+    }
+    params.set('scope', 'all-apis');
+    params.set('subject_token_type', 'urn:ietf:params:oauth:token-type:jwt');
+    params.set('subject_token', idToken.value);
+    params.set('grant_type', 'urn:ietf:params:oauth:grant-type:token-exchange');
+    const response = await fetch(endpoints.tokenEndpoint, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: params.toString(),
+    });
+    if (!response.ok) {
+        const text = await response.text();
+        throw new Error(`token request failed with status ${response.status.toString()}: ${text}`);
+    }
+    const parsed = tokenResponseSchema.parse(await response.json());
+    const expiry = parsed.expires_in !== undefined
+        ? new Date(Date.now() + parsed.expires_in * 1000)
+        : undefined;
+    return {
+        value: parsed.access_token,
+        ...(parsed.token_type !== undefined && { type: parsed.token_type }),
+        ...(expiry !== undefined && { expiry }),
+    };
+}
+function determineAudience(config, endpoints) {
+    if (config.audience !== undefined && config.audience !== '') {
+        return config.audience;
+    }
+    if (config.accountId !== undefined && config.accountId !== '') {
+        return config.accountId;
+    }
+    return endpoints.tokenEndpoint;
+}
+const tokenResponseSchema = z.object({
+    access_token: z.string(),
+    token_type: z.string().optional(),
+    expires_in: z.number().optional(),
+});
+//# sourceMappingURL=tokensource.js.map

package/dist/oidc/tokensource.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokensource.js","sourceRoot":"","sources":["../../src/oidc/tokensource.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,EAAC,eAAe,EAAC,MAAM,SAAS,CAAC;AAuDxC;;;GAGG;AACH,MAAM,UAAU,8BAA8B,CAC5C,MAAyC;IAEzC,OAAO,eAAe,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC;AACxD,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,MAAyC;IAEzC,IAAI,MAAM,CAAC,IAAI,KAAK,EAAE,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;IAClC,CAAC;IACD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,qBAAqB,EAAE,CAAC;IACvD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACtD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE/D,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IACrC,IAAI,MAAM,CAAC,QAAQ,KAAK,SAAS,IAAI,MAAM,CAAC,QAAQ,KAAK,EAAE,EAAE,CAAC;QAC5D,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IACD,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAChC,MAAM,CAAC,GAAG,CAAC,oBAAoB,EAAE,sCAAsC,CAAC,CAAC;IACzE,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IAC3C,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,iDAAiD,CAAC,CAAC;IAE5E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,aAAa,EAAE;QACpD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAC,cAAc,EAAE,mCAAmC,EAAC;QAC9D,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;KACxB,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CACb,oCAAoC,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE,CAC1E,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,mBAAmB,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAChE,MAAM,MAAM,GACV,MAAM,CAAC,UAAU,KAAK,SAAS;QAC7B,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;QACjD,CAAC,CAAC,SAAS,CAAC;IAChB,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,YAAY;QAC1B,GAAG,CAAC,MAAM,CAAC,UAAU,KAAK,SAAS,IAAI,EAAC,IAAI,EAAE,MAAM,CAAC,UAAU,EAAC,CAAC;QACjE,GAAG,CAAC,MAAM,KAAK,SAAS,IAAI,EAAC,MAAM,EAAC,CAAC;KACtC,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CACxB,MAAyC,EACzC,SAAmC;IAEnC,IAAI,MAAM,CAAC,QAAQ,KAAK,SAAS,IAAI,MAAM,CAAC,QAAQ,KAAK,EAAE,EAAE,CAAC;QAC5D,OAAO,MAAM,CAAC,QAAQ,CAAC;IACzB,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,IAAI,MAAM,CAAC,SAAS,KAAK,EAAE,EAAE,CAAC;QAC9D,OAAO,MAAM,CAAC,SAAS,CAAC;IAC1B,CAAC;IACD,OAAO,SAAS,CAAC,aAAa,CAAC;AACjC,CAAC;AAED,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC,CAAC"}

package/package.json

@@ -1,7 +1,55 @@
 {
   "name": "@databricks/sdk-auth",
-  "version": "0.0.0-dev",
-  "description": "Bootstrap placeholder; real contents in a later release.",
-  "main": "index.js",
-  "license": "Apache-2.0"
+  "version": "0.1.0-dev.2",
+  "description": "Databricks authentication library for JavaScript/TypeScript",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./credentials": {
+      "types": "./dist/credentials/index.d.ts",
+      "import": "./dist/credentials/index.js"
+    },
+    "./credentials/browser": {
+      "types": "./dist/credentials/index.browser.d.ts",
+      "import": "./dist/credentials/index.browser.js"
+    },
+    "./oidc": {
+      "types": "./dist/oidc/index.d.ts",
+      "import": "./dist/oidc/index.js"
+    },
+    "./oidc/browser": {
+      "types": "./dist/oidc/index.browser.d.ts",
+      "import": "./dist/oidc/index.browser.js"
+    }
+  },
+  "files": [
+    "dist",
+    "src",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc -b",
+    "lint": "eslint src tests --ext .ts",
+    "lint:fix": "eslint src tests --ext .ts --fix",
+    "format": "prettier --write \"src/**/*.ts\" \"tests/**/*.ts\"",
+    "format:check": "prettier --check \"src/**/*.ts\" \"tests/**/*.ts\"",
+    "test": "vitest run",
+    "test:browser": "vitest run --config vitest.config.browser.ts",
+    "typecheck": "tsc --noEmit",
+    "clean": "rm -rf dist tsconfig.tsbuildinfo"
+  },
+  "author": "Databricks",
+  "license": "Apache-2.0",
+  "engines": {
+    "node": ">=22.0.0"
+  },
+  "dependencies": {
+    "@databricks/sdk-core": ">=0.1.0-dev.3 <1.0.0",
+    "zod": "^4.3.6"
+  }
 }

package/src/auth.ts

@@ -0,0 +1,117 @@
+/**
+ * Core authentication interfaces and types for the Databricks SDK.
+ *
+ * This module is not meant to be used directly by consumers of the SDK
+ * and is subject to change without notice.
+ *
+ * @packageDocumentation
+ */
+
+/**
+ * Represents a header that can be used to sign requests.
+ */
+export interface Header {
+  key: string;
+  value: string;
+}
+
+/**
+ * Anything that can return authentication headers.
+ */
+export interface Credentials {
+  /**
+   * Short identifier for the authentication strategy, e.g. `pat` or
+   * `oauth-m2m`. Used for logging and for selecting between strategies.
+   */
+  name(): string;
+
+  /**
+   * Returns headers to authenticate requests.
+   */
+  authHeaders(): Promise<Header[]>;
+}
+
+/**
+ * Represents a token that can be used to sign requests.
+ */
+export interface Token {
+  /**
+   * The raw value to sign requests with.
+   * It typically is an access token but can represent other types of tokens
+   * (e.g., ID tokens).
+   */
+  value: string;
+
+  /**
+   * The type of token. If empty, the token type is assumed to be "Bearer".
+   */
+  type?: string;
+
+  /**
+   * The time at which the token expires.
+   * If undefined, the token is considered to be valid indefinitely.
+   */
+  expiry?: Date;
+}
+
+/**
+ * Anything that can return a token.
+ */
+export interface TokenProvider {
+  /**
+   * Returns a token or throws an error.
+   * The returned Token should be considered immutable and should not be
+   * modified.
+   */
+  token(): Promise<Token>;
+}
+
+/**
+ * Adapter to allow the use of ordinary functions as TokenProvider.
+ *
+ * @example
+ * const provider = tokenProviderFn(async () => ({ value: 'my-token' }));
+ */
+export function tokenProviderFn(fn: () => Promise<Token>): TokenProvider {
+  return {token: fn};
+}
+
+/**
+ * Combines TokenProvider and Credentials interfaces.
+ */
+export interface TokenCredentials extends TokenProvider, Credentials {}
+
+/**
+ * Creates a TokenCredentials that uses the given TokenProvider to return
+ * authentication headers.
+ *
+ * @param name - Short identifier for the auth strategy (e.g. `oauth-m2m`).
+ * @param provider - Source of tokens used to build the Authorization header.
+ */
+export function newTokenCredentials(
+  name: string,
+  provider: TokenProvider
+): TokenCredentials {
+  return new TokenCredentialsImpl(name, provider);
+}
+
+class TokenCredentialsImpl implements TokenCredentials {
+  constructor(
+    private readonly strategyName: string,
+    private readonly provider: TokenProvider
+  ) {}
+
+  name(): string {
+    return this.strategyName;
+  }
+
+  async token(): Promise<Token> {
+    return this.provider.token();
+  }
+
+  async authHeaders(): Promise<Header[]> {
+    const t = await this.token();
+    const scheme = t.type ?? 'Bearer';
+    return [{key: 'Authorization', value: `${scheme} ${t.value}`}];
+  }
+}

package/src/credentials/default/chain.ts

@@ -0,0 +1,75 @@
+import type {Profile} from '@databricks/sdk-core/profiles';
+
+import type {Credentials, Header} from '../../auth';
+import {newM2mCredentials} from '../m2m';
+import {newPatCredentials} from '../pat';
+
+import {DefaultCredentialsError} from './errors';
+
+/**
+ * A strategy inspects a profile and either returns configured credentials
+ * or `undefined` if it is not applicable.
+ */
+export type Strategy = (profile: Profile) => Credentials | undefined;
+
+const AUTH_DOC_URL = 'https://docs.databricks.com/aws/en/dev-tools/auth/index';
+const NO_AUTH_CONFIGURED_MESSAGE = `cannot configure default credentials, please check ${AUTH_DOC_URL} to configure credentials for your preferred authentication method`;
+
+/**
+ * Lazy {@link Credentials} that resolves to the first configured strategy
+ * on the first `authHeaders()` call.
+ */
+export class DefaultCredentials implements Credentials {
+  private resolved: Credentials | undefined;
+
+  constructor(
+    private readonly strategies: readonly Strategy[],
+    private readonly loadProfile: () => Promise<Profile>
+  ) {}
+
+  name(): string {
+    return 'default';
+  }
+
+  async authHeaders(): Promise<Header[]> {
+    this.resolved ??= await this.resolveChain();
+    return this.resolved.authHeaders();
+  }
+
+  private async resolveChain(): Promise<Credentials> {
+    const profile = await this.loadProfile();
+    for (const strategy of this.strategies) {
+      const built = strategy(profile);
+      if (built !== undefined) {
+        return built;
+      }
+    }
+    throw new DefaultCredentialsError(
+      'NO_AUTH_CONFIGURED',
+      NO_AUTH_CONFIGURED_MESSAGE
+    );
+  }
+}
+
+/** PAT strategy: configured when `token` is set in the profile. */
+export const patStrategy: Strategy = profile => {
+  if (profile.host === undefined) return undefined;
+  if (profile.token === undefined) return undefined;
+  return newPatCredentials(profile.token.value);
+};
+
+/**
+ * OAuth M2M strategy: configured when `clientId` and `clientSecret` are
+ * both set in the profile.
+ */
+export const m2mStrategy: Strategy = profile => {
+  if (profile.host === undefined) return undefined;
+  if (profile.clientId === undefined) return undefined;
+  if (profile.clientSecret === undefined) return undefined;
+  return newM2mCredentials({
+    host: profile.host,
+    clientId: profile.clientId,
+    clientSecret: profile.clientSecret.value,
+    ...(profile.accountId !== undefined && {accountId: profile.accountId}),
+  });
+};