npm - @depup/azure__identity - Versions diffs - 4.13.0-depup.0 - Mend

@depup/azure__identity 4.13.0-depup.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1253) hide show

package/dist/esm/credentials/azurePowerShellCredentialOptions.js ADDED Viewed

@@ -0,0 +1,4 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+export {};
+//# sourceMappingURL=azurePowerShellCredentialOptions.js.map

package/dist/esm/credentials/azurePowerShellCredentialOptions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"azurePowerShellCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link AzurePowerShellCredential}\n */\nexport interface AzurePowerShellCredentialOptions extends MultiTenantTokenCredentialOptions {\n /**\n * Allows specifying a tenant ID\n */\n tenantId?: string;\n /**\n * Process timeout configurable for making token requests, provided in milliseconds\n */\n processTimeoutInMs?: number;\n}\n"]}

package/dist/esm/credentials/brokerAuthOptions.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import type { BrokerOptions } from "../msal/nodeFlows/brokerOptions.js";
+/**
+ * Configuration options for InteractiveBrowserCredential
+ * to support WAM Broker Authentication.
+ */
+export interface BrokerAuthOptions {
+    /**
+     * Options to allow broker authentication when using InteractiveBrowserCredential
+     *
+     */
+    brokerOptions?: BrokerOptions;
+}
+//# sourceMappingURL=brokerAuthOptions.d.ts.map

package/dist/esm/credentials/brokerAuthOptions.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"brokerAuthOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/brokerAuthOptions.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oCAAoC,CAAC;AAExE;;;GAGG;AAEH,MAAM,WAAW,iBAAiB;IAChC;;;OAGG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;CAC/B"}

package/dist/esm/credentials/brokerAuthOptions.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=brokerAuthOptions.js.map

package/dist/esm/credentials/brokerAuthOptions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"brokerAuthOptions.js","sourceRoot":"","sources":["../../../src/credentials/brokerAuthOptions.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\nimport type { BrokerOptions } from \"../msal/nodeFlows/brokerOptions.js\";\n\n/**\n * Configuration options for InteractiveBrowserCredential\n * to support WAM Broker Authentication.\n */\n\nexport interface BrokerAuthOptions {\n /**\n * Options to allow broker authentication when using InteractiveBrowserCredential\n *\n */\n brokerOptions?: BrokerOptions;\n}\n"]}

package/dist/esm/credentials/brokerCredential.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
+import { TokenCredentialOptions } from "../tokenCredentialOptions.js";
+import { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
+/**
+ * Enables authentication to Microsoft Entra ID using WAM (Web Account Manager) broker.
+ * This credential uses the default account logged into the OS via a broker.
+ */
+export declare class BrokerCredential implements TokenCredential {
+    private brokerMsalClient;
+    private brokerTenantId?;
+    private brokerAdditionallyAllowedTenantIds;
+    /**
+     * Creates an instance of BrokerCredential with the required broker options.
+     *
+     * This credential uses WAM (Web Account Manager) for authentication, which provides
+     * better security and user experience on Windows platforms.
+     *
+     * @param options - Options for configuring the broker credential, including required broker options.
+     */
+    constructor(options: {
+        tenantId?: string;
+    } & TokenCredentialOptions & MultiTenantTokenCredentialOptions);
+    /**
+     * Authenticates with Microsoft Entra ID using WAM broker and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * This method extends the base getToken method to support silentAuthenticationOnly option
+     * when using broker authentication.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure the token request, including silentAuthenticationOnly option.
+     */
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
+}
+//# sourceMappingURL=brokerCredential.d.ts.map

package/dist/esm/credentials/brokerCredential.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"brokerCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/brokerCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAatF,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAK3F;;;GAGG;AACH,qBAAa,gBAAiB,YAAW,eAAe;IACtD,OAAO,CAAC,gBAAgB,CAAa;IACrC,OAAO,CAAC,cAAc,CAAC,CAAS;IAChC,OAAO,CAAC,kCAAkC,CAAW;IAErD;;;;;;;OAOG;gBAED,OAAO,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,sBAAsB,GAAG,iCAAiC;IAwB7F;;;;;;;;;OASG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;CA4B/F"}

package/dist/esm/credentials/brokerCredential.js ADDED Viewed

@@ -0,0 +1,69 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+import { processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, resolveTenantId, } from "../util/tenantIdUtils.js";
+import { credentialLogger, formatError } from "../util/logging.js";
+import { ensureScopes } from "../util/scopeUtils.js";
+import { tracingClient } from "../util/tracing.js";
+import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
+import { DeveloperSignOnClientId } from "../constants.js";
+import { CredentialUnavailableError } from "../errors.js";
+const logger = credentialLogger("BrokerCredential");
+/**
+ * Enables authentication to Microsoft Entra ID using WAM (Web Account Manager) broker.
+ * This credential uses the default account logged into the OS via a broker.
+ */
+export class BrokerCredential {
+    brokerMsalClient;
+    brokerTenantId;
+    brokerAdditionallyAllowedTenantIds;
+    /**
+     * Creates an instance of BrokerCredential with the required broker options.
+     *
+     * This credential uses WAM (Web Account Manager) for authentication, which provides
+     * better security and user experience on Windows platforms.
+     *
+     * @param options - Options for configuring the broker credential, including required broker options.
+     */
+    constructor(options) {
+        this.brokerTenantId = resolveTenantId(logger, options.tenantId);
+        this.brokerAdditionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options?.additionallyAllowedTenants);
+        const msalClientOptions = {
+            ...options,
+            tokenCredentialOptions: options,
+            logger,
+            brokerOptions: {
+                enabled: true,
+                parentWindowHandle: new Uint8Array(0),
+                useDefaultBrokerAccount: true,
+            },
+        };
+        this.brokerMsalClient = createMsalClient(DeveloperSignOnClientId, this.brokerTenantId, msalClientOptions);
+    }
+    /**
+     * Authenticates with Microsoft Entra ID using WAM broker and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * This method extends the base getToken method to support silentAuthenticationOnly option
+     * when using broker authentication.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure the token request, including silentAuthenticationOnly option.
+     */
+    async getToken(scopes, options = {}) {
+        return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
+            newOptions.tenantId = processMultiTenantRequest(this.brokerTenantId, newOptions, this.brokerAdditionallyAllowedTenantIds, logger);
+            const arrayScopes = ensureScopes(scopes);
+            try {
+                return this.brokerMsalClient.getBrokeredToken(arrayScopes, true, {
+                    ...newOptions,
+                    disableAutomaticAuthentication: true,
+                });
+            }
+            catch (e) {
+                logger.getToken.info(formatError(arrayScopes, e));
+                throw new CredentialUnavailableError("Failed to acquire token using broker authentication", { cause: e });
+            }
+        });
+    }
+}
+//# sourceMappingURL=brokerCredential.js.map

package/dist/esm/credentials/brokerCredential.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"brokerCredential.js","sourceRoot":"","sources":["../../../src/credentials/brokerCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACnE,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAG1D,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAE1D,MAAM,MAAM,GAAG,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;AAEpD;;;GAGG;AACH,MAAM,OAAO,gBAAgB;IACnB,gBAAgB,CAAa;IAC7B,cAAc,CAAU;IACxB,kCAAkC,CAAW;IAErD;;;;;;;OAOG;IACH,YACE,OAA2F;QAE3F,IAAI,CAAC,cAAc,GAAG,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAChE,IAAI,CAAC,kCAAkC,GAAG,mCAAmC,CAC3E,OAAO,EAAE,0BAA0B,CACpC,CAAC;QACF,MAAM,iBAAiB,GAAsB;YAC3C,GAAG,OAAO;YACV,sBAAsB,EAAE,OAAO;YAC/B,MAAM;YACN,aAAa,EAAE;gBACb,OAAO,EAAE,IAAI;gBACb,kBAAkB,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC;gBACrC,uBAAuB,EAAE,IAAI;aAC9B;SACF,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CACtC,uBAAuB,EACvB,IAAI,CAAC,cAAc,EACnB,iBAAiB,CAClB,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,cAAc,EACnB,UAAU,EACV,IAAI,CAAC,kCAAkC,EACvC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,IAAI,CAAC;gBACH,OAAO,IAAI,CAAC,gBAAgB,CAAC,gBAAgB,CAAC,WAAW,EAAE,IAAI,EAAE;oBAC/D,GAAG,UAAU;oBACb,8BAA8B,EAAE,IAAI;iBACrC,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC;gBAClD,MAAM,IAAI,0BAA0B,CAClC,qDAAqD,EACrD,EAAE,KAAK,EAAE,CAAC,EAAE,CACb,CAAC;YACJ,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n resolveTenantId,\n} from \"../util/tenantIdUtils.js\";\n\nimport { credentialLogger, formatError } from \"../util/logging.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport type { MsalClient, MsalClientOptions } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { DeveloperSignOnClientId } from \"../constants.js\";\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions.js\";\nimport { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\n\nconst logger = credentialLogger(\"BrokerCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID using WAM (Web Account Manager) broker.\n * This credential uses the default account logged into the OS via a broker.\n */\nexport class BrokerCredential implements TokenCredential {\n private brokerMsalClient: MsalClient;\n private brokerTenantId?: string;\n private brokerAdditionallyAllowedTenantIds: string[];\n\n /**\n * Creates an instance of BrokerCredential with the required broker options.\n *\n * This credential uses WAM (Web Account Manager) for authentication, which provides\n * better security and user experience on Windows platforms.\n *\n * @param options - Options for configuring the broker credential, including required broker options.\n */\n constructor(\n options: { tenantId?: string } & TokenCredentialOptions & MultiTenantTokenCredentialOptions,\n ) {\n this.brokerTenantId = resolveTenantId(logger, options.tenantId);\n this.brokerAdditionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n const msalClientOptions: MsalClientOptions = {\n ...options,\n tokenCredentialOptions: options,\n logger,\n brokerOptions: {\n enabled: true,\n parentWindowHandle: new Uint8Array(0),\n useDefaultBrokerAccount: true,\n },\n };\n\n this.brokerMsalClient = createMsalClient(\n DeveloperSignOnClientId,\n this.brokerTenantId,\n msalClientOptions,\n );\n }\n\n /**\n * Authenticates with Microsoft Entra ID using WAM broker and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * This method extends the base getToken method to support silentAuthenticationOnly option\n * when using broker authentication.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure the token request, including silentAuthenticationOnly option.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.brokerTenantId,\n newOptions,\n this.brokerAdditionallyAllowedTenantIds,\n logger,\n );\n\n const arrayScopes = ensureScopes(scopes);\n try {\n return this.brokerMsalClient.getBrokeredToken(arrayScopes, true, {\n ...newOptions,\n disableAutomaticAuthentication: true,\n });\n } catch (e: any) {\n logger.getToken.info(formatError(arrayScopes, e));\n throw new CredentialUnavailableError(\n \"Failed to acquire token using broker authentication\",\n { cause: e },\n );\n }\n },\n );\n }\n}\n"]}

package/dist/esm/credentials/browserCustomizationOptions.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Shared configuration options for browser customization
+ */
+export interface BrowserCustomizationOptions {
+    /**
+     * Shared configuration options for browser customization
+     */
+    browserCustomizationOptions?: {
+        /**
+         * Format for error messages for display in browser
+         */
+        errorMessage?: string;
+        /**
+         * Format for success messages for display in browser
+         */
+        successMessage?: string;
+    };
+}
+//# sourceMappingURL=browserCustomizationOptions.d.ts.map

package/dist/esm/credentials/browserCustomizationOptions.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"browserCustomizationOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/browserCustomizationOptions.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C;;OAEG;IACH,2BAA2B,CAAC,EAAE;QAC5B;;WAEG;QACH,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB;;WAEG;QACH,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB,CAAC;CACH"}

package/dist/esm/credentials/browserCustomizationOptions.js ADDED Viewed

@@ -0,0 +1,4 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+export {};
+//# sourceMappingURL=browserCustomizationOptions.js.map

package/dist/esm/credentials/browserCustomizationOptions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"browserCustomizationOptions.js","sourceRoot":"","sources":["../../../src/credentials/browserCustomizationOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Shared configuration options for browser customization\n */\nexport interface BrowserCustomizationOptions {\n /**\n * Shared configuration options for browser customization\n */\n browserCustomizationOptions?: {\n /**\n * Format for error messages for display in browser\n */\n errorMessage?: string;\n /**\n * Format for success messages for display in browser\n */\n successMessage?: string;\n };\n}\n"]}

package/dist/esm/credentials/chainedTokenCredential.d.ts ADDED Viewed

@@ -0,0 +1,51 @@
+import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
+/**
+ * @internal
+ */
+export declare const logger: import("../util/logging.js").CredentialLogger;
+/**
+ * Enables multiple `TokenCredential` implementations to be tried in order until
+ * one of the getToken methods returns an access token. For more information, see
+ * [ChainedTokenCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-chainedtokencredential-for-granularity).
+ */
+export declare class ChainedTokenCredential implements TokenCredential {
+    private _sources;
+    /**
+     * Creates an instance of ChainedTokenCredential using the given credentials.
+     *
+     * @param sources - `TokenCredential` implementations to be tried in order.
+     *
+     * Example usage:
+     * ```ts snippet:chained_token_credential_example
+     * import { ClientSecretCredential, ChainedTokenCredential } from "@azure/identity";
+     *
+     * const tenantId = "<tenant-id>";
+     * const clientId = "<client-id>";
+     * const clientSecret = "<client-secret>";
+     * const anotherClientId = "<another-client-id>";
+     * const anotherSecret = "<another-client-secret>";
+     *
+     * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
+     * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);
+     *
+     * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);
+     * ```
+     */
+    constructor(...sources: TokenCredential[]);
+    /**
+     * Returns the first access token returned by one of the chained
+     * `TokenCredential` implementations.  Throws an {@link AggregateAuthenticationError}
+     * when one or more credentials throws an {@link AuthenticationError} and
+     * no credentials have returned an access token.
+     *
+     * This method is called automatically by Azure SDK client libraries. You may call this method
+     * directly, but you must also handle token caching and token refreshing.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                `TokenCredential` implementation might make.
+     */
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
+    private getTokenInternal;
+}
+//# sourceMappingURL=chainedTokenCredential.d.ts.map

package/dist/esm/credentials/chainedTokenCredential.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"chainedTokenCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/chainedTokenCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAKtF;;GAEG;AACH,eAAO,MAAM,MAAM,+CAA6C,CAAC;AAEjE;;;;GAIG;AACH,qBAAa,sBAAuB,YAAW,eAAe;IAC5D,OAAO,CAAC,QAAQ,CAAyB;IAEzC;;;;;;;;;;;;;;;;;;;;OAoBG;gBACS,GAAG,OAAO,EAAE,eAAe,EAAE;IAIzC;;;;;;;;;;;;OAYG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;YAKhF,gBAAgB;CAiD/B"}

package/dist/esm/credentials/chainedTokenCredential.js ADDED Viewed

@@ -0,0 +1,92 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+import { AggregateAuthenticationError, CredentialUnavailableError } from "../errors.js";
+import { credentialLogger, formatError, formatSuccess } from "../util/logging.js";
+import { tracingClient } from "../util/tracing.js";
+/**
+ * @internal
+ */
+export const logger = credentialLogger("ChainedTokenCredential");
+/**
+ * Enables multiple `TokenCredential` implementations to be tried in order until
+ * one of the getToken methods returns an access token. For more information, see
+ * [ChainedTokenCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-chainedtokencredential-for-granularity).
+ */
+export class ChainedTokenCredential {
+    _sources = [];
+    /**
+     * Creates an instance of ChainedTokenCredential using the given credentials.
+     *
+     * @param sources - `TokenCredential` implementations to be tried in order.
+     *
+     * Example usage:
+     * ```ts snippet:chained_token_credential_example
+     * import { ClientSecretCredential, ChainedTokenCredential } from "@azure/identity";
+     *
+     * const tenantId = "<tenant-id>";
+     * const clientId = "<client-id>";
+     * const clientSecret = "<client-secret>";
+     * const anotherClientId = "<another-client-id>";
+     * const anotherSecret = "<another-client-secret>";
+     *
+     * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
+     * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);
+     *
+     * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);
+     * ```
+     */
+    constructor(...sources) {
+        this._sources = sources;
+    }
+    /**
+     * Returns the first access token returned by one of the chained
+     * `TokenCredential` implementations.  Throws an {@link AggregateAuthenticationError}
+     * when one or more credentials throws an {@link AuthenticationError} and
+     * no credentials have returned an access token.
+     *
+     * This method is called automatically by Azure SDK client libraries. You may call this method
+     * directly, but you must also handle token caching and token refreshing.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                `TokenCredential` implementation might make.
+     */
+    async getToken(scopes, options = {}) {
+        const { token } = await this.getTokenInternal(scopes, options);
+        return token;
+    }
+    async getTokenInternal(scopes, options = {}) {
+        let token = null;
+        let successfulCredential;
+        const errors = [];
+        return tracingClient.withSpan("ChainedTokenCredential.getToken", options, async (updatedOptions) => {
+            for (let i = 0; i < this._sources.length && token === null; i++) {
+                try {
+                    token = await this._sources[i].getToken(scopes, updatedOptions);
+                    successfulCredential = this._sources[i];
+                }
+                catch (err) {
+                    if (err.name === "CredentialUnavailableError" ||
+                        err.name === "AuthenticationRequiredError") {
+                        errors.push(err);
+                    }
+                    else {
+                        logger.getToken.info(formatError(scopes, err));
+                        throw err;
+                    }
+                }
+            }
+            if (!token && errors.length > 0) {
+                const err = new AggregateAuthenticationError(errors, "ChainedTokenCredential authentication failed.");
+                logger.getToken.info(formatError(scopes, err));
+                throw err;
+            }
+            logger.getToken.info(`Result for ${successfulCredential.constructor.name}: ${formatSuccess(scopes)}`);
+            if (token === null) {
+                throw new CredentialUnavailableError("Failed to retrieve a valid token");
+            }
+            return { token, successfulCredential };
+        });
+    }
+}
+//# sourceMappingURL=chainedTokenCredential.js.map

package/dist/esm/credentials/chainedTokenCredential.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"chainedTokenCredential.js","sourceRoot":"","sources":["../../../src/credentials/chainedTokenCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,4BAA4B,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AACxF,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD;;GAEG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAEjE;;;;GAIG;AACH,MAAM,OAAO,sBAAsB;IACzB,QAAQ,GAAsB,EAAE,CAAC;IAEzC;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,YAAY,GAAG,OAA0B;QACvC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC1B,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC/D,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC5B,MAAyB,EACzB,UAA2B,EAAE;QAE7B,IAAI,KAAK,GAAuB,IAAI,CAAC;QACrC,IAAI,oBAAqC,CAAC;QAC1C,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,OAAO,aAAa,CAAC,QAAQ,CAC3B,iCAAiC,EACjC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC;gBAChE,IAAI,CAAC;oBACH,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;oBAChE,oBAAoB,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;gBAC1C,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAClB,IACE,GAAG,CAAC,IAAI,KAAK,4BAA4B;wBACzC,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAC1C,CAAC;wBACD,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBACnB,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;wBAC/C,MAAM,GAAG,CAAC;oBACZ,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChC,MAAM,GAAG,GAAG,IAAI,4BAA4B,CAC1C,MAAM,EACN,+CAA+C,CAChD,CAAC;gBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;YACZ,CAAC;YAED,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,cAAc,oBAAoB,CAAC,WAAW,CAAC,IAAI,KAAK,aAAa,CAAC,MAAM,CAAC,EAAE,CAChF,CAAC;YAEF,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBACnB,MAAM,IAAI,0BAA0B,CAAC,kCAAkC,CAAC,CAAC;YAC3E,CAAC;YACD,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;QACzC,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { AggregateAuthenticationError, CredentialUnavailableError } from \"../errors.js\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging.js\";\nimport { tracingClient } from \"../util/tracing.js\";\n\n/**\n * @internal\n */\nexport const logger = credentialLogger(\"ChainedTokenCredential\");\n\n/**\n * Enables multiple `TokenCredential` implementations to be tried in order until\n * one of the getToken methods returns an access token. For more information, see\n * [ChainedTokenCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-chainedtokencredential-for-granularity).\n */\nexport class ChainedTokenCredential implements TokenCredential {\n private _sources: TokenCredential[] = [];\n\n /**\n * Creates an instance of ChainedTokenCredential using the given credentials.\n *\n * @param sources - `TokenCredential` implementations to be tried in order.\n *\n * Example usage:\n * ```ts snippet:chained_token_credential_example\n * import { ClientSecretCredential, ChainedTokenCredential } from \"@azure/identity\";\n *\n * const tenantId = \"<tenant-id>\";\n * const clientId = \"<client-id>\";\n * const clientSecret = \"<client-secret>\";\n * const anotherClientId = \"<another-client-id>\";\n * const anotherSecret = \"<another-client-secret>\";\n *\n * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);\n * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);\n *\n * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);\n * ```\n */\n constructor(...sources: TokenCredential[]) {\n this._sources = sources;\n }\n\n /**\n * Returns the first access token returned by one of the chained\n * `TokenCredential` implementations. Throws an {@link AggregateAuthenticationError}\n * when one or more credentials throws an {@link AuthenticationError} and\n * no credentials have returned an access token.\n *\n * This method is called automatically by Azure SDK client libraries. You may call this method\n * directly, but you must also handle token caching and token refreshing.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * `TokenCredential` implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n const { token } = await this.getTokenInternal(scopes, options);\n return token;\n }\n\n private async getTokenInternal(\n scopes: string | string[],\n options: GetTokenOptions = {},\n ): Promise<{ token: AccessToken; successfulCredential: TokenCredential }> {\n let token: AccessToken | null = null;\n let successfulCredential: TokenCredential;\n const errors: Error[] = [];\n\n return tracingClient.withSpan(\n \"ChainedTokenCredential.getToken\",\n options,\n async (updatedOptions) => {\n for (let i = 0; i < this._sources.length && token === null; i++) {\n try {\n token = await this._sources[i].getToken(scopes, updatedOptions);\n successfulCredential = this._sources[i];\n } catch (err: any) {\n if (\n err.name === \"CredentialUnavailableError\" ||\n err.name === \"AuthenticationRequiredError\"\n ) {\n errors.push(err);\n } else {\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n }\n }\n\n if (!token && errors.length > 0) {\n const err = new AggregateAuthenticationError(\n errors,\n \"ChainedTokenCredential authentication failed.\",\n );\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n\n logger.getToken.info(\n `Result for ${successfulCredential.constructor.name}: ${formatSuccess(scopes)}`,\n );\n\n if (token === null) {\n throw new CredentialUnavailableError(\"Failed to retrieve a valid token\");\n }\n return { token, successfulCredential };\n },\n );\n }\n}\n"]}

package/dist/esm/credentials/clientAssertionCredential.d.ts ADDED Viewed

@@ -0,0 +1,33 @@
+import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
+import type { ClientAssertionCredentialOptions } from "./clientAssertionCredentialOptions.js";
+/**
+ * Authenticates a service principal with a JWT assertion.
+ */
+export declare class ClientAssertionCredential implements TokenCredential {
+    private msalClient;
+    private tenantId;
+    private additionallyAllowedTenantIds;
+    private getAssertion;
+    private options;
+    /**
+     * Creates an instance of the ClientAssertionCredential with the details
+     * needed to authenticate against Microsoft Entra ID with a client
+     * assertion provided by the developer through the `getAssertion` function parameter.
+     *
+     * @param tenantId - The Microsoft Entra tenant (directory) ID.
+     * @param clientId - The client (application) ID of an App Registration in the tenant.
+     * @param getAssertion - A function that retrieves the assertion for the credential to use.
+     * @param options - Options for configuring the client which makes the authentication request.
+     */
+    constructor(tenantId: string, clientId: string, getAssertion: () => Promise<string>, options?: ClientAssertionCredentialOptions);
+    /**
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                TokenCredential implementation might make.
+     */
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
+}
+//# sourceMappingURL=clientAssertionCredential.d.ts.map

package/dist/esm/credentials/clientAssertionCredential.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"clientAssertionCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAQtF,OAAO,KAAK,EAAE,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AAO9F;;GAEG;AACH,qBAAa,yBAA0B,YAAW,eAAe;IAC/D,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,YAAY,CAAwB;IAC5C,OAAO,CAAC,OAAO,CAAmC;IAElD;;;;;;;;;OASG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,EACnC,OAAO,GAAE,gCAAqC;IAiChD;;;;;;;OAOG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;CAqB/F"}

package/dist/esm/credentials/clientAssertionCredential.js ADDED Viewed

@@ -0,0 +1,64 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
+import { processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, } from "../util/tenantIdUtils.js";
+import { CredentialUnavailableError } from "../errors.js";
+import { credentialLogger } from "../util/logging.js";
+import { tracingClient } from "../util/tracing.js";
+const logger = credentialLogger("ClientAssertionCredential");
+/**
+ * Authenticates a service principal with a JWT assertion.
+ */
+export class ClientAssertionCredential {
+    msalClient;
+    tenantId;
+    additionallyAllowedTenantIds;
+    getAssertion;
+    options;
+    /**
+     * Creates an instance of the ClientAssertionCredential with the details
+     * needed to authenticate against Microsoft Entra ID with a client
+     * assertion provided by the developer through the `getAssertion` function parameter.
+     *
+     * @param tenantId - The Microsoft Entra tenant (directory) ID.
+     * @param clientId - The client (application) ID of an App Registration in the tenant.
+     * @param getAssertion - A function that retrieves the assertion for the credential to use.
+     * @param options - Options for configuring the client which makes the authentication request.
+     */
+    constructor(tenantId, clientId, getAssertion, options = {}) {
+        if (!tenantId) {
+            throw new CredentialUnavailableError("ClientAssertionCredential: tenantId is a required parameter.");
+        }
+        if (!clientId) {
+            throw new CredentialUnavailableError("ClientAssertionCredential: clientId is a required parameter.");
+        }
+        if (!getAssertion) {
+            throw new CredentialUnavailableError("ClientAssertionCredential: clientAssertion is a required parameter.");
+        }
+        this.tenantId = tenantId;
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options?.additionallyAllowedTenants);
+        this.options = options;
+        this.getAssertion = getAssertion;
+        this.msalClient = createMsalClient(clientId, tenantId, {
+            ...options,
+            logger,
+            tokenCredentialOptions: this.options,
+        });
+    }
+    /**
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                TokenCredential implementation might make.
+     */
+    async getToken(scopes, options = {}) {
+        return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
+            newOptions.tenantId = processMultiTenantRequest(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger);
+            const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
+            return this.msalClient.getTokenByClientAssertion(arrayScopes, this.getAssertion, newOptions);
+        });
+    }
+}
+//# sourceMappingURL=clientAssertionCredential.js.map

package/dist/esm/credentials/clientAssertionCredential.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"clientAssertionCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D;;GAEG;AACH,MAAM,OAAO,yBAAyB;IAC5B,UAAU,CAAa;IACvB,QAAQ,CAAS;IACjB,4BAA4B,CAAW;IACvC,YAAY,CAAwB;IACpC,OAAO,CAAmC;IAElD;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAmC,EACnC,UAA4C,EAAE;QAE9C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,8DAA8D,CAC/D,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,8DAA8D,CAC/D,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,0BAA0B,CAClC,qEAAqE,CACtE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,EAAE;YACrD,GAAG,OAAO;YACV,MAAM;YACN,sBAAsB,EAAE,IAAI,CAAC,OAAO;SACrC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,UAAU,CAAC,yBAAyB,CAC9C,WAAW,EACX,IAAI,CAAC,YAAY,EACjB,UAAU,CACX,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\n\nimport type { ClientAssertionCredentialOptions } from \"./clientAssertionCredentialOptions.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { tracingClient } from \"../util/tracing.js\";\n\nconst logger = credentialLogger(\"ClientAssertionCredential\");\n\n/**\n * Authenticates a service principal with a JWT assertion.\n */\nexport class ClientAssertionCredential implements TokenCredential {\n private msalClient: MsalClient;\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private getAssertion: () => Promise<string>;\n private options: ClientAssertionCredentialOptions;\n\n /**\n * Creates an instance of the ClientAssertionCredential with the details\n * needed to authenticate against Microsoft Entra ID with a client\n * assertion provided by the developer through the `getAssertion` function parameter.\n *\n * @param tenantId - The Microsoft Entra tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param getAssertion - A function that retrieves the assertion for the credential to use.\n * @param options - Options for configuring the client which makes the authentication request.\n */\n constructor(\n tenantId: string,\n clientId: string,\n getAssertion: () => Promise<string>,\n options: ClientAssertionCredentialOptions = {},\n ) {\n if (!tenantId) {\n throw new CredentialUnavailableError(\n \"ClientAssertionCredential: tenantId is a required parameter.\",\n );\n }\n\n if (!clientId) {\n throw new CredentialUnavailableError(\n \"ClientAssertionCredential: clientId is a required parameter.\",\n );\n }\n\n if (!getAssertion) {\n throw new CredentialUnavailableError(\n \"ClientAssertionCredential: clientAssertion is a required parameter.\",\n );\n }\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n this.options = options;\n this.getAssertion = getAssertion;\n this.msalClient = createMsalClient(clientId, tenantId, {\n ...options,\n logger,\n tokenCredentialOptions: this.options,\n });\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n logger,\n );\n\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n return this.msalClient.getTokenByClientAssertion(\n arrayScopes,\n this.getAssertion,\n newOptions,\n );\n },\n );\n }\n}\n"]}

package/dist/esm/credentials/clientAssertionCredentialOptions.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
+import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
+/**
+ * Options for the {@link ClientAssertionCredential}
+ */
+export interface ClientAssertionCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
+}
+//# sourceMappingURL=clientAssertionCredentialOptions.d.ts.map

package/dist/esm/credentials/clientAssertionCredentialOptions.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"clientAssertionCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,gCACf,SAAQ,iCAAiC,EACvC,4BAA4B,EAC5B,0BAA0B;CAAG"}

package/dist/esm/credentials/clientAssertionCredentialOptions.js ADDED Viewed

@@ -0,0 +1,4 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+export {};
+//# sourceMappingURL=clientAssertionCredentialOptions.js.map

package/dist/esm/credentials/clientAssertionCredentialOptions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"clientAssertionCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link ClientAssertionCredential}\n */\nexport interface ClientAssertionCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions,\n AuthorityValidationOptions {}\n"]}

package/dist/esm/credentials/clientCertificateCredential.d.ts ADDED Viewed

@@ -0,0 +1,73 @@
+import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
+import type { CertificateParts } from "../msal/types.js";
+import type { ClientCertificateCredentialOptions } from "./clientCertificateCredentialOptions.js";
+import type { ClientCertificateCredentialPEMConfiguration, ClientCertificatePEMCertificate, ClientCertificatePEMCertificatePath } from "./clientCertificateCredentialModels.js";
+/**
+ * Enables authentication to Microsoft Entra ID using a PEM-encoded
+ * certificate that is assigned to an App Registration. More information
+ * on how to configure certificate authentication can be found here:
+ *
+ * https://learn.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad
+ *
+ */
+export declare class ClientCertificateCredential implements TokenCredential {
+    private tenantId;
+    private additionallyAllowedTenantIds;
+    private certificateConfiguration;
+    private sendCertificateChain?;
+    private msalClient;
+    /**
+     * Creates an instance of the ClientCertificateCredential with the details
+     * needed to authenticate against Microsoft Entra ID with a certificate.
+     *
+     * @param tenantId - The Microsoft Entra tenant (directory) ID.
+     * @param clientId - The client (application) ID of an App Registration in the tenant.
+     * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.
+     * Ensure that certificate is in PEM format and contains both the public and private keys.
+     * @param options - Options for configuring the client which makes the authentication request.
+     */
+    constructor(tenantId: string, clientId: string, certificatePath: string, options?: ClientCertificateCredentialOptions);
+    /**
+     * Creates an instance of the ClientCertificateCredential with the details
+     * needed to authenticate against Microsoft Entra ID with a certificate.
+     *
+     * @param tenantId - The Microsoft Entra tenant (directory) ID.
+     * @param clientId - The client (application) ID of an App Registration in the tenant.
+     * @param configuration - Other parameters required, including the path of the certificate on the filesystem.
+     *                        If the type is ignored, we will throw the value of the path to a PEM certificate.
+     * @param options - Options for configuring the client which makes the authentication request.
+     */
+    constructor(tenantId: string, clientId: string, configuration: ClientCertificatePEMCertificatePath, options?: ClientCertificateCredentialOptions);
+    /**
+     * Creates an instance of the ClientCertificateCredential with the details
+     * needed to authenticate against Microsoft Entra ID with a certificate.
+     *
+     * @param tenantId - The Microsoft Entra tenant (directory) ID.
+     * @param clientId - The client (application) ID of an App Registration in the tenant.
+     * @param configuration - Other parameters required, including the PEM-encoded certificate as a string.
+     *                        If the type is ignored, we will throw the value of the PEM-encoded certificate.
+     * @param options - Options for configuring the client which makes the authentication request.
+     */
+    constructor(tenantId: string, clientId: string, configuration: ClientCertificatePEMCertificate, options?: ClientCertificateCredentialOptions);
+    /**
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                TokenCredential implementation might make.
+     */
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
+    private buildClientCertificate;
+}
+/**
+ * Parses a certificate into its relevant parts
+ *
+ * @param certificateConfiguration - The certificate contents or path to the certificate
+ * @param sendCertificateChain - true if the entire certificate chain should be sent for SNI, false otherwise
+ * @returns The parsed certificate parts and the certificate contents
+ */
+export declare function parseCertificate(certificateConfiguration: ClientCertificateCredentialPEMConfiguration, sendCertificateChain: boolean): Promise<Omit<CertificateParts, "privateKey"> & {
+    certificateContents: string;
+}>;
+//# sourceMappingURL=clientCertificateCredential.d.ts.map

package/dist/esm/credentials/clientCertificateCredential.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"clientCertificateCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAStF,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,KAAK,EAAE,kCAAkC,EAAE,MAAM,yCAAyC,CAAC;AAIlG,OAAO,KAAK,EACV,2CAA2C,EAC3C,+BAA+B,EAC/B,mCAAmC,EACpC,MAAM,wCAAwC,CAAC;AAKhD;;;;;;;GAOG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,wBAAwB,CAA8C;IAC9E,OAAO,CAAC,oBAAoB,CAAC,CAAU;IACvC,OAAO,CAAC,UAAU,CAAa;IAE/B;;;;;;;;;OASG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,eAAe,EAAE,MAAM,EACvB,OAAO,CAAC,EAAE,kCAAkC;IAE9C;;;;;;;;;OASG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,mCAAmC,EAClD,OAAO,CAAC,EAAE,kCAAkC;IAE9C;;;;;;;;;OASG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,+BAA+B,EAC9C,OAAO,CAAC,EAAE,kCAAkC;IA+C9C;;;;;;;OAOG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;YAehF,sBAAsB;CA6BrC;AAED;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CACpC,wBAAwB,EAAE,2CAA2C,EACrE,oBAAoB,EAAE,OAAO,GAC5B,OAAO,CAAC,IAAI,CAAC,gBAAgB,EAAE,YAAY,CAAC,GAAG;IAAE,mBAAmB,EAAE,MAAM,CAAA;CAAE,CAAC,CAwCjF"}