@ms-cloudpack/remote-cache 0.7.9 → 0.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{AzureRemoteCacheClient-LMRNY2C6.js → AzureRemoteCacheClient-YFWJLZNA.js} +2122 -3714
- package/dist/{ReporterDecorator-JLGERQ2U.js → ReporterDecorator-5LUAHYKK.js} +3 -3
- package/dist/{chunk-TXSHKS6T.js → chunk-D7DHZQ7L.js} +300 -326
- package/dist/{chunk-FUGMINXQ.js → chunk-DSANWO7J.js} +1 -1
- package/dist/{chunk-VCWIWY5Y.js → chunk-FW2AO4WO.js} +217 -305
- package/dist/{chunk-IVPGYNQL.js → chunk-GFDVXVVH.js} +1 -1
- package/dist/{chunk-B4GP6UPK.js → chunk-LRFMBF43.js} +137 -184
- package/dist/{getCredential-QZKOLRT5.js → getCredential-W6MRP3D2.js} +862 -381
- package/dist/{getListOfBlobs-TYZM4XYI.js → getListOfBlobs-2GKCJGDO.js} +4 -4
- package/dist/index.js +9 -9
- package/lib/authentication/forks/identity-cache-persistence/cachePersistencePlugin.d.ts +34 -0
- package/lib/authentication/forks/identity-cache-persistence/platforms.d.ts +50 -0
- package/lib/authentication/forks/identity-cache-persistence/provider.d.ts +17 -0
- package/lib/authentication/forks/msal-node-extensions/error/PersistenceError.d.ts +37 -0
- package/lib/authentication/forks/msal-node-extensions/lock/CrossPlatformLock.d.ts +25 -0
- package/lib/authentication/forks/msal-node-extensions/lock/CrossPlatformLockOptions.d.ts +16 -0
- package/lib/authentication/forks/msal-node-extensions/persistence/BasePersistence.d.ts +6 -0
- package/lib/authentication/forks/msal-node-extensions/persistence/FilePersistence.d.ts +31 -0
- package/lib/authentication/forks/msal-node-extensions/persistence/FilePersistenceWithDataProtection.d.ts +30 -0
- package/lib/authentication/forks/msal-node-extensions/persistence/IPersistence.d.ts +17 -0
- package/lib/authentication/forks/msal-node-extensions/persistence/IPersistenceConfiguration.d.ts +16 -0
- package/lib/authentication/forks/msal-node-extensions/persistence/NapiRsKeyRingPersistence.d.ts +19 -0
- package/lib/authentication/forks/msal-node-extensions/persistence/PersistenceCachePlugin.d.ts +35 -0
- package/lib/authentication/forks/msal-node-extensions/utils/Constants.d.ts +44 -0
- package/lib/authentication/forks/msal-node-extensions/utils/TypeGuards.d.ts +10 -0
- package/lib/authentication/getCredential.d.ts +0 -1
- package/lib/registerAzureLogger.d.ts +0 -1
- package/package.json +6 -4
|
@@ -6,14 +6,14 @@ const __filename = topLevelUrl.fileURLToPath(import.meta.url);
|
|
|
6
6
|
const __dirname = topLevelPath.dirname(__filename);
|
|
7
7
|
import {
|
|
8
8
|
require_package
|
|
9
|
-
} from "./chunk-
|
|
9
|
+
} from "./chunk-DSANWO7J.js";
|
|
10
10
|
import {
|
|
11
11
|
require_commonjs as require_commonjs2,
|
|
12
12
|
require_commonjs2 as require_commonjs3,
|
|
13
13
|
require_commonjs3 as require_commonjs4,
|
|
14
14
|
require_commonjs4 as require_commonjs5,
|
|
15
15
|
require_dist
|
|
16
|
-
} from "./chunk-
|
|
16
|
+
} from "./chunk-D7DHZQ7L.js";
|
|
17
17
|
import {
|
|
18
18
|
__commonJS,
|
|
19
19
|
__esm,
|
|
@@ -22,10 +22,8 @@ import {
|
|
|
22
22
|
__require,
|
|
23
23
|
__toCommonJS,
|
|
24
24
|
__toESM,
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
tslib_es6_exports
|
|
28
|
-
} from "./chunk-B4GP6UPK.js";
|
|
25
|
+
require_commonjs
|
|
26
|
+
} from "./chunk-LRFMBF43.js";
|
|
29
27
|
|
|
30
28
|
// ../../node_modules/.store/@azure-msal-node-npm-2.9.2-ad4f2bdff1/package/dist/cache/serializer/Serializer.mjs
|
|
31
29
|
var _Serializer, Serializer;
|
|
@@ -47,7 +45,7 @@ var init_Serializer = __esm({
|
|
|
47
45
|
static serializeAccounts(accCache) {
|
|
48
46
|
const accounts = {};
|
|
49
47
|
Object.keys(accCache).map(function(key) {
|
|
50
|
-
var
|
|
48
|
+
var _a2;
|
|
51
49
|
const accountEntity = accCache[key];
|
|
52
50
|
accounts[key] = {
|
|
53
51
|
home_account_id: accountEntity.homeAccountId,
|
|
@@ -60,7 +58,7 @@ var init_Serializer = __esm({
|
|
|
60
58
|
client_info: accountEntity.clientInfo,
|
|
61
59
|
last_modification_time: accountEntity.lastModificationTime,
|
|
62
60
|
last_modification_app: accountEntity.lastModificationApp,
|
|
63
|
-
tenantProfiles: (
|
|
61
|
+
tenantProfiles: (_a2 = accountEntity.tenantProfiles) == null ? void 0 : _a2.map((tenantProfile) => {
|
|
64
62
|
return JSON.stringify(tenantProfile);
|
|
65
63
|
})
|
|
66
64
|
};
|
|
@@ -1343,12 +1341,12 @@ var init_UrlString = __esm({
|
|
|
1343
1341
|
|
|
1344
1342
|
// ../../node_modules/.store/@azure-msal-common-npm-14.12.0-b3576c04b2/package/dist/authority/AuthorityMetadata.mjs
|
|
1345
1343
|
function getAliasesFromStaticSources(staticAuthorityOptions, logger) {
|
|
1346
|
-
var
|
|
1344
|
+
var _a2;
|
|
1347
1345
|
let staticAliases;
|
|
1348
1346
|
const canonicalAuthority = staticAuthorityOptions.canonicalAuthority;
|
|
1349
1347
|
if (canonicalAuthority) {
|
|
1350
1348
|
const authorityHost = new UrlString(canonicalAuthority).getUrlComponents().HostNameAndPort;
|
|
1351
|
-
staticAliases = getAliasesFromMetadata(authorityHost, (
|
|
1349
|
+
staticAliases = getAliasesFromMetadata(authorityHost, (_a2 = staticAuthorityOptions.cloudDiscoveryMetadata) == null ? void 0 : _a2.metadata, AuthorityMetadataSource.CONFIG, logger) || getAliasesFromMetadata(authorityHost, InstanceDiscoveryMetadata.metadata, AuthorityMetadataSource.HARDCODED_VALUES, logger) || staticAuthorityOptions.knownAuthorities;
|
|
1352
1350
|
}
|
|
1353
1351
|
return staticAliases || [];
|
|
1354
1352
|
}
|
|
@@ -2061,8 +2059,8 @@ var init_RegionDiscovery = __esm({
|
|
|
2061
2059
|
* @returns Promise<string | null>
|
|
2062
2060
|
*/
|
|
2063
2061
|
async detectRegion(environmentRegion, regionDiscoveryMetadata) {
|
|
2064
|
-
var
|
|
2065
|
-
(
|
|
2062
|
+
var _a2;
|
|
2063
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.RegionDiscoveryDetectRegion, this.correlationId);
|
|
2066
2064
|
let autodetectedRegionName = environmentRegion;
|
|
2067
2065
|
if (!autodetectedRegionName) {
|
|
2068
2066
|
const options = _RegionDiscovery.IMDS_OPTIONS;
|
|
@@ -2103,8 +2101,8 @@ var init_RegionDiscovery = __esm({
|
|
|
2103
2101
|
* @returns Promise<NetworkResponse<string>>
|
|
2104
2102
|
*/
|
|
2105
2103
|
async getRegionFromIMDS(version3, options) {
|
|
2106
|
-
var
|
|
2107
|
-
(
|
|
2104
|
+
var _a2;
|
|
2105
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.RegionDiscoveryGetRegionFromIMDS, this.correlationId);
|
|
2108
2106
|
return this.networkInterface.sendGetRequestAsync(`${Constants.IMDS_ENDPOINT}?api-version=${version3}&format=text`, options, Constants.IMDS_TIMEOUT);
|
|
2109
2107
|
}
|
|
2110
2108
|
/**
|
|
@@ -2113,8 +2111,8 @@ var init_RegionDiscovery = __esm({
|
|
|
2113
2111
|
* @returns Promise<string | null>
|
|
2114
2112
|
*/
|
|
2115
2113
|
async getCurrentVersion(options) {
|
|
2116
|
-
var
|
|
2117
|
-
(
|
|
2114
|
+
var _a2;
|
|
2115
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.RegionDiscoveryGetCurrentVersion, this.correlationId);
|
|
2118
2116
|
try {
|
|
2119
2117
|
const response = await this.networkInterface.sendGetRequestAsync(`${Constants.IMDS_ENDPOINT}?format=json`, options);
|
|
2120
2118
|
if (response.status === ResponseCodes.httpBadRequest && response.body && response.body["newest-versions"] && response.body["newest-versions"].length > 0) {
|
|
@@ -2212,7 +2210,7 @@ function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tena
|
|
|
2212
2210
|
return idTokenEntity;
|
|
2213
2211
|
}
|
|
2214
2212
|
function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId, requestedClaims, requestedClaimsHash) {
|
|
2215
|
-
var
|
|
2213
|
+
var _a2, _b2;
|
|
2216
2214
|
const atEntity = {
|
|
2217
2215
|
homeAccountId,
|
|
2218
2216
|
credentialType: CredentialType.ACCESS_TOKEN,
|
|
@@ -2236,12 +2234,12 @@ function createAccessTokenEntity(homeAccountId, environment, accessToken, client
|
|
|
2236
2234
|
atEntity.requestedClaims = requestedClaims;
|
|
2237
2235
|
atEntity.requestedClaimsHash = requestedClaimsHash;
|
|
2238
2236
|
}
|
|
2239
|
-
if (((
|
|
2237
|
+
if (((_a2 = atEntity.tokenType) == null ? void 0 : _a2.toLowerCase()) !== AuthenticationScheme.BEARER.toLowerCase()) {
|
|
2240
2238
|
atEntity.credentialType = CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
2241
2239
|
switch (atEntity.tokenType) {
|
|
2242
2240
|
case AuthenticationScheme.POP:
|
|
2243
2241
|
const tokenClaims = extractTokenClaims(accessToken, base64Decode);
|
|
2244
|
-
if (!((
|
|
2242
|
+
if (!((_b2 = tokenClaims == null ? void 0 : tokenClaims.cnf) == null ? void 0 : _b2.kid)) {
|
|
2245
2243
|
throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
|
|
2246
2244
|
}
|
|
2247
2245
|
atEntity.keyId = tokenClaims.cnf.kid;
|
|
@@ -2411,10 +2409,10 @@ var init_CacheHelpers = __esm({
|
|
|
2411
2409
|
|
|
2412
2410
|
// ../../node_modules/.store/@azure-msal-common-npm-14.12.0-b3576c04b2/package/dist/authority/Authority.mjs
|
|
2413
2411
|
function getTenantFromAuthorityString(authority) {
|
|
2414
|
-
var
|
|
2412
|
+
var _a2;
|
|
2415
2413
|
const authorityUrl = new UrlString(authority);
|
|
2416
2414
|
const authorityUrlComponents = authorityUrl.getUrlComponents();
|
|
2417
|
-
const tenantId = (
|
|
2415
|
+
const tenantId = (_a2 = authorityUrlComponents.PathSegments.slice(-1)[0]) == null ? void 0 : _a2.toLowerCase();
|
|
2418
2416
|
switch (tenantId) {
|
|
2419
2417
|
case AADAuthorityConstants.COMMON:
|
|
2420
2418
|
case AADAuthorityConstants.ORGANIZATIONS:
|
|
@@ -2675,8 +2673,8 @@ var init_Authority = __esm({
|
|
|
2675
2673
|
* and the /authorize, /token and logout endpoints.
|
|
2676
2674
|
*/
|
|
2677
2675
|
async resolveEndpointsAsync() {
|
|
2678
|
-
var
|
|
2679
|
-
(
|
|
2676
|
+
var _a2, _b2;
|
|
2677
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.AuthorityResolveEndpointsAsync, this.correlationId);
|
|
2680
2678
|
const metadataEntity = this.getCurrentMetadataEntity();
|
|
2681
2679
|
const cloudDiscoverySource = await invokeAsync(this.updateCloudDiscoveryMetadata.bind(this), PerformanceEvents.AuthorityUpdateCloudDiscoveryMetadata, this.logger, this.performanceClient, this.correlationId)(metadataEntity);
|
|
2682
2680
|
this.canonicalAuthority = this.canonicalAuthority.replace(this.hostnameAndPort, metadataEntity.preferred_network);
|
|
@@ -2684,7 +2682,7 @@ var init_Authority = __esm({
|
|
|
2684
2682
|
this.updateCachedMetadata(metadataEntity, cloudDiscoverySource, {
|
|
2685
2683
|
source: endpointSource
|
|
2686
2684
|
});
|
|
2687
|
-
(
|
|
2685
|
+
(_b2 = this.performanceClient) == null ? void 0 : _b2.addFields({
|
|
2688
2686
|
cloudDiscoverySource,
|
|
2689
2687
|
authorityEndpointSource: endpointSource
|
|
2690
2688
|
}, this.correlationId);
|
|
@@ -2735,12 +2733,12 @@ var init_Authority = __esm({
|
|
|
2735
2733
|
* @param metadataEntity
|
|
2736
2734
|
*/
|
|
2737
2735
|
async updateEndpointMetadata(metadataEntity) {
|
|
2738
|
-
var
|
|
2739
|
-
(
|
|
2736
|
+
var _a2, _b2, _c;
|
|
2737
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.AuthorityUpdateEndpointMetadata, this.correlationId);
|
|
2740
2738
|
const localMetadata = this.updateEndpointMetadataFromLocalSources(metadataEntity);
|
|
2741
2739
|
if (localMetadata) {
|
|
2742
2740
|
if (localMetadata.source === AuthorityMetadataSource.HARDCODED_VALUES) {
|
|
2743
|
-
if ((
|
|
2741
|
+
if ((_b2 = this.authorityOptions.azureRegionConfiguration) == null ? void 0 : _b2.azureRegion) {
|
|
2744
2742
|
if (localMetadata.metadata) {
|
|
2745
2743
|
const hardcodedMetadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(localMetadata.metadata);
|
|
2746
2744
|
updateAuthorityEndpointMetadata(metadataEntity, hardcodedMetadata, false);
|
|
@@ -2831,8 +2829,8 @@ var init_Authority = __esm({
|
|
|
2831
2829
|
* @param hasHardcodedMetadata boolean
|
|
2832
2830
|
*/
|
|
2833
2831
|
async getEndpointMetadataFromNetwork() {
|
|
2834
|
-
var
|
|
2835
|
-
(
|
|
2832
|
+
var _a2;
|
|
2833
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.AuthorityGetEndpointMetadataFromNetwork, this.correlationId);
|
|
2836
2834
|
const options = {};
|
|
2837
2835
|
const openIdConfigurationEndpoint = this.defaultOpenIdConfigurationEndpoint;
|
|
2838
2836
|
this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: attempting to retrieve OAuth endpoints from ${openIdConfigurationEndpoint}`);
|
|
@@ -2864,9 +2862,9 @@ var init_Authority = __esm({
|
|
|
2864
2862
|
* User selected Azure region will be used if configured.
|
|
2865
2863
|
*/
|
|
2866
2864
|
async updateMetadataWithRegionalInformation(metadata) {
|
|
2867
|
-
var
|
|
2868
|
-
(
|
|
2869
|
-
const userConfiguredAzureRegion = (
|
|
2865
|
+
var _a2, _b2, _c;
|
|
2866
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation, this.correlationId);
|
|
2867
|
+
const userConfiguredAzureRegion = (_b2 = this.authorityOptions.azureRegionConfiguration) == null ? void 0 : _b2.azureRegion;
|
|
2870
2868
|
if (userConfiguredAzureRegion) {
|
|
2871
2869
|
if (userConfiguredAzureRegion !== Constants.AZURE_REGION_AUTO_DISCOVER_FLAG) {
|
|
2872
2870
|
this.regionDiscoveryMetadata.region_outcome = RegionDiscoveryOutcomes.CONFIGURED_NO_AUTO_DETECTION;
|
|
@@ -2890,8 +2888,8 @@ var init_Authority = __esm({
|
|
|
2890
2888
|
* @returns AuthorityMetadataSource
|
|
2891
2889
|
*/
|
|
2892
2890
|
async updateCloudDiscoveryMetadata(metadataEntity) {
|
|
2893
|
-
var
|
|
2894
|
-
(
|
|
2891
|
+
var _a2;
|
|
2892
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.AuthorityUpdateCloudDiscoveryMetadata, this.correlationId);
|
|
2895
2893
|
const localMetadataSource = this.updateCloudDiscoveryMetadataFromLocalSources(metadataEntity);
|
|
2896
2894
|
if (localMetadataSource) {
|
|
2897
2895
|
return localMetadataSource;
|
|
@@ -2973,8 +2971,8 @@ var init_Authority = __esm({
|
|
|
2973
2971
|
* @param hasHardcodedMetadata boolean
|
|
2974
2972
|
*/
|
|
2975
2973
|
async getCloudDiscoveryMetadataFromNetwork() {
|
|
2976
|
-
var
|
|
2977
|
-
(
|
|
2974
|
+
var _a2;
|
|
2975
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.AuthorityGetCloudDiscoveryMetadataFromNetwork, this.correlationId);
|
|
2978
2976
|
const instanceDiscoveryEndpoint = `${Constants.AAD_INSTANCE_DISCOVERY_ENDPT}${this.canonicalAuthority}oauth2/v2.0/authorize`;
|
|
2979
2977
|
const options = {};
|
|
2980
2978
|
let match = null;
|
|
@@ -3333,21 +3331,21 @@ var init_ICrypto = __esm({
|
|
|
3333
3331
|
init_ClientAuthError();
|
|
3334
3332
|
init_ClientAuthErrorCodes();
|
|
3335
3333
|
DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
3336
|
-
createNewGuid: () => {
|
|
3334
|
+
createNewGuid: /* @__PURE__ */ __name(() => {
|
|
3337
3335
|
throw createClientAuthError(methodNotImplemented);
|
|
3338
|
-
},
|
|
3339
|
-
base64Decode: () => {
|
|
3336
|
+
}, "createNewGuid"),
|
|
3337
|
+
base64Decode: /* @__PURE__ */ __name(() => {
|
|
3340
3338
|
throw createClientAuthError(methodNotImplemented);
|
|
3341
|
-
},
|
|
3342
|
-
base64Encode: () => {
|
|
3339
|
+
}, "base64Decode"),
|
|
3340
|
+
base64Encode: /* @__PURE__ */ __name(() => {
|
|
3343
3341
|
throw createClientAuthError(methodNotImplemented);
|
|
3344
|
-
},
|
|
3345
|
-
base64UrlEncode: () => {
|
|
3342
|
+
}, "base64Encode"),
|
|
3343
|
+
base64UrlEncode: /* @__PURE__ */ __name(() => {
|
|
3346
3344
|
throw createClientAuthError(methodNotImplemented);
|
|
3347
|
-
},
|
|
3348
|
-
encodeKid: () => {
|
|
3345
|
+
}, "base64UrlEncode"),
|
|
3346
|
+
encodeKid: /* @__PURE__ */ __name(() => {
|
|
3349
3347
|
throw createClientAuthError(methodNotImplemented);
|
|
3350
|
-
},
|
|
3348
|
+
}, "encodeKid"),
|
|
3351
3349
|
async getPublicKeyThumbprint() {
|
|
3352
3350
|
throw createClientAuthError(methodNotImplemented);
|
|
3353
3351
|
},
|
|
@@ -3396,8 +3394,8 @@ var init_Logger = __esm({
|
|
|
3396
3394
|
}
|
|
3397
3395
|
static createDefaultLoggerOptions() {
|
|
3398
3396
|
return {
|
|
3399
|
-
loggerCallback: () => {
|
|
3400
|
-
},
|
|
3397
|
+
loggerCallback: /* @__PURE__ */ __name(() => {
|
|
3398
|
+
}, "loggerCallback"),
|
|
3401
3399
|
piiLoggingEnabled: false,
|
|
3402
3400
|
logLevel: LogLevel.Info
|
|
3403
3401
|
};
|
|
@@ -3958,7 +3956,7 @@ var init_AccountEntity = __esm({
|
|
|
3958
3956
|
* @returns
|
|
3959
3957
|
*/
|
|
3960
3958
|
static createFromAccountInfo(accountInfo, cloudGraphHostName, msGraphHost) {
|
|
3961
|
-
var
|
|
3959
|
+
var _a2;
|
|
3962
3960
|
const account = new _AccountEntity();
|
|
3963
3961
|
account.authorityType = accountInfo.authorityType || CacheAccountType.GENERIC_ACCOUNT_TYPE;
|
|
3964
3962
|
account.homeAccountId = accountInfo.homeAccountId;
|
|
@@ -3970,7 +3968,7 @@ var init_AccountEntity = __esm({
|
|
|
3970
3968
|
account.name = accountInfo.name;
|
|
3971
3969
|
account.cloudGraphHostName = cloudGraphHostName;
|
|
3972
3970
|
account.msGraphHost = msGraphHost;
|
|
3973
|
-
account.tenantProfiles = Array.from(((
|
|
3971
|
+
account.tenantProfiles = Array.from(((_a2 = accountInfo.tenantProfiles) == null ? void 0 : _a2.values()) || []);
|
|
3974
3972
|
return account;
|
|
3975
3973
|
}
|
|
3976
3974
|
/**
|
|
@@ -4218,7 +4216,7 @@ var init_CacheManager = __esm({
|
|
|
4218
4216
|
* @param correlationId {?string} correlation id
|
|
4219
4217
|
*/
|
|
4220
4218
|
async saveCacheRecord(cacheRecord, storeInCache, correlationId) {
|
|
4221
|
-
var
|
|
4219
|
+
var _a2, _b2, _c, _d;
|
|
4222
4220
|
if (!cacheRecord) {
|
|
4223
4221
|
throw createClientAuthError(invalidCacheRecord);
|
|
4224
4222
|
}
|
|
@@ -4239,9 +4237,9 @@ var init_CacheManager = __esm({
|
|
|
4239
4237
|
this.setAppMetadata(cacheRecord.appMetadata);
|
|
4240
4238
|
}
|
|
4241
4239
|
} catch (e) {
|
|
4242
|
-
(
|
|
4240
|
+
(_a2 = this.commonLogger) == null ? void 0 : _a2.error(`CacheManager.saveCacheRecord: failed`);
|
|
4243
4241
|
if (e instanceof Error) {
|
|
4244
|
-
(
|
|
4242
|
+
(_b2 = this.commonLogger) == null ? void 0 : _b2.errorPii(`CacheManager.saveCacheRecord: ${e.message}`, correlationId);
|
|
4245
4243
|
if (e.name === "QuotaExceededError" || e.name === "NS_ERROR_DOM_QUOTA_REACHED" || e.message.includes("exceeded the quota")) {
|
|
4246
4244
|
(_c = this.commonLogger) == null ? void 0 : _c.error(`CacheManager.saveCacheRecord: exceeded storage quota`, correlationId);
|
|
4247
4245
|
throw new CacheError(cacheQuotaExceededErrorCode);
|
|
@@ -4295,7 +4293,7 @@ var init_CacheManager = __esm({
|
|
|
4295
4293
|
const allAccountKeys = this.getAccountKeys();
|
|
4296
4294
|
const matchingAccounts = [];
|
|
4297
4295
|
allAccountKeys.forEach((cacheKey) => {
|
|
4298
|
-
var
|
|
4296
|
+
var _a2;
|
|
4299
4297
|
if (!this.isAccountKey(cacheKey, accountFilter.homeAccountId)) {
|
|
4300
4298
|
return;
|
|
4301
4299
|
}
|
|
@@ -4325,7 +4323,7 @@ var init_CacheManager = __esm({
|
|
|
4325
4323
|
localAccountId: accountFilter == null ? void 0 : accountFilter.localAccountId,
|
|
4326
4324
|
name: accountFilter == null ? void 0 : accountFilter.name
|
|
4327
4325
|
};
|
|
4328
|
-
const matchingTenantProfiles = (
|
|
4326
|
+
const matchingTenantProfiles = (_a2 = entity.tenantProfiles) == null ? void 0 : _a2.filter((tenantProfile) => {
|
|
4329
4327
|
return this.tenantProfileMatchesFilter(tenantProfile, tenantProfileFilter);
|
|
4330
4328
|
});
|
|
4331
4329
|
if (matchingTenantProfiles && matchingTenantProfiles.length === 0) {
|
|
@@ -4529,9 +4527,9 @@ var init_CacheManager = __esm({
|
|
|
4529
4527
|
* @returns
|
|
4530
4528
|
*/
|
|
4531
4529
|
updateOutdatedCachedAccount(accountKey, accountEntity, logger) {
|
|
4532
|
-
var
|
|
4530
|
+
var _a2;
|
|
4533
4531
|
if (accountEntity && accountEntity.isSingleTenant()) {
|
|
4534
|
-
(
|
|
4532
|
+
(_a2 = this.commonLogger) == null ? void 0 : _a2.verbose("updateOutdatedCachedAccount: Found a single-tenant (outdated) account entity in the cache, migrating to multi-tenant account entity");
|
|
4535
4533
|
const matchingAccountKeys = this.getAccountKeys().filter((key) => {
|
|
4536
4534
|
return key.startsWith(accountEntity.homeAccountId);
|
|
4537
4535
|
});
|
|
@@ -4933,8 +4931,8 @@ var init_CacheManager = __esm({
|
|
|
4933
4931
|
* @returns true if the downcased name properties are present and match in the filter and the entity
|
|
4934
4932
|
*/
|
|
4935
4933
|
matchName(claims, name3) {
|
|
4936
|
-
var
|
|
4937
|
-
return !!(name3.toLowerCase() === ((
|
|
4934
|
+
var _a2;
|
|
4935
|
+
return !!(name3.toLowerCase() === ((_a2 = claims.name) == null ? void 0 : _a2.toLowerCase()));
|
|
4938
4936
|
}
|
|
4939
4937
|
/**
|
|
4940
4938
|
* helper to match usernames
|
|
@@ -5001,8 +4999,8 @@ var init_CacheManager = __esm({
|
|
|
5001
4999
|
* @param realm
|
|
5002
5000
|
*/
|
|
5003
5001
|
matchRealm(entity, realm) {
|
|
5004
|
-
var
|
|
5005
|
-
return !!(((
|
|
5002
|
+
var _a2;
|
|
5003
|
+
return !!(((_a2 = entity.realm) == null ? void 0 : _a2.toLowerCase()) === realm.toLowerCase());
|
|
5006
5004
|
}
|
|
5007
5005
|
/**
|
|
5008
5006
|
* helper to match nativeAccountId
|
|
@@ -5242,8 +5240,8 @@ var init_ClientConfiguration = __esm({
|
|
|
5242
5240
|
preventCorsPreflight: false
|
|
5243
5241
|
};
|
|
5244
5242
|
DEFAULT_LOGGER_IMPLEMENTATION = {
|
|
5245
|
-
loggerCallback: () => {
|
|
5246
|
-
},
|
|
5243
|
+
loggerCallback: /* @__PURE__ */ __name(() => {
|
|
5244
|
+
}, "loggerCallback"),
|
|
5247
5245
|
piiLoggingEnabled: false,
|
|
5248
5246
|
logLevel: LogLevel.Info,
|
|
5249
5247
|
correlationId: Constants.EMPTY_STRING
|
|
@@ -5325,7 +5323,7 @@ var init_ThrottlingUtils = __esm({
|
|
|
5325
5323
|
* @param thumbprint
|
|
5326
5324
|
*/
|
|
5327
5325
|
static preProcess(cacheManager, thumbprint) {
|
|
5328
|
-
var
|
|
5326
|
+
var _a2;
|
|
5329
5327
|
const key = _ThrottlingUtils.generateThrottlingStorageKey(thumbprint);
|
|
5330
5328
|
const value = cacheManager.getThrottlingCache(key);
|
|
5331
5329
|
if (value) {
|
|
@@ -5333,7 +5331,7 @@ var init_ThrottlingUtils = __esm({
|
|
|
5333
5331
|
cacheManager.removeItem(key);
|
|
5334
5332
|
return;
|
|
5335
5333
|
}
|
|
5336
|
-
throw new ServerError(((
|
|
5334
|
+
throw new ServerError(((_a2 = value.errorCodes) == null ? void 0 : _a2.join(" ")) || Constants.EMPTY_STRING, value.errorMessage, value.subError);
|
|
5337
5335
|
}
|
|
5338
5336
|
}
|
|
5339
5337
|
/**
|
|
@@ -5976,13 +5974,13 @@ var init_BaseClient = __esm({
|
|
|
5976
5974
|
* @param thumbprint
|
|
5977
5975
|
*/
|
|
5978
5976
|
async executePostToTokenEndpoint(tokenEndpoint, queryString, headers, thumbprint, correlationId, queuedEvent) {
|
|
5979
|
-
var
|
|
5977
|
+
var _a2, _b2, _c, _d;
|
|
5980
5978
|
if (queuedEvent) {
|
|
5981
|
-
(
|
|
5979
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(queuedEvent, correlationId);
|
|
5982
5980
|
}
|
|
5983
5981
|
const response = await this.networkManager.sendPostRequest(thumbprint, tokenEndpoint, { body: queryString, headers });
|
|
5984
5982
|
(_d = this.performanceClient) == null ? void 0 : _d.addFields({
|
|
5985
|
-
refreshTokenSize: ((
|
|
5983
|
+
refreshTokenSize: ((_b2 = response.body.refresh_token) == null ? void 0 : _b2.length) || 0,
|
|
5986
5984
|
httpVerToken: ((_c = response.headers) == null ? void 0 : _c[HeaderNames.X_MS_HTTP_VERSION]) || ""
|
|
5987
5985
|
}, correlationId);
|
|
5988
5986
|
if (this.config.serverTelemetryManager && response.status < 500 && response.status !== 429) {
|
|
@@ -5995,8 +5993,8 @@ var init_BaseClient = __esm({
|
|
|
5995
5993
|
* @param updatedAuthority
|
|
5996
5994
|
*/
|
|
5997
5995
|
async updateAuthority(cloudInstanceHostname, correlationId) {
|
|
5998
|
-
var
|
|
5999
|
-
(
|
|
5996
|
+
var _a2;
|
|
5997
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.UpdateTokenEndpointAuthority, correlationId);
|
|
6000
5998
|
const cloudInstanceAuthorityUri = `https://${cloudInstanceHostname}/${this.authority.tenant}/`;
|
|
6001
5999
|
const cloudInstanceAuthority = await createDiscoveredInstance(cloudInstanceAuthorityUri, this.networkClient, this.cacheManager, this.authority.options, this.logger, correlationId, this.performanceClient);
|
|
6002
6000
|
this.authority = cloudInstanceAuthority;
|
|
@@ -6227,8 +6225,8 @@ var init_PopTokenGenerator = __esm({
|
|
|
6227
6225
|
* @returns
|
|
6228
6226
|
*/
|
|
6229
6227
|
async generateCnf(request, logger) {
|
|
6230
|
-
var
|
|
6231
|
-
(
|
|
6228
|
+
var _a2;
|
|
6229
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.PopTokenGenerateCnf, request.correlationId);
|
|
6232
6230
|
const reqCnf = await invokeAsync(this.generateKid.bind(this), PerformanceEvents.PopTokenGenerateCnf, logger, this.performanceClient, request.correlationId)(request);
|
|
6233
6231
|
const reqCnfString = this.cryptoUtils.base64UrlEncode(JSON.stringify(reqCnf));
|
|
6234
6232
|
return {
|
|
@@ -6242,8 +6240,8 @@ var init_PopTokenGenerator = __esm({
|
|
|
6242
6240
|
* @returns
|
|
6243
6241
|
*/
|
|
6244
6242
|
async generateKid(request) {
|
|
6245
|
-
var
|
|
6246
|
-
(
|
|
6243
|
+
var _a2;
|
|
6244
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.PopTokenGenerateKid, request.correlationId);
|
|
6247
6245
|
const kidThumbprint = await this.cryptoUtils.getPublicKeyThumbprint(request);
|
|
6248
6246
|
return {
|
|
6249
6247
|
kid: kidThumbprint,
|
|
@@ -6319,10 +6317,10 @@ var init_TokenCacheContext = __esm({
|
|
|
6319
6317
|
|
|
6320
6318
|
// ../../node_modules/.store/@azure-msal-common-npm-14.12.0-b3576c04b2/package/dist/response/ResponseHandler.mjs
|
|
6321
6319
|
function parseServerErrorNo(serverResponse) {
|
|
6322
|
-
var
|
|
6320
|
+
var _a2, _b2;
|
|
6323
6321
|
const errorCodePrefix = "code=";
|
|
6324
|
-
const errorCodePrefixIndex = (
|
|
6325
|
-
return errorCodePrefixIndex && errorCodePrefixIndex >= 0 ? (
|
|
6322
|
+
const errorCodePrefixIndex = (_a2 = serverResponse.error_uri) == null ? void 0 : _a2.lastIndexOf(errorCodePrefix);
|
|
6323
|
+
return errorCodePrefixIndex && errorCodePrefixIndex >= 0 ? (_b2 = serverResponse.error_uri) == null ? void 0 : _b2.substring(errorCodePrefixIndex + errorCodePrefix.length) : void 0;
|
|
6326
6324
|
}
|
|
6327
6325
|
function buildAccountToCache(cacheStorage, authority, homeAccountId, idTokenClaims, base64Decode, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
|
|
6328
6326
|
logger == null ? void 0 : logger.verbose("setCachedAccount called");
|
|
@@ -6423,10 +6421,10 @@ var init_ResponseHandler = __esm({
|
|
|
6423
6421
|
* @param refreshAccessToken
|
|
6424
6422
|
*/
|
|
6425
6423
|
validateTokenResponse(serverResponse, refreshAccessToken) {
|
|
6426
|
-
var
|
|
6424
|
+
var _a2;
|
|
6427
6425
|
if (serverResponse.error || serverResponse.error_description || serverResponse.suberror) {
|
|
6428
6426
|
const errString = `${serverResponse.error_codes} - [${serverResponse.timestamp}]: ${serverResponse.error_description} - Correlation ID: ${serverResponse.correlation_id} - Trace ID: ${serverResponse.trace_id}`;
|
|
6429
|
-
const serverErrorNo = ((
|
|
6427
|
+
const serverErrorNo = ((_a2 = serverResponse.error_codes) == null ? void 0 : _a2.length) ? serverResponse.error_codes[0] : void 0;
|
|
6430
6428
|
const serverError = new ServerError(serverResponse.error, errString, serverResponse.suberror, serverErrorNo);
|
|
6431
6429
|
if (refreshAccessToken && serverResponse.status && serverResponse.status >= HttpStatus.SERVER_ERROR_RANGE_START && serverResponse.status <= HttpStatus.SERVER_ERROR_RANGE_END) {
|
|
6432
6430
|
this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently unavailable and the access token is unable to be refreshed.
|
|
@@ -6449,8 +6447,8 @@ ${serverError}`);
|
|
|
6449
6447
|
* @param authority
|
|
6450
6448
|
*/
|
|
6451
6449
|
async handleServerTokenResponse(serverTokenResponse, authority, reqTimestamp, request, authCodePayload, userAssertionHash, handlingRefreshTokenResponse, forceCacheRefreshTokenResponse, serverRequestId) {
|
|
6452
|
-
var
|
|
6453
|
-
(
|
|
6450
|
+
var _a2;
|
|
6451
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.HandleServerTokenResponse, serverTokenResponse.correlation_id);
|
|
6454
6452
|
let idTokenClaims;
|
|
6455
6453
|
if (serverTokenResponse.id_token) {
|
|
6456
6454
|
idTokenClaims = extractTokenClaims(serverTokenResponse.id_token || Constants.EMPTY_STRING, this.cryptoObj.base64Decode);
|
|
@@ -6570,7 +6568,7 @@ ${serverError}`);
|
|
|
6570
6568
|
* @param stateString
|
|
6571
6569
|
*/
|
|
6572
6570
|
static async generateAuthenticationResult(cryptoObj, authority, cacheRecord, fromTokenCache, request, idTokenClaims, requestState, serverTokenResponse, requestId) {
|
|
6573
|
-
var
|
|
6571
|
+
var _a2, _b2, _c, _d, _e;
|
|
6574
6572
|
let accessToken = Constants.EMPTY_STRING;
|
|
6575
6573
|
let responseScopes = [];
|
|
6576
6574
|
let expiresOn = null;
|
|
@@ -6608,7 +6606,7 @@ ${serverError}`);
|
|
|
6608
6606
|
void 0,
|
|
6609
6607
|
// tenantProfile optional
|
|
6610
6608
|
idTokenClaims,
|
|
6611
|
-
(
|
|
6609
|
+
(_a2 = cacheRecord.idToken) == null ? void 0 : _a2.secret
|
|
6612
6610
|
) : null;
|
|
6613
6611
|
return {
|
|
6614
6612
|
authority: authority.canonicalAuthority,
|
|
@@ -6616,7 +6614,7 @@ ${serverError}`);
|
|
|
6616
6614
|
tenantId: tid,
|
|
6617
6615
|
scopes: responseScopes,
|
|
6618
6616
|
account: accountInfo,
|
|
6619
|
-
idToken: ((
|
|
6617
|
+
idToken: ((_b2 = cacheRecord == null ? void 0 : cacheRecord.idToken) == null ? void 0 : _b2.secret) || "",
|
|
6620
6618
|
idTokenClaims: idTokenClaims || {},
|
|
6621
6619
|
accessToken,
|
|
6622
6620
|
fromCache: fromTokenCache,
|
|
@@ -6668,10 +6666,10 @@ var init_AuthorizationCodeClient = __esm({
|
|
|
6668
6666
|
init_ClientConfigurationErrorCodes();
|
|
6669
6667
|
_AuthorizationCodeClient = class _AuthorizationCodeClient extends BaseClient {
|
|
6670
6668
|
constructor(configuration, performanceClient) {
|
|
6671
|
-
var
|
|
6669
|
+
var _a2;
|
|
6672
6670
|
super(configuration, performanceClient);
|
|
6673
6671
|
this.includeRedirectUri = true;
|
|
6674
|
-
this.oidcDefaultScopes = (
|
|
6672
|
+
this.oidcDefaultScopes = (_a2 = this.config.authOptions.authority.options.OIDCOptions) == null ? void 0 : _a2.defaultScopes;
|
|
6675
6673
|
}
|
|
6676
6674
|
/**
|
|
6677
6675
|
* Creates the URL of the authorization request letting the user input credentials and consent to the
|
|
@@ -6684,8 +6682,8 @@ var init_AuthorizationCodeClient = __esm({
|
|
|
6684
6682
|
* @param request
|
|
6685
6683
|
*/
|
|
6686
6684
|
async getAuthCodeUrl(request) {
|
|
6687
|
-
var
|
|
6688
|
-
(
|
|
6685
|
+
var _a2;
|
|
6686
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.GetAuthCodeUrl, request.correlationId);
|
|
6689
6687
|
const queryString = await invokeAsync(this.createAuthCodeUrlQueryString.bind(this), PerformanceEvents.AuthClientCreateQueryString, this.logger, this.performanceClient, request.correlationId)(request);
|
|
6690
6688
|
return UrlString.appendQueryString(this.authority.authorizationEndpoint, queryString);
|
|
6691
6689
|
}
|
|
@@ -6695,14 +6693,14 @@ var init_AuthorizationCodeClient = __esm({
|
|
|
6695
6693
|
* @param request
|
|
6696
6694
|
*/
|
|
6697
6695
|
async acquireToken(request, authCodePayload) {
|
|
6698
|
-
var
|
|
6699
|
-
(
|
|
6696
|
+
var _a2, _b2;
|
|
6697
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.AuthClientAcquireToken, request.correlationId);
|
|
6700
6698
|
if (!request.code) {
|
|
6701
6699
|
throw createClientAuthError(requestCannotBeMade);
|
|
6702
6700
|
}
|
|
6703
6701
|
const reqTimestamp = nowSeconds();
|
|
6704
6702
|
const response = await invokeAsync(this.executeTokenRequest.bind(this), PerformanceEvents.AuthClientExecuteTokenRequest, this.logger, this.performanceClient, request.correlationId)(this.authority, request);
|
|
6705
|
-
const requestId = (
|
|
6703
|
+
const requestId = (_b2 = response.headers) == null ? void 0 : _b2[HeaderNames.X_MS_REQUEST_ID];
|
|
6706
6704
|
const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin, this.performanceClient);
|
|
6707
6705
|
responseHandler.validateTokenResponse(response.body);
|
|
6708
6706
|
return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, authCodePayload, void 0, void 0, void 0, requestId);
|
|
@@ -6738,8 +6736,8 @@ var init_AuthorizationCodeClient = __esm({
|
|
|
6738
6736
|
* @param request
|
|
6739
6737
|
*/
|
|
6740
6738
|
async executeTokenRequest(authority, request) {
|
|
6741
|
-
var
|
|
6742
|
-
(
|
|
6739
|
+
var _a2, _b2;
|
|
6740
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.AuthClientExecuteTokenRequest, request.correlationId);
|
|
6743
6741
|
const queryParametersString = this.createTokenQueryParameters(request);
|
|
6744
6742
|
const endpoint = UrlString.appendQueryString(authority.tokenEndpoint, queryParametersString);
|
|
6745
6743
|
const requestBody = await invokeAsync(this.createTokenRequestBody.bind(this), PerformanceEvents.AuthClientCreateTokenRequestBody, this.logger, this.performanceClient, request.correlationId)(request);
|
|
@@ -6757,7 +6755,7 @@ var init_AuthorizationCodeClient = __esm({
|
|
|
6757
6755
|
}
|
|
6758
6756
|
const headers = this.createTokenRequestHeaders(ccsCredential || request.ccsCredential);
|
|
6759
6757
|
const thumbprint = {
|
|
6760
|
-
clientId: ((
|
|
6758
|
+
clientId: ((_b2 = request.tokenBodyParameters) == null ? void 0 : _b2.clientId) || this.config.authOptions.clientId,
|
|
6761
6759
|
authority: authority.canonicalAuthority,
|
|
6762
6760
|
scopes: request.scopes,
|
|
6763
6761
|
claims: request.claims,
|
|
@@ -6774,10 +6772,10 @@ var init_AuthorizationCodeClient = __esm({
|
|
|
6774
6772
|
* @param request
|
|
6775
6773
|
*/
|
|
6776
6774
|
async createTokenRequestBody(request) {
|
|
6777
|
-
var
|
|
6778
|
-
(
|
|
6775
|
+
var _a2, _b2;
|
|
6776
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.AuthClientCreateTokenRequestBody, request.correlationId);
|
|
6779
6777
|
const parameterBuilder = new RequestParameterBuilder();
|
|
6780
|
-
parameterBuilder.addClientId(((
|
|
6778
|
+
parameterBuilder.addClientId(((_b2 = request.tokenBodyParameters) == null ? void 0 : _b2[CLIENT_ID]) || this.config.authOptions.clientId);
|
|
6781
6779
|
if (!this.includeRedirectUri) {
|
|
6782
6780
|
RequestValidator.validateRedirectUri(request.redirectUri);
|
|
6783
6781
|
} else {
|
|
@@ -6870,10 +6868,10 @@ var init_AuthorizationCodeClient = __esm({
|
|
|
6870
6868
|
* @param request
|
|
6871
6869
|
*/
|
|
6872
6870
|
async createAuthCodeUrlQueryString(request) {
|
|
6873
|
-
var
|
|
6874
|
-
(
|
|
6871
|
+
var _a2, _b2;
|
|
6872
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.AuthClientCreateQueryString, request.correlationId);
|
|
6875
6873
|
const parameterBuilder = new RequestParameterBuilder();
|
|
6876
|
-
parameterBuilder.addClientId(((
|
|
6874
|
+
parameterBuilder.addClientId(((_b2 = request.extraQueryParameters) == null ? void 0 : _b2[CLIENT_ID]) || this.config.authOptions.clientId);
|
|
6877
6875
|
const requestScopes = [
|
|
6878
6876
|
...request.scopes || [],
|
|
6879
6877
|
...request.extraScopesToConsent || []
|
|
@@ -7008,12 +7006,12 @@ var init_AuthorizationCodeClient = __esm({
|
|
|
7008
7006
|
* @param account
|
|
7009
7007
|
*/
|
|
7010
7008
|
extractAccountSid(account) {
|
|
7011
|
-
var
|
|
7012
|
-
return ((
|
|
7009
|
+
var _a2;
|
|
7010
|
+
return ((_a2 = account.idTokenClaims) == null ? void 0 : _a2.sid) || null;
|
|
7013
7011
|
}
|
|
7014
7012
|
extractLoginHint(account) {
|
|
7015
|
-
var
|
|
7016
|
-
return ((
|
|
7013
|
+
var _a2;
|
|
7014
|
+
return ((_a2 = account.idTokenClaims) == null ? void 0 : _a2.login_hint) || null;
|
|
7017
7015
|
}
|
|
7018
7016
|
};
|
|
7019
7017
|
__name(_AuthorizationCodeClient, "AuthorizationCodeClient");
|
|
@@ -7055,11 +7053,11 @@ var init_RefreshTokenClient = __esm({
|
|
|
7055
7053
|
super(configuration, performanceClient);
|
|
7056
7054
|
}
|
|
7057
7055
|
async acquireToken(request) {
|
|
7058
|
-
var
|
|
7059
|
-
(
|
|
7056
|
+
var _a2, _b2;
|
|
7057
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireToken, request.correlationId);
|
|
7060
7058
|
const reqTimestamp = nowSeconds();
|
|
7061
7059
|
const response = await invokeAsync(this.executeTokenRequest.bind(this), PerformanceEvents.RefreshTokenClientExecuteTokenRequest, this.logger, this.performanceClient, request.correlationId)(request, this.authority);
|
|
7062
|
-
const requestId = (
|
|
7060
|
+
const requestId = (_b2 = response.headers) == null ? void 0 : _b2[HeaderNames.X_MS_REQUEST_ID];
|
|
7063
7061
|
const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin);
|
|
7064
7062
|
responseHandler.validateTokenResponse(response.body);
|
|
7065
7063
|
return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, void 0, void 0, true, request.forceCache, requestId);
|
|
@@ -7069,11 +7067,11 @@ var init_RefreshTokenClient = __esm({
|
|
|
7069
7067
|
* @param request
|
|
7070
7068
|
*/
|
|
7071
7069
|
async acquireTokenByRefreshToken(request) {
|
|
7072
|
-
var
|
|
7070
|
+
var _a2;
|
|
7073
7071
|
if (!request) {
|
|
7074
7072
|
throw createClientConfigurationError(tokenRequestEmpty);
|
|
7075
7073
|
}
|
|
7076
|
-
(
|
|
7074
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken, request.correlationId);
|
|
7077
7075
|
if (!request.account) {
|
|
7078
7076
|
throw createClientAuthError(noAccountInSilentRequest);
|
|
7079
7077
|
}
|
|
@@ -7098,8 +7096,8 @@ var init_RefreshTokenClient = __esm({
|
|
|
7098
7096
|
* @param request
|
|
7099
7097
|
*/
|
|
7100
7098
|
async acquireTokenWithCachedRefreshToken(request, foci) {
|
|
7101
|
-
var
|
|
7102
|
-
(
|
|
7099
|
+
var _a2;
|
|
7100
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, request.correlationId);
|
|
7103
7101
|
const refreshToken = invoke(this.cacheManager.getRefreshToken.bind(this.cacheManager), PerformanceEvents.CacheManagerGetRefreshToken, this.logger, this.performanceClient, request.correlationId)(request.account, foci, void 0, this.performanceClient, request.correlationId);
|
|
7104
7102
|
if (!refreshToken) {
|
|
7105
7103
|
throw createInteractionRequiredAuthError(noTokensFound);
|
|
@@ -7133,14 +7131,14 @@ var init_RefreshTokenClient = __esm({
|
|
|
7133
7131
|
* @param authority
|
|
7134
7132
|
*/
|
|
7135
7133
|
async executeTokenRequest(request, authority) {
|
|
7136
|
-
var
|
|
7137
|
-
(
|
|
7134
|
+
var _a2, _b2;
|
|
7135
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.RefreshTokenClientExecuteTokenRequest, request.correlationId);
|
|
7138
7136
|
const queryParametersString = this.createTokenQueryParameters(request);
|
|
7139
7137
|
const endpoint = UrlString.appendQueryString(authority.tokenEndpoint, queryParametersString);
|
|
7140
7138
|
const requestBody = await invokeAsync(this.createTokenRequestBody.bind(this), PerformanceEvents.RefreshTokenClientCreateTokenRequestBody, this.logger, this.performanceClient, request.correlationId)(request);
|
|
7141
7139
|
const headers = this.createTokenRequestHeaders(request.ccsCredential);
|
|
7142
7140
|
const thumbprint = {
|
|
7143
|
-
clientId: ((
|
|
7141
|
+
clientId: ((_b2 = request.tokenBodyParameters) == null ? void 0 : _b2.clientId) || this.config.authOptions.clientId,
|
|
7144
7142
|
authority: authority.canonicalAuthority,
|
|
7145
7143
|
scopes: request.scopes,
|
|
7146
7144
|
claims: request.claims,
|
|
@@ -7157,11 +7155,11 @@ var init_RefreshTokenClient = __esm({
|
|
|
7157
7155
|
* @param request
|
|
7158
7156
|
*/
|
|
7159
7157
|
async createTokenRequestBody(request) {
|
|
7160
|
-
var
|
|
7161
|
-
(
|
|
7158
|
+
var _a2, _b2, _c;
|
|
7159
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.RefreshTokenClientCreateTokenRequestBody, request.correlationId);
|
|
7162
7160
|
const correlationId = request.correlationId;
|
|
7163
7161
|
const parameterBuilder = new RequestParameterBuilder();
|
|
7164
|
-
parameterBuilder.addClientId(((
|
|
7162
|
+
parameterBuilder.addClientId(((_b2 = request.tokenBodyParameters) == null ? void 0 : _b2[CLIENT_ID]) || this.config.authOptions.clientId);
|
|
7165
7163
|
if (request.redirectUri) {
|
|
7166
7164
|
parameterBuilder.addRedirectUri(request.redirectUri);
|
|
7167
7165
|
}
|
|
@@ -7257,11 +7255,11 @@ var init_SilentFlowClient = __esm({
|
|
|
7257
7255
|
* @param request
|
|
7258
7256
|
*/
|
|
7259
7257
|
async acquireToken(request) {
|
|
7260
|
-
var
|
|
7258
|
+
var _a2;
|
|
7261
7259
|
try {
|
|
7262
7260
|
const [authResponse, cacheOutcome] = await this.acquireCachedToken({
|
|
7263
7261
|
...request,
|
|
7264
|
-
scopes: ((
|
|
7262
|
+
scopes: ((_a2 = request.scopes) == null ? void 0 : _a2.length) ? request.scopes : [...OIDC_DEFAULT_SCOPES]
|
|
7265
7263
|
});
|
|
7266
7264
|
if (cacheOutcome === CacheOutcome.PROACTIVELY_REFRESHED) {
|
|
7267
7265
|
this.logger.info("SilentFlowClient:acquireCachedToken - Cached access token's refreshOn property has been exceeded'. It's not expired, but must be refreshed.");
|
|
@@ -7284,8 +7282,8 @@ var init_SilentFlowClient = __esm({
|
|
|
7284
7282
|
* @param request
|
|
7285
7283
|
*/
|
|
7286
7284
|
async acquireCachedToken(request) {
|
|
7287
|
-
var
|
|
7288
|
-
(
|
|
7285
|
+
var _a2;
|
|
7286
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.SilentFlowClientAcquireCachedToken, request.correlationId);
|
|
7289
7287
|
let lastCacheOutcome = CacheOutcome.NOT_APPLICABLE;
|
|
7290
7288
|
if (request.forceRefresh || !this.config.cacheOptions.claimsBasedCachingEnabled && !StringUtils.isEmptyObj(request.claims)) {
|
|
7291
7289
|
this.setCacheOutcome(CacheOutcome.FORCE_REFRESH_OR_CLAIMS, request.correlationId);
|
|
@@ -7324,9 +7322,9 @@ var init_SilentFlowClient = __esm({
|
|
|
7324
7322
|
];
|
|
7325
7323
|
}
|
|
7326
7324
|
setCacheOutcome(cacheOutcome, correlationId) {
|
|
7327
|
-
var
|
|
7328
|
-
(
|
|
7329
|
-
(
|
|
7325
|
+
var _a2, _b2;
|
|
7326
|
+
(_a2 = this.serverTelemetryManager) == null ? void 0 : _a2.setCacheOutcome(cacheOutcome);
|
|
7327
|
+
(_b2 = this.performanceClient) == null ? void 0 : _b2.addFields({
|
|
7330
7328
|
cacheOutcome
|
|
7331
7329
|
}, correlationId);
|
|
7332
7330
|
if (cacheOutcome !== CacheOutcome.NOT_APPLICABLE) {
|
|
@@ -7338,8 +7336,8 @@ var init_SilentFlowClient = __esm({
|
|
|
7338
7336
|
* @param cacheRecord
|
|
7339
7337
|
*/
|
|
7340
7338
|
async generateResultFromCacheRecord(cacheRecord, request) {
|
|
7341
|
-
var
|
|
7342
|
-
(
|
|
7339
|
+
var _a2;
|
|
7340
|
+
(_a2 = this.performanceClient) == null ? void 0 : _a2.addQueueMeasurement(PerformanceEvents.SilentFlowClientGenerateResultFromCacheRecord, request.correlationId);
|
|
7343
7341
|
let idTokenClaims;
|
|
7344
7342
|
if (cacheRecord.idToken) {
|
|
7345
7343
|
idTokenClaims = extractTokenClaims(cacheRecord.idToken.secret, this.config.cryptoInterface.base64Decode);
|
|
@@ -7604,7 +7602,7 @@ var init_Deserializer = __esm({
|
|
|
7604
7602
|
const accountObjects = {};
|
|
7605
7603
|
if (accounts) {
|
|
7606
7604
|
Object.keys(accounts).map(function(key) {
|
|
7607
|
-
var
|
|
7605
|
+
var _a2;
|
|
7608
7606
|
const serializedAcc = accounts[key];
|
|
7609
7607
|
const mappedAcc = {
|
|
7610
7608
|
homeAccountId: serializedAcc.home_account_id,
|
|
@@ -7617,7 +7615,7 @@ var init_Deserializer = __esm({
|
|
|
7617
7615
|
clientInfo: serializedAcc.client_info,
|
|
7618
7616
|
lastModificationTime: serializedAcc.last_modification_time,
|
|
7619
7617
|
lastModificationApp: serializedAcc.last_modification_app,
|
|
7620
|
-
tenantProfiles: (
|
|
7618
|
+
tenantProfiles: (_a2 = serializedAcc.tenantProfiles) == null ? void 0 : _a2.map((serializedTenantProfile) => {
|
|
7621
7619
|
return JSON.parse(serializedTenantProfile);
|
|
7622
7620
|
})
|
|
7623
7621
|
};
|
|
@@ -8409,8 +8407,8 @@ var init_Configuration = __esm({
|
|
|
8409
8407
|
claimsBasedCachingEnabled: false
|
|
8410
8408
|
};
|
|
8411
8409
|
DEFAULT_LOGGER_OPTIONS = {
|
|
8412
|
-
loggerCallback: () => {
|
|
8413
|
-
},
|
|
8410
|
+
loggerCallback: /* @__PURE__ */ __name(() => {
|
|
8411
|
+
}, "loggerCallback"),
|
|
8414
8412
|
piiLoggingEnabled: false,
|
|
8415
8413
|
logLevel: LogLevel.Info
|
|
8416
8414
|
};
|
|
@@ -10186,8 +10184,7 @@ var require_JsonWebTokenError = __commonJS({
|
|
|
10186
10184
|
}
|
|
10187
10185
|
this.name = "JsonWebTokenError";
|
|
10188
10186
|
this.message = message;
|
|
10189
|
-
if (error)
|
|
10190
|
-
this.inner = error;
|
|
10187
|
+
if (error) this.inner = error;
|
|
10191
10188
|
}, "JsonWebTokenError");
|
|
10192
10189
|
JsonWebTokenError.prototype = Object.create(Error.prototype);
|
|
10193
10190
|
JsonWebTokenError.prototype.constructor = JsonWebTokenError;
|
|
@@ -11958,19 +11955,18 @@ var require_subset = __commonJS({
|
|
|
11958
11955
|
sub = new Range(sub, options);
|
|
11959
11956
|
dom = new Range(dom, options);
|
|
11960
11957
|
let sawNonNull = false;
|
|
11961
|
-
OUTER:
|
|
11962
|
-
for (const
|
|
11963
|
-
|
|
11964
|
-
|
|
11965
|
-
|
|
11966
|
-
|
|
11967
|
-
continue OUTER;
|
|
11968
|
-
}
|
|
11969
|
-
}
|
|
11970
|
-
if (sawNonNull) {
|
|
11971
|
-
return false;
|
|
11958
|
+
OUTER: for (const simpleSub of sub.set) {
|
|
11959
|
+
for (const simpleDom of dom.set) {
|
|
11960
|
+
const isSub = simpleSubset(simpleSub, simpleDom, options);
|
|
11961
|
+
sawNonNull = sawNonNull || isSub !== null;
|
|
11962
|
+
if (isSub) {
|
|
11963
|
+
continue OUTER;
|
|
11972
11964
|
}
|
|
11973
11965
|
}
|
|
11966
|
+
if (sawNonNull) {
|
|
11967
|
+
return false;
|
|
11968
|
+
}
|
|
11969
|
+
}
|
|
11974
11970
|
return true;
|
|
11975
11971
|
}, "subset");
|
|
11976
11972
|
var minimumVersionWithPreRelease = [new Comparator(">=0.0.0-0")];
|
|
@@ -12231,11 +12227,9 @@ var require_validateAsymmetricKey = __commonJS({
|
|
|
12231
12227
|
ES512: "secp521r1"
|
|
12232
12228
|
};
|
|
12233
12229
|
module.exports = function(algorithm, key) {
|
|
12234
|
-
if (!algorithm || !key)
|
|
12235
|
-
return;
|
|
12230
|
+
if (!algorithm || !key) return;
|
|
12236
12231
|
const keyType = key.asymmetricKeyType;
|
|
12237
|
-
if (!keyType)
|
|
12238
|
-
return;
|
|
12232
|
+
if (!keyType) return;
|
|
12239
12233
|
const allowedAlgorithms = allowedAlgorithmsForKeys[keyType];
|
|
12240
12234
|
if (!allowedAlgorithms) {
|
|
12241
12235
|
throw new Error(`Unknown key type "${keyType}".`);
|
|
@@ -12312,8 +12306,7 @@ var require_verify = __commonJS({
|
|
|
12312
12306
|
done = callback;
|
|
12313
12307
|
} else {
|
|
12314
12308
|
done = /* @__PURE__ */ __name(function(err, data) {
|
|
12315
|
-
if (err)
|
|
12316
|
-
throw err;
|
|
12309
|
+
if (err) throw err;
|
|
12317
12310
|
return data;
|
|
12318
12311
|
}, "done");
|
|
12319
12312
|
}
|
|
@@ -12987,15 +12980,15 @@ var require_sign = __commonJS({
|
|
|
12987
12980
|
SUPPORTED_ALGS.splice(3, 0, "PS256", "PS384", "PS512");
|
|
12988
12981
|
}
|
|
12989
12982
|
var sign_options_schema = {
|
|
12990
|
-
expiresIn: { isValid: function(value) {
|
|
12983
|
+
expiresIn: { isValid: /* @__PURE__ */ __name(function(value) {
|
|
12991
12984
|
return isInteger(value) || isString(value) && value;
|
|
12992
|
-
}, message: '"expiresIn" should be a number of seconds or string representing a timespan' },
|
|
12993
|
-
notBefore: { isValid: function(value) {
|
|
12985
|
+
}, "isValid"), message: '"expiresIn" should be a number of seconds or string representing a timespan' },
|
|
12986
|
+
notBefore: { isValid: /* @__PURE__ */ __name(function(value) {
|
|
12994
12987
|
return isInteger(value) || isString(value) && value;
|
|
12995
|
-
}, message: '"notBefore" should be a number of seconds or string representing a timespan' },
|
|
12996
|
-
audience: { isValid: function(value) {
|
|
12988
|
+
}, "isValid"), message: '"notBefore" should be a number of seconds or string representing a timespan' },
|
|
12989
|
+
audience: { isValid: /* @__PURE__ */ __name(function(value) {
|
|
12997
12990
|
return isString(value) || Array.isArray(value);
|
|
12998
|
-
}, message: '"audience" must be a string or array' },
|
|
12991
|
+
}, "isValid"), message: '"audience" must be a string or array' },
|
|
12999
12992
|
algorithm: { isValid: includes.bind(null, SUPPORTED_ALGS), message: '"algorithm" must be a valid string enum value' },
|
|
13000
12993
|
header: { isValid: isPlainObject, message: '"header" must be an object' },
|
|
13001
12994
|
encoding: { isValid: isString, message: '"encoding" must be a string' },
|
|
@@ -14173,7 +14166,7 @@ var init_PublicClientApplication = __esm({
|
|
|
14173
14166
|
* Acquires a token interactively via the browser by requesting an authorization code then exchanging it for a token.
|
|
14174
14167
|
*/
|
|
14175
14168
|
async acquireTokenInteractive(request) {
|
|
14176
|
-
var
|
|
14169
|
+
var _a2;
|
|
14177
14170
|
const correlationId = request.correlationId || this.cryptoProvider.createNewGuid();
|
|
14178
14171
|
this.logger.trace("acquireTokenInteractive called", correlationId);
|
|
14179
14172
|
const { openBrowser, successTemplate, errorTemplate, windowHandle, loopbackClient: customLoopbackClient, ...remainingProperties } = request;
|
|
@@ -14189,7 +14182,7 @@ var init_PublicClientApplication = __esm({
|
|
|
14189
14182
|
...remainingProperties.extraQueryParameters,
|
|
14190
14183
|
...remainingProperties.tokenQueryParameters
|
|
14191
14184
|
},
|
|
14192
|
-
accountId: (
|
|
14185
|
+
accountId: (_a2 = remainingProperties.account) == null ? void 0 : _a2.nativeAccountId
|
|
14193
14186
|
};
|
|
14194
14187
|
return this.nativeBrokerPlugin.acquireTokenInteractive(brokerRequest, windowHandle);
|
|
14195
14188
|
}
|
|
@@ -14359,7 +14352,7 @@ var init_ClientCredentialClient = __esm({
|
|
|
14359
14352
|
* looks up cache if the tokens are cached already
|
|
14360
14353
|
*/
|
|
14361
14354
|
async getCachedAuthenticationResult(request, config, cryptoUtils, authority, cacheManager, serverTelemetryManager) {
|
|
14362
|
-
var
|
|
14355
|
+
var _a2, _b2;
|
|
14363
14356
|
const clientConfiguration = config;
|
|
14364
14357
|
const managedIdentityConfiguration = config;
|
|
14365
14358
|
let lastCacheOutcome = CacheOutcome.NOT_APPLICABLE;
|
|
@@ -14368,7 +14361,7 @@ var init_ClientCredentialClient = __esm({
|
|
|
14368
14361
|
cacheContext = new TokenCacheContext(clientConfiguration.serializableCache, false);
|
|
14369
14362
|
await clientConfiguration.persistencePlugin.beforeCacheAccess(cacheContext);
|
|
14370
14363
|
}
|
|
14371
|
-
const cachedAccessToken = this.readAccessTokenFromCache(authority, ((
|
|
14364
|
+
const cachedAccessToken = this.readAccessTokenFromCache(authority, ((_a2 = managedIdentityConfiguration.managedIdentityId) == null ? void 0 : _a2.id) || clientConfiguration.authOptions.clientId, new ScopeSet(request.scopes || []), cacheManager);
|
|
14372
14365
|
if (clientConfiguration.serializableCache && clientConfiguration.persistencePlugin && cacheContext) {
|
|
14373
14366
|
await clientConfiguration.persistencePlugin.afterCacheAccess(cacheContext);
|
|
14374
14367
|
}
|
|
@@ -14376,7 +14369,7 @@ var init_ClientCredentialClient = __esm({
|
|
|
14376
14369
|
serverTelemetryManager == null ? void 0 : serverTelemetryManager.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN);
|
|
14377
14370
|
return [null, CacheOutcome.NO_CACHED_ACCESS_TOKEN];
|
|
14378
14371
|
}
|
|
14379
|
-
if (TimeUtils_exports.isTokenExpired(cachedAccessToken.expiresOn, ((
|
|
14372
|
+
if (TimeUtils_exports.isTokenExpired(cachedAccessToken.expiresOn, ((_b2 = clientConfiguration.systemOptions) == null ? void 0 : _b2.tokenRenewalOffsetSeconds) || DEFAULT_TOKEN_RENEWAL_OFFSET_SEC)) {
|
|
14380
14373
|
serverTelemetryManager == null ? void 0 : serverTelemetryManager.setCacheOutcome(CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED);
|
|
14381
14374
|
return [null, CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED];
|
|
14382
14375
|
}
|
|
@@ -14538,14 +14531,14 @@ var init_OnBehalfOfClient = __esm({
|
|
|
14538
14531
|
* @param request
|
|
14539
14532
|
*/
|
|
14540
14533
|
async getCachedAuthenticationResult(request) {
|
|
14541
|
-
var
|
|
14534
|
+
var _a2, _b2;
|
|
14542
14535
|
const cachedAccessToken = this.readAccessTokenFromCacheForOBO(this.config.authOptions.clientId, request);
|
|
14543
14536
|
if (!cachedAccessToken) {
|
|
14544
|
-
(
|
|
14537
|
+
(_a2 = this.serverTelemetryManager) == null ? void 0 : _a2.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN);
|
|
14545
14538
|
this.logger.info("SilentFlowClient:acquireCachedToken - No access token found in cache for the given properties.");
|
|
14546
14539
|
throw createClientAuthError(ClientAuthErrorCodes_exports.tokenRefreshRequired);
|
|
14547
14540
|
} else if (TimeUtils_exports.isTokenExpired(cachedAccessToken.expiresOn, this.config.systemOptions.tokenRenewalOffsetSeconds)) {
|
|
14548
|
-
(
|
|
14541
|
+
(_b2 = this.serverTelemetryManager) == null ? void 0 : _b2.setCacheOutcome(CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED);
|
|
14549
14542
|
this.logger.info(`OnbehalfofFlow:getCachedAuthenticationResult - Cached access token is expired or will expire within ${this.config.systemOptions.tokenRenewalOffsetSeconds} seconds.`);
|
|
14550
14543
|
throw createClientAuthError(ClientAuthErrorCodes_exports.tokenRefreshRequired);
|
|
14551
14544
|
}
|
|
@@ -14812,7 +14805,7 @@ var init_ConfidentialClientApplication = __esm({
|
|
|
14812
14805
|
}
|
|
14813
14806
|
}
|
|
14814
14807
|
setClientCredential(configuration) {
|
|
14815
|
-
var
|
|
14808
|
+
var _a2;
|
|
14816
14809
|
const clientSecretNotEmpty = !!configuration.auth.clientSecret;
|
|
14817
14810
|
const clientAssertionNotEmpty = !!configuration.auth.clientAssertion;
|
|
14818
14811
|
const certificate = configuration.auth.clientCertificate || {
|
|
@@ -14837,7 +14830,7 @@ var init_ConfidentialClientApplication = __esm({
|
|
|
14837
14830
|
if (!certificateNotEmpty) {
|
|
14838
14831
|
throw createClientAuthError(ClientAuthErrorCodes_exports.invalidClientCredential);
|
|
14839
14832
|
} else {
|
|
14840
|
-
this.clientAssertion = ClientAssertion.fromCertificate(certificate.thumbprint, certificate.privateKey, (
|
|
14833
|
+
this.clientAssertion = ClientAssertion.fromCertificate(certificate.thumbprint, certificate.privateKey, (_a2 = configuration.auth.clientCertificate) == null ? void 0 : _a2.x5c);
|
|
14841
14834
|
}
|
|
14842
14835
|
}
|
|
14843
14836
|
};
|
|
@@ -15529,11 +15522,11 @@ var init_dist2 = __esm({
|
|
|
15529
15522
|
var require_package15 = __commonJS({
|
|
15530
15523
|
"../../node_modules/.store/is-docker-npm-2.2.1-3f18a53aff/package/index.js"(exports, module) {
|
|
15531
15524
|
"use strict";
|
|
15532
|
-
var
|
|
15525
|
+
var fs3 = __require("fs");
|
|
15533
15526
|
var isDocker;
|
|
15534
15527
|
function hasDockerEnv() {
|
|
15535
15528
|
try {
|
|
15536
|
-
|
|
15529
|
+
fs3.statSync("/.dockerenv");
|
|
15537
15530
|
return true;
|
|
15538
15531
|
} catch (_) {
|
|
15539
15532
|
return false;
|
|
@@ -15542,7 +15535,7 @@ var require_package15 = __commonJS({
|
|
|
15542
15535
|
__name(hasDockerEnv, "hasDockerEnv");
|
|
15543
15536
|
function hasDockerCGroup() {
|
|
15544
15537
|
try {
|
|
15545
|
-
return
|
|
15538
|
+
return fs3.readFileSync("/proc/self/cgroup", "utf8").includes("docker");
|
|
15546
15539
|
} catch (_) {
|
|
15547
15540
|
return false;
|
|
15548
15541
|
}
|
|
@@ -15562,7 +15555,7 @@ var require_package16 = __commonJS({
|
|
|
15562
15555
|
"../../node_modules/.store/is-wsl-npm-2.2.0-2ba10d6393/package/index.js"(exports, module) {
|
|
15563
15556
|
"use strict";
|
|
15564
15557
|
var os = __require("os");
|
|
15565
|
-
var
|
|
15558
|
+
var fs3 = __require("fs");
|
|
15566
15559
|
var isDocker = require_package15();
|
|
15567
15560
|
var isWsl = /* @__PURE__ */ __name(() => {
|
|
15568
15561
|
if (process.platform !== "linux") {
|
|
@@ -15575,7 +15568,7 @@ var require_package16 = __commonJS({
|
|
|
15575
15568
|
return true;
|
|
15576
15569
|
}
|
|
15577
15570
|
try {
|
|
15578
|
-
return
|
|
15571
|
+
return fs3.readFileSync("/proc/version", "utf8").toLowerCase().includes("microsoft") ? !isDocker() : false;
|
|
15579
15572
|
} catch (_) {
|
|
15580
15573
|
return false;
|
|
15581
15574
|
}
|
|
@@ -15614,17 +15607,17 @@ var require_package17 = __commonJS({
|
|
|
15614
15607
|
// ../../node_modules/.store/open-npm-8.4.2-1f763e8b75/package/index.js
|
|
15615
15608
|
var require_package18 = __commonJS({
|
|
15616
15609
|
"../../node_modules/.store/open-npm-8.4.2-1f763e8b75/package/index.js"(exports, module) {
|
|
15617
|
-
var
|
|
15610
|
+
var path5 = __require("path");
|
|
15618
15611
|
var childProcess = __require("child_process");
|
|
15619
|
-
var { promises:
|
|
15612
|
+
var { promises: fs3, constants: fsConstants } = __require("fs");
|
|
15620
15613
|
var isWsl = require_package16();
|
|
15621
15614
|
var isDocker = require_package15();
|
|
15622
15615
|
var defineLazyProperty = require_package17();
|
|
15623
|
-
var localXdgOpenPath =
|
|
15616
|
+
var localXdgOpenPath = path5.join(__dirname, "xdg-open");
|
|
15624
15617
|
var { platform, arch } = process;
|
|
15625
15618
|
var hasContainerEnv = /* @__PURE__ */ __name(() => {
|
|
15626
15619
|
try {
|
|
15627
|
-
|
|
15620
|
+
fs3.statSync("/run/.containerenv");
|
|
15628
15621
|
return true;
|
|
15629
15622
|
} catch {
|
|
15630
15623
|
return false;
|
|
@@ -15648,14 +15641,14 @@ var require_package18 = __commonJS({
|
|
|
15648
15641
|
const configFilePath = "/etc/wsl.conf";
|
|
15649
15642
|
let isConfigFileExists = false;
|
|
15650
15643
|
try {
|
|
15651
|
-
await
|
|
15644
|
+
await fs3.access(configFilePath, fsConstants.F_OK);
|
|
15652
15645
|
isConfigFileExists = true;
|
|
15653
15646
|
} catch {
|
|
15654
15647
|
}
|
|
15655
15648
|
if (!isConfigFileExists) {
|
|
15656
15649
|
return defaultMountPoint;
|
|
15657
15650
|
}
|
|
15658
|
-
const configContent = await
|
|
15651
|
+
const configContent = await fs3.readFile(configFilePath, { encoding: "utf8" });
|
|
15659
15652
|
const configMountPoint = /(?<!#.*)root\s*=\s*(?<mountPoint>.*)/g.exec(configContent);
|
|
15660
15653
|
if (!configMountPoint) {
|
|
15661
15654
|
return defaultMountPoint;
|
|
@@ -15755,7 +15748,7 @@ var require_package18 = __commonJS({
|
|
|
15755
15748
|
const isBundled = !__dirname || __dirname === "/";
|
|
15756
15749
|
let exeLocalXdgOpen = false;
|
|
15757
15750
|
try {
|
|
15758
|
-
await
|
|
15751
|
+
await fs3.access(localXdgOpenPath, fsConstants.X_OK);
|
|
15759
15752
|
exeLocalXdgOpen = true;
|
|
15760
15753
|
} catch {
|
|
15761
15754
|
}
|
|
@@ -15880,9 +15873,9 @@ var require_dist2 = __commonJS({
|
|
|
15880
15873
|
var coreRestPipeline = require_commonjs4();
|
|
15881
15874
|
var abortController = require_dist();
|
|
15882
15875
|
var coreTracing = require_commonjs3();
|
|
15883
|
-
var
|
|
15876
|
+
var fs3 = __require("fs");
|
|
15884
15877
|
var os = __require("os");
|
|
15885
|
-
var
|
|
15878
|
+
var path5 = __require("path");
|
|
15886
15879
|
var msalCommon = (init_dist2(), __toCommonJS(dist_exports));
|
|
15887
15880
|
var fs$1 = __require("node:fs");
|
|
15888
15881
|
var https2 = __require("https");
|
|
@@ -15899,9 +15892,9 @@ var require_dist2 = __commonJS({
|
|
|
15899
15892
|
var d = Object.getOwnPropertyDescriptor(e, k);
|
|
15900
15893
|
Object.defineProperty(n, k, d.get ? d : {
|
|
15901
15894
|
enumerable: true,
|
|
15902
|
-
get: function() {
|
|
15895
|
+
get: /* @__PURE__ */ __name(function() {
|
|
15903
15896
|
return e[k];
|
|
15904
|
-
}
|
|
15897
|
+
}, "get")
|
|
15905
15898
|
});
|
|
15906
15899
|
}
|
|
15907
15900
|
});
|
|
@@ -15946,11 +15939,11 @@ var require_dist2 = __commonJS({
|
|
|
15946
15939
|
}
|
|
15947
15940
|
};
|
|
15948
15941
|
function generatePluginConfiguration(options) {
|
|
15949
|
-
var
|
|
15942
|
+
var _a2, _b2, _c, _d, _e, _f, _g;
|
|
15950
15943
|
const config = {
|
|
15951
15944
|
cache: {},
|
|
15952
15945
|
broker: {
|
|
15953
|
-
isEnabled: (
|
|
15946
|
+
isEnabled: (_b2 = (_a2 = options.brokerOptions) === null || _a2 === void 0 ? void 0 : _a2.enabled) !== null && _b2 !== void 0 ? _b2 : false,
|
|
15954
15947
|
enableMsaPassthrough: (_d = (_c = options.brokerOptions) === null || _c === void 0 ? void 0 : _c.legacyEnableMsaPassthrough) !== null && _d !== void 0 ? _d : false,
|
|
15955
15948
|
parentWindowHandle: (_e = options.brokerOptions) === null || _e === void 0 ? void 0 : _e.parentWindowHandle
|
|
15956
15949
|
}
|
|
@@ -16133,14 +16126,14 @@ ${errorDetail}`);
|
|
|
16133
16126
|
}
|
|
16134
16127
|
__name(createConfigurationErrorMessage, "createConfigurationErrorMessage");
|
|
16135
16128
|
function processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds = [], logger2) {
|
|
16136
|
-
var
|
|
16129
|
+
var _a2;
|
|
16137
16130
|
let resolvedTenantId;
|
|
16138
16131
|
if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {
|
|
16139
16132
|
resolvedTenantId = tenantId;
|
|
16140
16133
|
} else if (tenantId === "adfs") {
|
|
16141
16134
|
resolvedTenantId = tenantId;
|
|
16142
16135
|
} else {
|
|
16143
|
-
resolvedTenantId = (
|
|
16136
|
+
resolvedTenantId = (_a2 = getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId) !== null && _a2 !== void 0 ? _a2 : tenantId;
|
|
16144
16137
|
}
|
|
16145
16138
|
if (tenantId && resolvedTenantId !== tenantId && !additionallyAllowedTenantIds.includes("*") && !additionallyAllowedTenantIds.some((t) => t.localeCompare(resolvedTenantId) === 0)) {
|
|
16146
16139
|
const message = createConfigurationErrorMessage(tenantId);
|
|
@@ -16248,9 +16241,9 @@ ${errorDetail}`);
|
|
|
16248
16241
|
__name(getIdentityClientAuthorityHost, "getIdentityClientAuthorityHost");
|
|
16249
16242
|
var _IdentityClient = class _IdentityClient extends coreClient.ServiceClient {
|
|
16250
16243
|
constructor(options) {
|
|
16251
|
-
var
|
|
16244
|
+
var _a2, _b2;
|
|
16252
16245
|
const packageDetails = `azsdk-js-identity/${SDK_VERSION}`;
|
|
16253
|
-
const userAgentPrefix = ((
|
|
16246
|
+
const userAgentPrefix = ((_a2 = options === null || options === void 0 ? void 0 : options.userAgentOptions) === null || _a2 === void 0 ? void 0 : _a2.userAgentPrefix) ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}` : `${packageDetails}`;
|
|
16254
16247
|
const baseUri = getIdentityClientAuthorityHost(options);
|
|
16255
16248
|
if (!baseUri.startsWith("https:")) {
|
|
16256
16249
|
throw new Error("The authorityHost address must use the 'https' protocol.");
|
|
@@ -16262,7 +16255,7 @@ ${errorDetail}`);
|
|
|
16262
16255
|
}, baseUri }));
|
|
16263
16256
|
this.authorityHost = baseUri;
|
|
16264
16257
|
this.abortControllers = /* @__PURE__ */ new Map();
|
|
16265
|
-
this.allowLoggingAccountIdentifiers = (
|
|
16258
|
+
this.allowLoggingAccountIdentifiers = (_b2 = options === null || options === void 0 ? void 0 : options.loggingOptions) === null || _b2 === void 0 ? void 0 : _b2.allowLoggingAccountIdentifiers;
|
|
16266
16259
|
this.tokenCredentialOptions = Object.assign({}, options);
|
|
16267
16260
|
}
|
|
16268
16261
|
async sendTokenRequest(request) {
|
|
@@ -16364,8 +16357,8 @@ ${errorDetail}`);
|
|
|
16364
16357
|
this.abortControllers.set(key, void 0);
|
|
16365
16358
|
}
|
|
16366
16359
|
getCorrelationId(options) {
|
|
16367
|
-
var
|
|
16368
|
-
const parameter = (
|
|
16360
|
+
var _a2;
|
|
16361
|
+
const parameter = (_a2 = options === null || options === void 0 ? void 0 : options.body) === null || _a2 === void 0 ? void 0 : _a2.split("&").map((part) => part.split("=")).find(([key]) => key === "client-request-id");
|
|
16369
16362
|
return parameter && parameter.length ? parameter[1] || noCorrelationId : noCorrelationId;
|
|
16370
16363
|
}
|
|
16371
16364
|
// The MSAL network module methods follow
|
|
@@ -16472,8 +16465,8 @@ ${errorDetail}`);
|
|
|
16472
16465
|
const vsCodeFolder = "Code";
|
|
16473
16466
|
const homedir = os.homedir();
|
|
16474
16467
|
function loadProperty(...pathSegments) {
|
|
16475
|
-
const fullPath =
|
|
16476
|
-
const settings = JSON.parse(
|
|
16468
|
+
const fullPath = path5.join(...pathSegments, vsCodeFolder, ...settingsPath);
|
|
16469
|
+
const settings = JSON.parse(fs3.readFileSync(fullPath, { encoding: "utf8" }));
|
|
16477
16470
|
return settings[property];
|
|
16478
16471
|
}
|
|
16479
16472
|
__name(loadProperty, "loadProperty");
|
|
@@ -16548,7 +16541,7 @@ ${errorDetail}`);
|
|
|
16548
16541
|
* `TokenCredential` implementation might make.
|
|
16549
16542
|
*/
|
|
16550
16543
|
async getToken(scopes, options) {
|
|
16551
|
-
var
|
|
16544
|
+
var _a2, _b2;
|
|
16552
16545
|
await this.prepareOnce();
|
|
16553
16546
|
const tenantId = processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds, logger$o) || this.tenantId;
|
|
16554
16547
|
if (findCredentials === void 0) {
|
|
@@ -16570,7 +16563,7 @@ ${errorDetail}`);
|
|
|
16570
16563
|
scopeString += " offline_access";
|
|
16571
16564
|
}
|
|
16572
16565
|
const credentials = await findCredentials();
|
|
16573
|
-
const { password: refreshToken } = (
|
|
16566
|
+
const { password: refreshToken } = (_b2 = (_a2 = credentials.find(({ account }) => account === this.cloudName)) !== null && _a2 !== void 0 ? _a2 : credentials[0]) !== null && _b2 !== void 0 ? _b2 : {};
|
|
16574
16567
|
if (refreshToken) {
|
|
16575
16568
|
const tokenResponse = await this.identityClient.refreshAccessToken(tenantId, AzureAccountClientId, scopeString, refreshToken, void 0);
|
|
16576
16569
|
if (tokenResponse) {
|
|
@@ -16814,7 +16807,7 @@ ${errorDetail}`);
|
|
|
16814
16807
|
return result;
|
|
16815
16808
|
},
|
|
16816
16809
|
async getToken(configuration, getTokenOptions = {}) {
|
|
16817
|
-
var
|
|
16810
|
+
var _a2;
|
|
16818
16811
|
const { identityClient, scopes, clientId, resourceId } = configuration;
|
|
16819
16812
|
if (clientId) {
|
|
16820
16813
|
logger$l.warning(`${msiName$4}: user-assigned identities not supported. The argument clientId might be ignored by the service.`);
|
|
@@ -16827,7 +16820,7 @@ ${errorDetail}`);
|
|
|
16827
16820
|
const filePath = await filePathRequest(identityClient, requestOptions);
|
|
16828
16821
|
validateKeyFile(filePath);
|
|
16829
16822
|
const key = await fs$1.promises.readFile(filePath, { encoding: "utf-8" });
|
|
16830
|
-
(
|
|
16823
|
+
(_a2 = requestOptions.headers) === null || _a2 === void 0 ? void 0 : _a2.set("Authorization", `Basic ${key}`);
|
|
16831
16824
|
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({}, requestOptions), {
|
|
16832
16825
|
// Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
|
|
16833
16826
|
allowInsecureConnection: true
|
|
@@ -17112,7 +17105,7 @@ ${errorDetail}`);
|
|
|
17112
17105
|
var msiName$1 = "ManagedIdentityCredential - IMDS";
|
|
17113
17106
|
var logger$h = credentialLogger(msiName$1);
|
|
17114
17107
|
function prepareRequestOptions(scopes, clientId, resourceId, options) {
|
|
17115
|
-
var
|
|
17108
|
+
var _a2;
|
|
17116
17109
|
const resource = mapScopesToResource(scopes);
|
|
17117
17110
|
if (!resource) {
|
|
17118
17111
|
throw new Error(`${msiName$1}: Multiple scopes are not supported.`);
|
|
@@ -17133,7 +17126,7 @@ ${errorDetail}`);
|
|
|
17133
17126
|
const params = new URLSearchParams(queryParameters);
|
|
17134
17127
|
query = `?${params.toString()}`;
|
|
17135
17128
|
}
|
|
17136
|
-
const url = new URL(imdsEndpointPath, (
|
|
17129
|
+
const url = new URL(imdsEndpointPath, (_a2 = process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST) !== null && _a2 !== void 0 ? _a2 : imdsHost);
|
|
17137
17130
|
const rawHeaders = {
|
|
17138
17131
|
Accept: "application/json",
|
|
17139
17132
|
Metadata: "true"
|
|
@@ -17168,10 +17161,10 @@ ${errorDetail}`);
|
|
|
17168
17161
|
skipQuery: true
|
|
17169
17162
|
});
|
|
17170
17163
|
return tracingClient.withSpan("ManagedIdentityCredential-pingImdsEndpoint", getTokenOptions, async (options) => {
|
|
17171
|
-
var
|
|
17164
|
+
var _a2, _b2;
|
|
17172
17165
|
requestOptions.tracingOptions = options.tracingOptions;
|
|
17173
17166
|
const request = coreRestPipeline.createPipelineRequest(requestOptions);
|
|
17174
|
-
request.timeout = ((
|
|
17167
|
+
request.timeout = ((_a2 = options.requestOptions) === null || _a2 === void 0 ? void 0 : _a2.timeout) || 1e3;
|
|
17175
17168
|
request.allowInsecureConnection = true;
|
|
17176
17169
|
let response;
|
|
17177
17170
|
try {
|
|
@@ -17185,7 +17178,7 @@ ${errorDetail}`);
|
|
|
17185
17178
|
return false;
|
|
17186
17179
|
}
|
|
17187
17180
|
if (response.status === 403) {
|
|
17188
|
-
if ((
|
|
17181
|
+
if ((_b2 = response.bodyAsText) === null || _b2 === void 0 ? void 0 : _b2.includes("unreachable")) {
|
|
17189
17182
|
logger$h.info(`${msiName$1}: The Azure IMDS endpoint is unavailable`);
|
|
17190
17183
|
logger$h.info(`${msiName$1}: ${response.bodyAsText}`);
|
|
17191
17184
|
return false;
|
|
@@ -17277,9 +17270,9 @@ ${errorDetail}`);
|
|
|
17277
17270
|
RegionalAuthority2["GovernmentUSDodCentral"] = "usdodcentral";
|
|
17278
17271
|
})(RegionalAuthority || (RegionalAuthority = {}));
|
|
17279
17272
|
function calculateRegionalAuthority(regionalAuthority) {
|
|
17280
|
-
var
|
|
17273
|
+
var _a2, _b2;
|
|
17281
17274
|
let azureRegion = regionalAuthority;
|
|
17282
|
-
if (azureRegion === void 0 && ((
|
|
17275
|
+
if (azureRegion === void 0 && ((_b2 = (_a2 = globalThis.process) === null || _a2 === void 0 ? void 0 : _a2.env) === null || _b2 === void 0 ? void 0 : _b2.AZURE_REGIONAL_AUTHORITY_NAME) !== void 0) {
|
|
17283
17276
|
azureRegion = process.env.AZURE_REGIONAL_AUTHORITY_NAME;
|
|
17284
17277
|
}
|
|
17285
17278
|
if (azureRegion === RegionalAuthority.AutoDiscoverRegion) {
|
|
@@ -17290,9 +17283,9 @@ ${errorDetail}`);
|
|
|
17290
17283
|
__name(calculateRegionalAuthority, "calculateRegionalAuthority");
|
|
17291
17284
|
var msalLogger = credentialLogger("MsalClient");
|
|
17292
17285
|
function generateMsalConfiguration(clientId, tenantId, msalClientOptions = {}) {
|
|
17293
|
-
var
|
|
17286
|
+
var _a2, _b2, _c;
|
|
17294
17287
|
const resolvedTenant = resolveTenantId(msalLogger, tenantId, clientId);
|
|
17295
|
-
const authority = getAuthority(resolvedTenant, (
|
|
17288
|
+
const authority = getAuthority(resolvedTenant, (_a2 = msalClientOptions.authorityHost) !== null && _a2 !== void 0 ? _a2 : process.env.AZURE_AUTHORITY_HOST);
|
|
17296
17289
|
const httpClient = new IdentityClient(Object.assign(Object.assign({}, msalClientOptions.tokenCredentialOptions), { authorityHost: authority, loggingOptions: msalClientOptions.loggingOptions }));
|
|
17297
17290
|
const msalConfig = {
|
|
17298
17291
|
auth: {
|
|
@@ -17303,7 +17296,7 @@ ${errorDetail}`);
|
|
|
17303
17296
|
system: {
|
|
17304
17297
|
networkClient: httpClient,
|
|
17305
17298
|
loggerOptions: {
|
|
17306
|
-
loggerCallback: defaultLoggerCallback((
|
|
17299
|
+
loggerCallback: defaultLoggerCallback((_b2 = msalClientOptions.logger) !== null && _b2 !== void 0 ? _b2 : msalLogger),
|
|
17307
17300
|
logLevel: getMSALLogLevel(logger$q.getLogLevel()),
|
|
17308
17301
|
piiLoggingEnabled: (_c = msalClientOptions.loggingOptions) === null || _c === void 0 ? void 0 : _c.enableUnsafeSupportLogging
|
|
17309
17302
|
}
|
|
@@ -17371,7 +17364,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
17371
17364
|
}
|
|
17372
17365
|
__name(getTokenSilent, "getTokenSilent");
|
|
17373
17366
|
async function withSilentAuthentication(msalApp, scopes, options, onAuthenticationRequired) {
|
|
17374
|
-
var
|
|
17367
|
+
var _a2;
|
|
17375
17368
|
let response = null;
|
|
17376
17369
|
try {
|
|
17377
17370
|
response = await getTokenSilent(msalApp, scopes, options);
|
|
@@ -17395,7 +17388,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
17395
17388
|
}
|
|
17396
17389
|
}
|
|
17397
17390
|
ensureValidMsalToken(scopes, response, options);
|
|
17398
|
-
state.cachedAccount = (
|
|
17391
|
+
state.cachedAccount = (_a2 = response === null || response === void 0 ? void 0 : response.account) !== null && _a2 !== void 0 ? _a2 : null;
|
|
17399
17392
|
msalLogger.getToken.info(formatSuccess(scopes));
|
|
17400
17393
|
return {
|
|
17401
17394
|
token: response.accessToken,
|
|
@@ -17591,7 +17584,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
17591
17584
|
* @hidden
|
|
17592
17585
|
*/
|
|
17593
17586
|
constructor(clientIdOrOptions, options) {
|
|
17594
|
-
var
|
|
17587
|
+
var _a2, _b2;
|
|
17595
17588
|
this.isEndpointUnavailable = null;
|
|
17596
17589
|
this.isAppTokenProviderInitialized = false;
|
|
17597
17590
|
this.msiRetryConfig = {
|
|
@@ -17611,7 +17604,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
17611
17604
|
if (this.clientId && this.resourceId) {
|
|
17612
17605
|
throw new Error(`${_ManagedIdentityCredential.name} - Client Id and Resource Id can't be provided at the same time.`);
|
|
17613
17606
|
}
|
|
17614
|
-
if (((
|
|
17607
|
+
if (((_a2 = _options === null || _options === void 0 ? void 0 : _options.retryOptions) === null || _a2 === void 0 ? void 0 : _a2.maxRetries) !== void 0) {
|
|
17615
17608
|
this.msiRetryConfig.maxRetries = _options.retryOptions.maxRetries;
|
|
17616
17609
|
}
|
|
17617
17610
|
this.identityClient = new IdentityClient(_options);
|
|
@@ -17621,7 +17614,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
17621
17614
|
this.confidentialApp = new msalCommon.ConfidentialClientApplication({
|
|
17622
17615
|
auth: {
|
|
17623
17616
|
authority: "https://login.microsoftonline.com/managed_identity",
|
|
17624
|
-
clientId: (
|
|
17617
|
+
clientId: (_b2 = this.clientId) !== null && _b2 !== void 0 ? _b2 : DeveloperSignOnClientId,
|
|
17625
17618
|
clientSecret: "dummy-secret",
|
|
17626
17619
|
cloudDiscoveryMetadata: '{"tenant_discovery_endpoint":"https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration","api-version":"1.1","metadata":[{"preferred_network":"login.microsoftonline.com","preferred_cache":"login.windows.net","aliases":["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{"preferred_network":"login.partner.microsoftonline.cn","preferred_cache":"login.partner.microsoftonline.cn","aliases":["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{"preferred_network":"login.microsoftonline.de","preferred_cache":"login.microsoftonline.de","aliases":["login.microsoftonline.de"]},{"preferred_network":"login.microsoftonline.us","preferred_cache":"login.microsoftonline.us","aliases":["login.microsoftonline.us","login.usgovcloudapi.net"]},{"preferred_network":"login-us.microsoftonline.com","preferred_cache":"login-us.microsoftonline.com","aliases":["login-us.microsoftonline.com"]}]}',
|
|
17627
17620
|
authorityMetadata: '{"token_endpoint":"https://login.microsoftonline.com/common/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/common/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/{tenantid}/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/common/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/common/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/common/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/common/kerberos","tenant_region_scope":null,"cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}',
|
|
@@ -17919,13 +17912,13 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
17919
17912
|
const scope = typeof scopes === "string" ? scopes : scopes[0];
|
|
17920
17913
|
logger$c.getToken.info(`Using the scope ${scope}`);
|
|
17921
17914
|
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
|
|
17922
|
-
var
|
|
17915
|
+
var _a2, _b2, _c, _d;
|
|
17923
17916
|
try {
|
|
17924
17917
|
ensureValidScopeForDevTimeCreds(scope, logger$c);
|
|
17925
17918
|
const resource = getScopeResource(scope);
|
|
17926
17919
|
const obj = await cliCredentialInternals.getAzureCliAccessToken(resource, tenantId, this.timeout);
|
|
17927
|
-
const specificScope = (
|
|
17928
|
-
const isLoginError2 = ((
|
|
17920
|
+
const specificScope = (_a2 = obj.stderr) === null || _a2 === void 0 ? void 0 : _a2.match("(.*)az login --scope(.*)");
|
|
17921
|
+
const isLoginError2 = ((_b2 = obj.stderr) === null || _b2 === void 0 ? void 0 : _b2.match("(.*)az login(.*)")) && !specificScope;
|
|
17929
17922
|
const isNotInstallError = ((_c = obj.stderr) === null || _c === void 0 ? void 0 : _c.match("az:(.*)not found")) || ((_d = obj.stderr) === null || _d === void 0 ? void 0 : _d.startsWith("'az' is not recognized"));
|
|
17930
17923
|
if (isNotInstallError) {
|
|
17931
17924
|
const error = new CredentialUnavailableError("Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.");
|
|
@@ -18072,13 +18065,13 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
18072
18065
|
}
|
|
18073
18066
|
logger$b.getToken.info(`Using the scopes ${scopes}`);
|
|
18074
18067
|
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
|
|
18075
|
-
var
|
|
18068
|
+
var _a2, _b2, _c, _d;
|
|
18076
18069
|
try {
|
|
18077
18070
|
scopeList.forEach((scope) => {
|
|
18078
18071
|
ensureValidScopeForDevTimeCreds(scope, logger$b);
|
|
18079
18072
|
});
|
|
18080
18073
|
const obj = await developerCliCredentialInternals.getAzdAccessToken(scopeList, tenantId, this.timeout);
|
|
18081
|
-
const isNotLoggedInError = ((
|
|
18074
|
+
const isNotLoggedInError = ((_a2 = obj.stderr) === null || _a2 === void 0 ? void 0 : _a2.match("not logged in, run `azd login` to login")) || ((_b2 = obj.stderr) === null || _b2 === void 0 ? void 0 : _b2.match("not logged in, run `azd auth login` to login"));
|
|
18082
18075
|
const isNotInstallError = ((_c = obj.stderr) === null || _c === void 0 ? void 0 : _c.match("azd:(.*)not found")) || ((_d = obj.stderr) === null || _d === void 0 ? void 0 : _d.startsWith("'azd' is not recognized"));
|
|
18083
18076
|
if (isNotInstallError || obj.error && obj.error.code === "ENOENT") {
|
|
18084
18077
|
const error = new CredentialUnavailableError("Azure Developer CLI couldn't be found. To mitigate this issue, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.");
|
|
@@ -18474,19 +18467,19 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
18474
18467
|
var ClientSecretCredential = _ClientSecretCredential;
|
|
18475
18468
|
var _MsalNode = class _MsalNode {
|
|
18476
18469
|
constructor(options) {
|
|
18477
|
-
var
|
|
18470
|
+
var _a2, _b2, _c, _d, _e, _f;
|
|
18478
18471
|
this.app = {};
|
|
18479
18472
|
this.caeApp = {};
|
|
18480
18473
|
this.requiresConfidential = false;
|
|
18481
18474
|
this.logger = options.logger;
|
|
18482
18475
|
this.msalConfig = this.defaultNodeMsalConfig(options);
|
|
18483
18476
|
this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);
|
|
18484
|
-
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds((
|
|
18477
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds((_a2 = options === null || options === void 0 ? void 0 : options.tokenCredentialOptions) === null || _a2 === void 0 ? void 0 : _a2.additionallyAllowedTenants);
|
|
18485
18478
|
this.clientId = this.msalConfig.auth.clientId;
|
|
18486
18479
|
if (options === null || options === void 0 ? void 0 : options.getAssertion) {
|
|
18487
18480
|
this.getAssertion = options.getAssertion;
|
|
18488
18481
|
}
|
|
18489
|
-
this.enableBroker = (
|
|
18482
|
+
this.enableBroker = (_b2 = options === null || options === void 0 ? void 0 : options.brokerOptions) === null || _b2 === void 0 ? void 0 : _b2.enabled;
|
|
18490
18483
|
this.enableMsaPassthrough = (_c = options === null || options === void 0 ? void 0 : options.brokerOptions) === null || _c === void 0 ? void 0 : _c.legacyEnableMsaPassthrough;
|
|
18491
18484
|
this.parentWindowHandle = (_d = options.brokerOptions) === null || _d === void 0 ? void 0 : _d.parentWindowHandle;
|
|
18492
18485
|
if (persistenceProvider !== void 0 && ((_e = options.tokenCachePersistenceOptions) === null || _e === void 0 ? void 0 : _e.enabled)) {
|
|
@@ -18517,7 +18510,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
18517
18510
|
* Generates a MSAL configuration that generally works for Node.js
|
|
18518
18511
|
*/
|
|
18519
18512
|
defaultNodeMsalConfig(options) {
|
|
18520
|
-
var
|
|
18513
|
+
var _a2;
|
|
18521
18514
|
const clientId = options.clientId || DeveloperSignOnClientId;
|
|
18522
18515
|
const tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);
|
|
18523
18516
|
this.authorityHost = options.authorityHost || process.env.AZURE_AUTHORITY_HOST;
|
|
@@ -18537,7 +18530,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
18537
18530
|
loggerOptions: {
|
|
18538
18531
|
loggerCallback: defaultLoggerCallback(options.logger),
|
|
18539
18532
|
logLevel: getMSALLogLevel(logger$q.getLogLevel()),
|
|
18540
|
-
piiLoggingEnabled: (
|
|
18533
|
+
piiLoggingEnabled: (_a2 = options.loggingOptions) === null || _a2 === void 0 ? void 0 : _a2.enableUnsafeSupportLogging
|
|
18541
18534
|
}
|
|
18542
18535
|
}
|
|
18543
18536
|
};
|
|
@@ -18651,7 +18644,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
18651
18644
|
* Attempts to retrieve a token from cache.
|
|
18652
18645
|
*/
|
|
18653
18646
|
async getTokenSilent(scopes, options) {
|
|
18654
|
-
var
|
|
18647
|
+
var _a2, _b2, _c;
|
|
18655
18648
|
await this.getActiveAccount(options === null || options === void 0 ? void 0 : options.enableCae);
|
|
18656
18649
|
if (!this.account) {
|
|
18657
18650
|
throw new AuthenticationRequiredError({
|
|
@@ -18681,8 +18674,8 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
18681
18674
|
}
|
|
18682
18675
|
try {
|
|
18683
18676
|
this.logger.info("Attempting to acquire token silently");
|
|
18684
|
-
await ((
|
|
18685
|
-
const response = (_c = await ((
|
|
18677
|
+
await ((_a2 = this.getApp("publicFirst", options === null || options === void 0 ? void 0 : options.enableCae)) === null || _a2 === void 0 ? void 0 : _a2.getTokenCache().getAllAccounts());
|
|
18678
|
+
const response = (_c = await ((_b2 = this.getApp("confidential", options === null || options === void 0 ? void 0 : options.enableCae)) === null || _b2 === void 0 ? void 0 : _b2.acquireTokenSilent(silentRequest))) !== null && _c !== void 0 ? _c : await this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenSilent(silentRequest);
|
|
18686
18679
|
return this.handleResult(scopes, response || void 0);
|
|
18687
18680
|
} catch (err) {
|
|
18688
18681
|
throw handleMsalError(scopes, err, options);
|
|
@@ -18826,8 +18819,8 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
18826
18819
|
"AZURE_ADDITIONALLY_ALLOWED_TENANTS"
|
|
18827
18820
|
];
|
|
18828
18821
|
function getAdditionallyAllowedTenants() {
|
|
18829
|
-
var
|
|
18830
|
-
const additionallyAllowedValues = (
|
|
18822
|
+
var _a2;
|
|
18823
|
+
const additionallyAllowedValues = (_a2 = process.env.AZURE_ADDITIONALLY_ALLOWED_TENANTS) !== null && _a2 !== void 0 ? _a2 : "";
|
|
18831
18824
|
return additionallyAllowedValues.split(";");
|
|
18832
18825
|
}
|
|
18833
18826
|
__name(getAdditionallyAllowedTenants, "getAdditionallyAllowedTenants");
|
|
@@ -18917,12 +18910,12 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
18917
18910
|
var EnvironmentCredential = _EnvironmentCredential;
|
|
18918
18911
|
var logger$4 = credentialLogger("DefaultAzureCredential");
|
|
18919
18912
|
function createDefaultManagedIdentityCredential(options = {}) {
|
|
18920
|
-
var
|
|
18921
|
-
(
|
|
18913
|
+
var _a2, _b2, _c, _d;
|
|
18914
|
+
(_a2 = options.retryOptions) !== null && _a2 !== void 0 ? _a2 : options.retryOptions = {
|
|
18922
18915
|
maxRetries: 5,
|
|
18923
18916
|
retryDelayInMs: 800
|
|
18924
18917
|
};
|
|
18925
|
-
const managedIdentityClientId = (
|
|
18918
|
+
const managedIdentityClientId = (_b2 = options === null || options === void 0 ? void 0 : options.managedIdentityClientId) !== null && _b2 !== void 0 ? _b2 : process.env.AZURE_CLIENT_ID;
|
|
18926
18919
|
const workloadIdentityClientId = (_c = options === null || options === void 0 ? void 0 : options.workloadIdentityClientId) !== null && _c !== void 0 ? _c : managedIdentityClientId;
|
|
18927
18920
|
const managedResourceId = options === null || options === void 0 ? void 0 : options.managedIdentityResourceId;
|
|
18928
18921
|
const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;
|
|
@@ -18943,9 +18936,9 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
18943
18936
|
}
|
|
18944
18937
|
__name(createDefaultManagedIdentityCredential, "createDefaultManagedIdentityCredential");
|
|
18945
18938
|
function createDefaultWorkloadIdentityCredential(options) {
|
|
18946
|
-
var
|
|
18947
|
-
const managedIdentityClientId = (
|
|
18948
|
-
const workloadIdentityClientId = (
|
|
18939
|
+
var _a2, _b2, _c;
|
|
18940
|
+
const managedIdentityClientId = (_a2 = options === null || options === void 0 ? void 0 : options.managedIdentityClientId) !== null && _a2 !== void 0 ? _a2 : process.env.AZURE_CLIENT_ID;
|
|
18941
|
+
const workloadIdentityClientId = (_b2 = options === null || options === void 0 ? void 0 : options.workloadIdentityClientId) !== null && _b2 !== void 0 ? _b2 : managedIdentityClientId;
|
|
18949
18942
|
const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;
|
|
18950
18943
|
const tenantId = (_c = options === null || options === void 0 ? void 0 : options.tenantId) !== null && _c !== void 0 ? _c : process.env.AZURE_TENANT_ID;
|
|
18951
18944
|
if (workloadFile && workloadIdentityClientId) {
|
|
@@ -19018,21 +19011,21 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
19018
19011
|
};
|
|
19019
19012
|
var _MsalOpenBrowser = class _MsalOpenBrowser extends MsalNode {
|
|
19020
19013
|
constructor(options) {
|
|
19021
|
-
var
|
|
19014
|
+
var _a2, _b2, _c, _d;
|
|
19022
19015
|
super(options);
|
|
19023
19016
|
this.loginHint = options.loginHint;
|
|
19024
|
-
this.errorTemplate = (
|
|
19025
|
-
this.successTemplate = (
|
|
19017
|
+
this.errorTemplate = (_a2 = options.browserCustomizationOptions) === null || _a2 === void 0 ? void 0 : _a2.errorMessage;
|
|
19018
|
+
this.successTemplate = (_b2 = options.browserCustomizationOptions) === null || _b2 === void 0 ? void 0 : _b2.successMessage;
|
|
19026
19019
|
this.logger = credentialLogger("Node.js MSAL Open Browser");
|
|
19027
19020
|
this.useDefaultBrokerAccount = ((_c = options.brokerOptions) === null || _c === void 0 ? void 0 : _c.enabled) && ((_d = options.brokerOptions) === null || _d === void 0 ? void 0 : _d.useDefaultBrokerAccount);
|
|
19028
19021
|
}
|
|
19029
19022
|
async doGetToken(scopes, options = {}) {
|
|
19030
19023
|
try {
|
|
19031
19024
|
const interactiveRequest = {
|
|
19032
|
-
openBrowser: async (url) => {
|
|
19025
|
+
openBrowser: /* @__PURE__ */ __name(async (url) => {
|
|
19033
19026
|
this.logger.verbose(`Opening browser to ${url}`);
|
|
19034
19027
|
await interactiveBrowserMockable.open(url, { wait: true, newInstance: true });
|
|
19035
|
-
},
|
|
19028
|
+
}, "openBrowser"),
|
|
19036
19029
|
scopes,
|
|
19037
19030
|
authority: options === null || options === void 0 ? void 0 : options.authority,
|
|
19038
19031
|
claims: options === null || options === void 0 ? void 0 : options.claims,
|
|
@@ -19063,7 +19056,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
19063
19056
|
* If the default broker account is not available, the method will fall back to interactive authentication.
|
|
19064
19057
|
*/
|
|
19065
19058
|
async doGetBrokeredToken(scopes, interactiveRequest, options) {
|
|
19066
|
-
var
|
|
19059
|
+
var _a2;
|
|
19067
19060
|
this.logger.verbose("Authentication will resume through the broker");
|
|
19068
19061
|
if (this.parentWindowHandle) {
|
|
19069
19062
|
interactiveRequest.windowHandle = Buffer.from(this.parentWindowHandle);
|
|
@@ -19071,7 +19064,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
19071
19064
|
this.logger.warning("Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.");
|
|
19072
19065
|
}
|
|
19073
19066
|
if (this.enableMsaPassthrough) {
|
|
19074
|
-
((
|
|
19067
|
+
((_a2 = interactiveRequest.tokenQueryParameters) !== null && _a2 !== void 0 ? _a2 : interactiveRequest.tokenQueryParameters = {})["msal_request_type"] = "consumer_passthrough";
|
|
19075
19068
|
}
|
|
19076
19069
|
if (options.useDefaultBrokerAccount) {
|
|
19077
19070
|
interactiveRequest.prompt = "none";
|
|
@@ -19116,13 +19109,13 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
19116
19109
|
* @param options - Options for configuring the client which makes the authentication requests.
|
|
19117
19110
|
*/
|
|
19118
19111
|
constructor(options) {
|
|
19119
|
-
var
|
|
19112
|
+
var _a2, _b2, _c, _d;
|
|
19120
19113
|
const redirectUri = typeof options.redirectUri === "function" ? options.redirectUri() : options.redirectUri || "http://localhost";
|
|
19121
19114
|
this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
|
|
19122
19115
|
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
|
19123
19116
|
const ibcNodeOptions = options;
|
|
19124
|
-
if ((
|
|
19125
|
-
if (!((
|
|
19117
|
+
if ((_a2 = ibcNodeOptions === null || ibcNodeOptions === void 0 ? void 0 : ibcNodeOptions.brokerOptions) === null || _a2 === void 0 ? void 0 : _a2.enabled) {
|
|
19118
|
+
if (!((_b2 = ibcNodeOptions === null || ibcNodeOptions === void 0 ? void 0 : ibcNodeOptions.brokerOptions) === null || _b2 === void 0 ? void 0 : _b2.parentWindowHandle)) {
|
|
19126
19119
|
throw new Error("In order to do WAM authentication, `parentWindowHandle` under `brokerOptions` is a required parameter");
|
|
19127
19120
|
} else {
|
|
19128
19121
|
this.msalFlow = new MsalOpenBrowser(Object.assign(Object.assign({}, options), {
|
|
@@ -19372,7 +19365,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
19372
19365
|
};
|
|
19373
19366
|
__name(_AuthorizationCodeCredential, "AuthorizationCodeCredential");
|
|
19374
19367
|
var AuthorizationCodeCredential = _AuthorizationCodeCredential;
|
|
19375
|
-
var readFileAsync = util.promisify(
|
|
19368
|
+
var readFileAsync = util.promisify(fs3.readFile);
|
|
19376
19369
|
async function parseCertificate(configuration, sendCertificateChain) {
|
|
19377
19370
|
const certificateParts = {};
|
|
19378
19371
|
const certificate = configuration.certificate;
|
|
@@ -19480,19 +19473,19 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
19480
19473
|
const pipeline = coreRestPipeline.createEmptyPipeline();
|
|
19481
19474
|
pipeline.addPolicy(coreRestPipeline.bearerTokenAuthenticationPolicy({ credential, scopes }));
|
|
19482
19475
|
async function getRefreshedToken() {
|
|
19483
|
-
var
|
|
19476
|
+
var _a2;
|
|
19484
19477
|
const res = await pipeline.sendRequest({
|
|
19485
|
-
sendRequest: (request) => Promise.resolve({
|
|
19478
|
+
sendRequest: /* @__PURE__ */ __name((request) => Promise.resolve({
|
|
19486
19479
|
request,
|
|
19487
19480
|
status: 200,
|
|
19488
19481
|
headers: request.headers
|
|
19489
|
-
})
|
|
19482
|
+
}), "sendRequest")
|
|
19490
19483
|
}, coreRestPipeline.createPipelineRequest({
|
|
19491
19484
|
url: "https://example.com",
|
|
19492
19485
|
abortSignal,
|
|
19493
19486
|
tracingOptions
|
|
19494
19487
|
}));
|
|
19495
|
-
const accessToken = (
|
|
19488
|
+
const accessToken = (_a2 = res.headers.get("authorization")) === null || _a2 === void 0 ? void 0 : _a2.split(" ")[1];
|
|
19496
19489
|
if (!accessToken) {
|
|
19497
19490
|
throw new Error("Failed to get access token");
|
|
19498
19491
|
}
|
|
@@ -19539,141 +19532,629 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
19539
19532
|
}
|
|
19540
19533
|
});
|
|
19541
19534
|
|
|
19542
|
-
//
|
|
19543
|
-
var
|
|
19544
|
-
|
|
19545
|
-
|
|
19546
|
-
|
|
19547
|
-
|
|
19548
|
-
|
|
19549
|
-
|
|
19550
|
-
|
|
19551
|
-
|
|
19552
|
-
|
|
19553
|
-
|
|
19554
|
-
|
|
19555
|
-
|
|
19556
|
-
|
|
19557
|
-
|
|
19558
|
-
|
|
19559
|
-
|
|
19560
|
-
|
|
19561
|
-
|
|
19562
|
-
|
|
19563
|
-
|
|
19535
|
+
// src/authentication/getCredential.ts
|
|
19536
|
+
var import_identity3 = __toESM(require_dist2(), 1);
|
|
19537
|
+
|
|
19538
|
+
// src/authentication/forks/identity-cache-persistence/platforms.ts
|
|
19539
|
+
import * as path2 from "path";
|
|
19540
|
+
|
|
19541
|
+
// src/authentication/forks/msal-node-extensions/persistence/NapiRsKeyRingPersistence.ts
|
|
19542
|
+
import { Entry } from "@napi-rs/keyring";
|
|
19543
|
+
import { dirname as dirname2 } from "path";
|
|
19544
|
+
|
|
19545
|
+
// src/authentication/forks/msal-node-extensions/utils/TypeGuards.ts
|
|
19546
|
+
var isNodeError = /* @__PURE__ */ __name((error) => {
|
|
19547
|
+
return !!error && typeof error === "object" && "code" in error;
|
|
19548
|
+
}, "isNodeError");
|
|
19549
|
+
|
|
19550
|
+
// src/authentication/forks/msal-node-extensions/error/PersistenceError.ts
|
|
19551
|
+
var _PersistenceError = class _PersistenceError extends Error {
|
|
19552
|
+
constructor(errorCode, errorMessage) {
|
|
19553
|
+
const errorString = errorMessage ? `${errorCode}: ${errorMessage}` : errorCode;
|
|
19554
|
+
super(errorString);
|
|
19555
|
+
Object.setPrototypeOf(this, _PersistenceError.prototype);
|
|
19556
|
+
this.errorCode = errorCode;
|
|
19557
|
+
this.errorMessage = errorMessage;
|
|
19558
|
+
this.name = "PersistenceError";
|
|
19559
|
+
}
|
|
19560
|
+
/**
|
|
19561
|
+
* Error thrown when trying to access the file system.
|
|
19562
|
+
*/
|
|
19563
|
+
static createFileSystemError(errorCode, errorMessage) {
|
|
19564
|
+
return new _PersistenceError(errorCode, errorMessage);
|
|
19565
|
+
}
|
|
19566
|
+
/**
|
|
19567
|
+
* Error thrown when trying to encrypt or decrypt data using DPAPI on Windows.
|
|
19568
|
+
*/
|
|
19569
|
+
static createFilePersistenceWithDPAPIError(errorMessage) {
|
|
19570
|
+
return new _PersistenceError("DPAPIEncryptedFileError", errorMessage);
|
|
19571
|
+
}
|
|
19572
|
+
/**
|
|
19573
|
+
* Error thrown when using the cross platform lock.
|
|
19574
|
+
*/
|
|
19575
|
+
static createCrossPlatformLockError(errorMessage) {
|
|
19576
|
+
return new _PersistenceError("CrossPlatformLockError", errorMessage);
|
|
19577
|
+
}
|
|
19578
|
+
/**
|
|
19579
|
+
* Error thrown when trying to write, load, or delete data from NapiRsKeyRingPersistence.
|
|
19580
|
+
*/
|
|
19581
|
+
static createNapiRsKeyRingPersistenceError(errorMessage) {
|
|
19582
|
+
return new _PersistenceError("NapiRsKeyRingError", errorMessage);
|
|
19583
|
+
}
|
|
19584
|
+
/**
|
|
19585
|
+
* Throw cache persistence error
|
|
19586
|
+
*
|
|
19587
|
+
* @param errorMessage string
|
|
19588
|
+
* @returns PersistenceError
|
|
19589
|
+
*/
|
|
19590
|
+
static createCachePersistenceError(errorMessage) {
|
|
19591
|
+
return new _PersistenceError("CachePersistenceError", errorMessage);
|
|
19592
|
+
}
|
|
19593
|
+
};
|
|
19594
|
+
__name(_PersistenceError, "PersistenceError");
|
|
19595
|
+
var PersistenceError = _PersistenceError;
|
|
19596
|
+
|
|
19597
|
+
// src/authentication/forks/msal-node-extensions/utils/Constants.ts
|
|
19598
|
+
var Constants3 = {
|
|
19599
|
+
/**
|
|
19600
|
+
* An existing file was the target of an operation that required that the target not exist
|
|
19601
|
+
*/
|
|
19602
|
+
EEXIST_ERROR: "EEXIST",
|
|
19603
|
+
/**
|
|
19604
|
+
* No such file or directory: Commonly raised by fs operations to indicate that a component
|
|
19605
|
+
* of the specified pathname does not exist. No entity (file or directory) could be found
|
|
19606
|
+
* by the given path
|
|
19607
|
+
*/
|
|
19608
|
+
ENOENT_ERROR: "ENOENT",
|
|
19609
|
+
/**
|
|
19610
|
+
* Operation not permitted. An attempt was made to perform an operation that requires
|
|
19611
|
+
* elevated privileges.
|
|
19612
|
+
*/
|
|
19613
|
+
EPERM_ERROR: "EPERM",
|
|
19614
|
+
/**
|
|
19615
|
+
* Default service name for using MSAL Keytar
|
|
19616
|
+
*/
|
|
19617
|
+
DEFAULT_SERVICE_NAME: "msal-node-extensions",
|
|
19618
|
+
/**
|
|
19619
|
+
* Test data used to verify underlying persistence mechanism
|
|
19620
|
+
*/
|
|
19621
|
+
PERSISTENCE_TEST_DATA: "Dummy data to verify underlying persistence mechanism",
|
|
19622
|
+
// Name of the default cache file
|
|
19623
|
+
DEFAULT_CACHE_FILE_NAME: "cache.json"
|
|
19624
|
+
};
|
|
19625
|
+
var ErrorCodes = {
|
|
19626
|
+
INTERATION_REQUIRED_ERROR_CODE: "interaction_required",
|
|
19627
|
+
SERVER_UNAVAILABLE: "server_unavailable",
|
|
19628
|
+
UNKNOWN: "unknown_error"
|
|
19629
|
+
};
|
|
19630
|
+
|
|
19631
|
+
// src/authentication/forks/msal-node-extensions/persistence/BasePersistence.ts
|
|
19632
|
+
var _BasePersistence = class _BasePersistence {
|
|
19633
|
+
async verifyPersistence() {
|
|
19634
|
+
const persistenceValidator = await this.createForPersistenceValidation();
|
|
19635
|
+
try {
|
|
19636
|
+
await persistenceValidator.save(Constants3.PERSISTENCE_TEST_DATA);
|
|
19637
|
+
const retrievedDummyData = await persistenceValidator.load();
|
|
19638
|
+
if (!retrievedDummyData) {
|
|
19639
|
+
throw PersistenceError.createCachePersistenceError(
|
|
19640
|
+
"Persistence check failed. Data was written but it could not be read. Possible cause: on Linux, LibSecret is installed but D-Bus isn't running because it cannot be started over SSH."
|
|
19641
|
+
);
|
|
19564
19642
|
}
|
|
19565
|
-
|
|
19566
|
-
|
|
19643
|
+
if (retrievedDummyData !== Constants3.PERSISTENCE_TEST_DATA) {
|
|
19644
|
+
throw PersistenceError.createCachePersistenceError(
|
|
19645
|
+
`Persistence check failed. Data written ${Constants3.PERSISTENCE_TEST_DATA} is different from data read ${retrievedDummyData}`
|
|
19646
|
+
);
|
|
19647
|
+
}
|
|
19648
|
+
await persistenceValidator.delete();
|
|
19649
|
+
return true;
|
|
19650
|
+
} catch (e) {
|
|
19651
|
+
throw PersistenceError.createCachePersistenceError(`Verifing persistence failed with the error: ${e}`);
|
|
19567
19652
|
}
|
|
19568
|
-
|
|
19569
|
-
|
|
19570
|
-
|
|
19571
|
-
|
|
19572
|
-
|
|
19573
|
-
|
|
19574
|
-
|
|
19575
|
-
|
|
19576
|
-
|
|
19577
|
-
|
|
19578
|
-
|
|
19579
|
-
|
|
19580
|
-
|
|
19581
|
-
|
|
19582
|
-
|
|
19583
|
-
|
|
19584
|
-
|
|
19585
|
-
|
|
19586
|
-
|
|
19587
|
-
|
|
19588
|
-
|
|
19589
|
-
|
|
19590
|
-
|
|
19591
|
-
|
|
19592
|
-
|
|
19593
|
-
|
|
19594
|
-
|
|
19595
|
-
|
|
19596
|
-
|
|
19653
|
+
}
|
|
19654
|
+
};
|
|
19655
|
+
__name(_BasePersistence, "BasePersistence");
|
|
19656
|
+
var BasePersistence = _BasePersistence;
|
|
19657
|
+
|
|
19658
|
+
// src/authentication/forks/msal-node-extensions/persistence/FilePersistence.ts
|
|
19659
|
+
import { promises as fs } from "fs";
|
|
19660
|
+
import { dirname } from "path";
|
|
19661
|
+
init_dist();
|
|
19662
|
+
var _FilePersistence = class _FilePersistence extends BasePersistence {
|
|
19663
|
+
constructor(fileLocation, loggerOptions) {
|
|
19664
|
+
super();
|
|
19665
|
+
this.logger = new Logger(loggerOptions || _FilePersistence.createDefaultLoggerOptions());
|
|
19666
|
+
this.filePath = fileLocation;
|
|
19667
|
+
}
|
|
19668
|
+
static async create(fileLocation, loggerOptions) {
|
|
19669
|
+
const filePersistence = new _FilePersistence(fileLocation, loggerOptions);
|
|
19670
|
+
await filePersistence.createCacheFile();
|
|
19671
|
+
return filePersistence;
|
|
19672
|
+
}
|
|
19673
|
+
async save(contents) {
|
|
19674
|
+
try {
|
|
19675
|
+
await fs.writeFile(this.getFilePath(), contents, "utf-8");
|
|
19676
|
+
} catch (err) {
|
|
19677
|
+
if (isNodeError(err)) {
|
|
19678
|
+
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
|
|
19679
|
+
} else {
|
|
19680
|
+
throw err;
|
|
19681
|
+
}
|
|
19682
|
+
}
|
|
19683
|
+
}
|
|
19684
|
+
async saveBuffer(contents) {
|
|
19685
|
+
try {
|
|
19686
|
+
await fs.writeFile(this.getFilePath(), contents);
|
|
19687
|
+
} catch (err) {
|
|
19688
|
+
if (isNodeError(err)) {
|
|
19689
|
+
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
|
|
19690
|
+
} else {
|
|
19691
|
+
throw err;
|
|
19692
|
+
}
|
|
19693
|
+
}
|
|
19694
|
+
}
|
|
19695
|
+
async load() {
|
|
19696
|
+
try {
|
|
19697
|
+
return await fs.readFile(this.getFilePath(), "utf-8");
|
|
19698
|
+
} catch (err) {
|
|
19699
|
+
if (isNodeError(err)) {
|
|
19700
|
+
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
|
|
19701
|
+
} else {
|
|
19702
|
+
throw err;
|
|
19703
|
+
}
|
|
19704
|
+
}
|
|
19705
|
+
}
|
|
19706
|
+
async loadBuffer() {
|
|
19707
|
+
try {
|
|
19708
|
+
return await fs.readFile(this.getFilePath());
|
|
19709
|
+
} catch (err) {
|
|
19710
|
+
if (isNodeError(err)) {
|
|
19711
|
+
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
|
|
19712
|
+
} else {
|
|
19713
|
+
throw err;
|
|
19597
19714
|
}
|
|
19715
|
+
}
|
|
19716
|
+
}
|
|
19717
|
+
async delete() {
|
|
19718
|
+
try {
|
|
19719
|
+
await fs.unlink(this.getFilePath());
|
|
19720
|
+
return true;
|
|
19721
|
+
} catch (err) {
|
|
19722
|
+
if (isNodeError(err)) {
|
|
19723
|
+
if (err.code === Constants3.ENOENT_ERROR) {
|
|
19724
|
+
this.logger.warning("Cache file does not exist, so it could not be deleted");
|
|
19725
|
+
return false;
|
|
19726
|
+
}
|
|
19727
|
+
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
|
|
19728
|
+
} else {
|
|
19729
|
+
throw err;
|
|
19730
|
+
}
|
|
19731
|
+
}
|
|
19732
|
+
}
|
|
19733
|
+
getFilePath() {
|
|
19734
|
+
return this.filePath;
|
|
19735
|
+
}
|
|
19736
|
+
async reloadNecessary(lastSync) {
|
|
19737
|
+
return lastSync < await this.timeLastModified();
|
|
19738
|
+
}
|
|
19739
|
+
getLogger() {
|
|
19740
|
+
return this.logger;
|
|
19741
|
+
}
|
|
19742
|
+
createForPersistenceValidation() {
|
|
19743
|
+
const testCacheFileLocation = `${dirname(this.filePath)}/test.cache`;
|
|
19744
|
+
return _FilePersistence.create(testCacheFileLocation);
|
|
19745
|
+
}
|
|
19746
|
+
static createDefaultLoggerOptions() {
|
|
19747
|
+
return {
|
|
19748
|
+
loggerCallback: /* @__PURE__ */ __name(() => {
|
|
19749
|
+
}, "loggerCallback"),
|
|
19750
|
+
piiLoggingEnabled: false,
|
|
19751
|
+
logLevel: LogLevel.Info
|
|
19598
19752
|
};
|
|
19599
|
-
|
|
19600
|
-
|
|
19753
|
+
}
|
|
19754
|
+
async timeLastModified() {
|
|
19755
|
+
try {
|
|
19756
|
+
const stats = await fs.stat(this.filePath);
|
|
19757
|
+
return stats.mtime.getTime();
|
|
19758
|
+
} catch (err) {
|
|
19759
|
+
if (isNodeError(err)) {
|
|
19760
|
+
if (err.code === Constants3.ENOENT_ERROR) {
|
|
19761
|
+
this.logger.verbose("Cache file does not exist");
|
|
19762
|
+
return 0;
|
|
19763
|
+
}
|
|
19764
|
+
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
|
|
19765
|
+
} else {
|
|
19766
|
+
throw err;
|
|
19767
|
+
}
|
|
19601
19768
|
}
|
|
19602
|
-
|
|
19603
|
-
|
|
19604
|
-
|
|
19605
|
-
|
|
19606
|
-
|
|
19607
|
-
|
|
19608
|
-
|
|
19609
|
-
|
|
19610
|
-
|
|
19611
|
-
|
|
19612
|
-
|
|
19613
|
-
|
|
19614
|
-
|
|
19615
|
-
|
|
19616
|
-
|
|
19617
|
-
|
|
19769
|
+
}
|
|
19770
|
+
async createCacheFile() {
|
|
19771
|
+
await this.createFileDirectory();
|
|
19772
|
+
const fileHandle = await fs.open(this.filePath, "a");
|
|
19773
|
+
await fileHandle.close();
|
|
19774
|
+
this.logger.info(`File created at ${this.filePath}`);
|
|
19775
|
+
}
|
|
19776
|
+
async createFileDirectory() {
|
|
19777
|
+
try {
|
|
19778
|
+
await fs.mkdir(dirname(this.filePath), { recursive: true });
|
|
19779
|
+
} catch (err) {
|
|
19780
|
+
if (isNodeError(err)) {
|
|
19781
|
+
if (err.code === Constants3.EEXIST_ERROR) {
|
|
19782
|
+
this.logger.info(`Directory ${dirname(this.filePath)} already exists`);
|
|
19783
|
+
} else {
|
|
19784
|
+
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
|
|
19618
19785
|
}
|
|
19619
|
-
}
|
|
19620
|
-
|
|
19621
|
-
|
|
19622
|
-
|
|
19623
|
-
|
|
19624
|
-
|
|
19625
|
-
|
|
19626
|
-
|
|
19627
|
-
|
|
19628
|
-
|
|
19629
|
-
|
|
19630
|
-
|
|
19786
|
+
} else {
|
|
19787
|
+
throw err;
|
|
19788
|
+
}
|
|
19789
|
+
}
|
|
19790
|
+
}
|
|
19791
|
+
};
|
|
19792
|
+
__name(_FilePersistence, "FilePersistence");
|
|
19793
|
+
var FilePersistence = _FilePersistence;
|
|
19794
|
+
|
|
19795
|
+
// src/authentication/forks/msal-node-extensions/persistence/NapiRsKeyRingPersistence.ts
|
|
19796
|
+
var _NapiRsKeyRingPersistance = class _NapiRsKeyRingPersistance extends BasePersistence {
|
|
19797
|
+
constructor(filePersistence, service, account) {
|
|
19798
|
+
super();
|
|
19799
|
+
this.service = service;
|
|
19800
|
+
this.account = account;
|
|
19801
|
+
this.entry = new Entry(service, account);
|
|
19802
|
+
this.filePersistence = filePersistence;
|
|
19803
|
+
}
|
|
19804
|
+
static async create(fileLocation, serviceName, accountName, loggerOptions) {
|
|
19805
|
+
const filePersistence = await FilePersistence.create(fileLocation, loggerOptions);
|
|
19806
|
+
return new _NapiRsKeyRingPersistance(filePersistence, serviceName, accountName);
|
|
19807
|
+
}
|
|
19808
|
+
async save(contents) {
|
|
19809
|
+
try {
|
|
19810
|
+
this.entry.setPassword(contents);
|
|
19811
|
+
} catch (e) {
|
|
19812
|
+
if (isNodeError(e)) {
|
|
19813
|
+
throw PersistenceError.createNapiRsKeyRingPersistenceError(e.message);
|
|
19814
|
+
}
|
|
19815
|
+
throw e;
|
|
19816
|
+
}
|
|
19817
|
+
await this.filePersistence.save(contents);
|
|
19818
|
+
}
|
|
19819
|
+
load() {
|
|
19820
|
+
try {
|
|
19821
|
+
return Promise.resolve(this.entry.getPassword());
|
|
19822
|
+
} catch (e) {
|
|
19823
|
+
if (isNodeError(e)) {
|
|
19824
|
+
throw PersistenceError.createNapiRsKeyRingPersistenceError(e.message);
|
|
19825
|
+
}
|
|
19826
|
+
throw e;
|
|
19827
|
+
}
|
|
19828
|
+
}
|
|
19829
|
+
async delete() {
|
|
19830
|
+
try {
|
|
19831
|
+
await this.filePersistence.delete();
|
|
19832
|
+
return this.entry.deletePassword();
|
|
19833
|
+
} catch (e) {
|
|
19834
|
+
if (isNodeError(e)) {
|
|
19835
|
+
throw PersistenceError.createNapiRsKeyRingPersistenceError(e.message);
|
|
19836
|
+
}
|
|
19837
|
+
throw e;
|
|
19838
|
+
}
|
|
19839
|
+
}
|
|
19840
|
+
reloadNecessary(lastSync) {
|
|
19841
|
+
return this.filePersistence.reloadNecessary(lastSync);
|
|
19842
|
+
}
|
|
19843
|
+
getFilePath() {
|
|
19844
|
+
return this.filePersistence.getFilePath();
|
|
19845
|
+
}
|
|
19846
|
+
getLogger() {
|
|
19847
|
+
return this.filePersistence.getLogger();
|
|
19848
|
+
}
|
|
19849
|
+
createForPersistenceValidation() {
|
|
19850
|
+
const testCacheFileLocation = `${dirname2(this.filePersistence.getFilePath())}/test.cache`;
|
|
19851
|
+
return _NapiRsKeyRingPersistance.create(
|
|
19852
|
+
testCacheFileLocation,
|
|
19853
|
+
"persistenceValidationServiceName",
|
|
19854
|
+
"persistencValidationAccountName"
|
|
19855
|
+
);
|
|
19856
|
+
}
|
|
19857
|
+
};
|
|
19858
|
+
__name(_NapiRsKeyRingPersistance, "NapiRsKeyRingPersistance");
|
|
19859
|
+
var NapiRsKeyRingPersistance = _NapiRsKeyRingPersistance;
|
|
19860
|
+
|
|
19861
|
+
// src/authentication/forks/msal-node-extensions/persistence/FilePersistenceWithDataProtection.ts
|
|
19862
|
+
import { protectData, unprotectData } from "node-dpapi-prebuilt";
|
|
19863
|
+
import { dirname as dirname3 } from "path";
|
|
19864
|
+
var _FilePersistenceWithDataProtection = class _FilePersistenceWithDataProtection extends BasePersistence {
|
|
19865
|
+
constructor(filePersistence, scope, optionalEntropy) {
|
|
19866
|
+
super();
|
|
19867
|
+
this.scope = scope;
|
|
19868
|
+
this.optionalEntropy = optionalEntropy ? Buffer.from(optionalEntropy, "utf-8") : null;
|
|
19869
|
+
this.filePersistence = filePersistence;
|
|
19870
|
+
}
|
|
19871
|
+
static async create(fileLocation, scope, optionalEntropy, loggerOptions) {
|
|
19872
|
+
const filePersistence = await FilePersistence.create(fileLocation, loggerOptions);
|
|
19873
|
+
const persistence = new _FilePersistenceWithDataProtection(filePersistence, scope, optionalEntropy);
|
|
19874
|
+
return persistence;
|
|
19875
|
+
}
|
|
19876
|
+
async save(contents) {
|
|
19877
|
+
try {
|
|
19878
|
+
const encryptedContents = protectData(Buffer.from(contents, "utf-8"), this.optionalEntropy, this.scope);
|
|
19879
|
+
await this.filePersistence.saveBuffer(encryptedContents);
|
|
19880
|
+
} catch (err) {
|
|
19881
|
+
if (isNodeError(err)) {
|
|
19882
|
+
throw PersistenceError.createFilePersistenceWithDPAPIError(err.message);
|
|
19883
|
+
} else {
|
|
19884
|
+
throw err;
|
|
19885
|
+
}
|
|
19886
|
+
}
|
|
19887
|
+
}
|
|
19888
|
+
async load() {
|
|
19889
|
+
try {
|
|
19890
|
+
const encryptedContents = await this.filePersistence.loadBuffer();
|
|
19891
|
+
if (typeof encryptedContents === "undefined" || !encryptedContents || 0 === encryptedContents.length) {
|
|
19892
|
+
this.filePersistence.getLogger().info("Encrypted contents loaded from file were null or empty");
|
|
19893
|
+
return null;
|
|
19894
|
+
}
|
|
19895
|
+
return unprotectData(encryptedContents, this.optionalEntropy, this.scope).toString();
|
|
19896
|
+
} catch (err) {
|
|
19897
|
+
if (isNodeError(err)) {
|
|
19898
|
+
throw PersistenceError.createFilePersistenceWithDPAPIError(err.message);
|
|
19899
|
+
} else {
|
|
19900
|
+
throw err;
|
|
19901
|
+
}
|
|
19902
|
+
}
|
|
19903
|
+
}
|
|
19904
|
+
async delete() {
|
|
19905
|
+
return this.filePersistence.delete();
|
|
19906
|
+
}
|
|
19907
|
+
async reloadNecessary(lastSync) {
|
|
19908
|
+
return this.filePersistence.reloadNecessary(lastSync);
|
|
19909
|
+
}
|
|
19910
|
+
getFilePath() {
|
|
19911
|
+
return this.filePersistence.getFilePath();
|
|
19912
|
+
}
|
|
19913
|
+
getLogger() {
|
|
19914
|
+
return this.filePersistence.getLogger();
|
|
19915
|
+
}
|
|
19916
|
+
createForPersistenceValidation() {
|
|
19917
|
+
const testCacheFileLocation = `${dirname3(this.filePersistence.getFilePath())}/test.cache`;
|
|
19918
|
+
return _FilePersistenceWithDataProtection.create(testCacheFileLocation, "CurrentUser");
|
|
19919
|
+
}
|
|
19920
|
+
};
|
|
19921
|
+
__name(_FilePersistenceWithDataProtection, "FilePersistenceWithDataProtection");
|
|
19922
|
+
var FilePersistenceWithDataProtection = _FilePersistenceWithDataProtection;
|
|
19923
|
+
|
|
19924
|
+
// src/authentication/forks/identity-cache-persistence/platforms.ts
|
|
19925
|
+
var _a, _b;
|
|
19926
|
+
var localApplicationDataFolder = ((_b = (_a = process.env.APPDATA) == null ? void 0 : _a.replace) == null ? void 0 : _b.call(_a, /(.Roaming)*$/, "\\Local")) ?? process.env.HOME;
|
|
19927
|
+
var defaultMsalValues = {
|
|
19928
|
+
tokenCache: {
|
|
19929
|
+
name: "msal.cache",
|
|
19930
|
+
// Expected values:
|
|
19931
|
+
// - Darwin: '/Users/user/.IdentityService'
|
|
19932
|
+
// - Windows 8+: 'C:\Users\user\AppData\Local\.IdentityService'
|
|
19933
|
+
// - Linux: '/home/user/.IdentityService'
|
|
19934
|
+
directory: path2.join(localApplicationDataFolder, ".IdentityService")
|
|
19935
|
+
},
|
|
19936
|
+
keyRing: {
|
|
19937
|
+
label: "MSALCache",
|
|
19938
|
+
schema: "msal.cache",
|
|
19939
|
+
collection: "default",
|
|
19940
|
+
attributes: {
|
|
19941
|
+
MsalClientID: "Microsoft.Developer.IdentityService",
|
|
19942
|
+
"Microsoft.Developer.IdentityService": "1.0.0.0"
|
|
19943
|
+
},
|
|
19944
|
+
service: "Microsoft.Developer.IdentityService",
|
|
19945
|
+
account: "MSALCache"
|
|
19946
|
+
},
|
|
19947
|
+
keyChain: {
|
|
19948
|
+
service: "Microsoft.Developer.IdentityService",
|
|
19949
|
+
account: "MSALCache"
|
|
19950
|
+
}
|
|
19951
|
+
};
|
|
19952
|
+
function getPersistencePath(name3) {
|
|
19953
|
+
return path2.join(defaultMsalValues.tokenCache.directory, name3);
|
|
19954
|
+
}
|
|
19955
|
+
__name(getPersistencePath, "getPersistencePath");
|
|
19956
|
+
async function persistanceFactory(options = {}) {
|
|
19957
|
+
const { name: name3, unsafeAllowUnencryptedStorage } = options;
|
|
19958
|
+
const { service, account } = defaultMsalValues.keyChain;
|
|
19959
|
+
const persistencePath = getPersistencePath(name3 || defaultMsalValues.tokenCache.name);
|
|
19960
|
+
try {
|
|
19961
|
+
const persistence = await NapiRsKeyRingPersistance.create(persistencePath, `${service}.${name3}`, account);
|
|
19962
|
+
await persistence.load();
|
|
19963
|
+
return persistence;
|
|
19964
|
+
} catch (e) {
|
|
19965
|
+
if (!unsafeAllowUnencryptedStorage) {
|
|
19966
|
+
throw new Error("Unable to read from the NAPI keyring.");
|
|
19967
|
+
}
|
|
19968
|
+
return FilePersistence.create(persistencePath);
|
|
19969
|
+
}
|
|
19970
|
+
}
|
|
19971
|
+
__name(persistanceFactory, "persistanceFactory");
|
|
19972
|
+
var msalPersistencePlatforms = {
|
|
19973
|
+
win32: /* @__PURE__ */ __name(({ name: name3 = defaultMsalValues.tokenCache.name } = {}) => FilePersistenceWithDataProtection.create(getPersistencePath(name3), "CurrentUser"), "win32"),
|
|
19974
|
+
darwin: persistanceFactory,
|
|
19975
|
+
linux: persistanceFactory
|
|
19976
|
+
};
|
|
19977
|
+
|
|
19978
|
+
// src/authentication/forks/msal-node-extensions/lock/CrossPlatformLock.ts
|
|
19979
|
+
import { promises as fs2 } from "fs";
|
|
19980
|
+
import { pid } from "process";
|
|
19981
|
+
var _CrossPlatformLock = class _CrossPlatformLock {
|
|
19982
|
+
constructor(lockFilePath, logger, lockOptions) {
|
|
19983
|
+
this.lockFilePath = lockFilePath;
|
|
19984
|
+
this.retryNumber = lockOptions ? lockOptions.retryNumber : 500;
|
|
19985
|
+
this.retryDelay = lockOptions ? lockOptions.retryDelay : 100;
|
|
19986
|
+
this.logger = logger;
|
|
19987
|
+
}
|
|
19988
|
+
/**
|
|
19989
|
+
* Locks cache from read or writes by creating file with same path and name as
|
|
19990
|
+
* cache file but with .lockfile extension. If another process has already created
|
|
19991
|
+
* the lockfile, will back off and retry based on configuration settings set by CrossPlatformLockOptions
|
|
19992
|
+
*/
|
|
19993
|
+
async lock() {
|
|
19994
|
+
for (let tryCount = 0; tryCount < this.retryNumber; tryCount++) {
|
|
19995
|
+
try {
|
|
19996
|
+
this.logger.info(`Pid ${pid} trying to acquire lock`);
|
|
19997
|
+
this.lockFileHandle = await fs2.open(this.lockFilePath, "wx+");
|
|
19998
|
+
this.logger.info(`Pid ${pid} acquired lock`);
|
|
19999
|
+
await this.lockFileHandle.write(pid.toString());
|
|
20000
|
+
return;
|
|
20001
|
+
} catch (err) {
|
|
20002
|
+
if (isNodeError(err)) {
|
|
20003
|
+
if (err.code === Constants3.EEXIST_ERROR || err.code === Constants3.EPERM_ERROR) {
|
|
20004
|
+
this.logger.info(err.message);
|
|
20005
|
+
await this.sleep(this.retryDelay);
|
|
20006
|
+
} else {
|
|
20007
|
+
this.logger.error(`${pid} was not able to acquire lock. Ran into error: ${err.message}`);
|
|
20008
|
+
throw PersistenceError.createCrossPlatformLockError(err.message);
|
|
19631
20009
|
}
|
|
19632
|
-
|
|
20010
|
+
} else {
|
|
20011
|
+
throw err;
|
|
19633
20012
|
}
|
|
19634
|
-
}
|
|
19635
|
-
}
|
|
19636
|
-
|
|
19637
|
-
|
|
19638
|
-
|
|
19639
|
-
|
|
19640
|
-
|
|
19641
|
-
|
|
20013
|
+
}
|
|
20014
|
+
}
|
|
20015
|
+
this.logger.error(`${pid} was not able to acquire lock. Exceeded amount of retries set in the options`);
|
|
20016
|
+
throw PersistenceError.createCrossPlatformLockError(
|
|
20017
|
+
"Not able to acquire lock. Exceeded amount of retries set in options"
|
|
20018
|
+
);
|
|
20019
|
+
}
|
|
20020
|
+
/**
|
|
20021
|
+
* unlocks cache file by deleting .lockfile.
|
|
20022
|
+
*/
|
|
20023
|
+
async unlock() {
|
|
20024
|
+
try {
|
|
20025
|
+
if (this.lockFileHandle) {
|
|
20026
|
+
await fs2.unlink(this.lockFilePath);
|
|
20027
|
+
await this.lockFileHandle.close();
|
|
20028
|
+
this.logger.info("lockfile deleted");
|
|
20029
|
+
} else {
|
|
20030
|
+
this.logger.warning("lockfile handle does not exist, so lockfile could not be deleted");
|
|
20031
|
+
}
|
|
20032
|
+
} catch (err) {
|
|
20033
|
+
if (isNodeError(err)) {
|
|
20034
|
+
if (err.code === Constants3.ENOENT_ERROR) {
|
|
20035
|
+
this.logger.info("Tried to unlock but lockfile does not exist");
|
|
20036
|
+
} else {
|
|
20037
|
+
this.logger.error(`${pid} was not able to release lock. Ran into error: ${err.message}`);
|
|
20038
|
+
throw PersistenceError.createCrossPlatformLockError(err.message);
|
|
19642
20039
|
}
|
|
19643
|
-
|
|
19644
|
-
|
|
20040
|
+
} else {
|
|
20041
|
+
throw err;
|
|
20042
|
+
}
|
|
19645
20043
|
}
|
|
19646
|
-
|
|
19647
|
-
|
|
19648
|
-
|
|
19649
|
-
|
|
19650
|
-
|
|
19651
|
-
|
|
19652
|
-
|
|
19653
|
-
|
|
19654
|
-
|
|
20044
|
+
}
|
|
20045
|
+
sleep(ms) {
|
|
20046
|
+
return new Promise((resolve) => {
|
|
20047
|
+
setTimeout(resolve, ms);
|
|
20048
|
+
});
|
|
20049
|
+
}
|
|
20050
|
+
};
|
|
20051
|
+
__name(_CrossPlatformLock, "CrossPlatformLock");
|
|
20052
|
+
var CrossPlatformLock = _CrossPlatformLock;
|
|
20053
|
+
|
|
20054
|
+
// src/authentication/forks/msal-node-extensions/persistence/PersistenceCachePlugin.ts
|
|
20055
|
+
import { pid as pid2 } from "process";
|
|
20056
|
+
var _PersistenceCachePlugin = class _PersistenceCachePlugin {
|
|
20057
|
+
constructor(persistence, lockOptions) {
|
|
20058
|
+
this.persistence = persistence;
|
|
20059
|
+
this.logger = persistence.getLogger();
|
|
20060
|
+
this.lockFilePath = `${this.persistence.getFilePath()}.lockfile`;
|
|
20061
|
+
this.crossPlatformLock = new CrossPlatformLock(this.lockFilePath, this.logger, lockOptions);
|
|
20062
|
+
this.lastSync = 0;
|
|
20063
|
+
this.currentCache = null;
|
|
20064
|
+
}
|
|
20065
|
+
/**
|
|
20066
|
+
* Reads from storage and saves an in-memory copy. If persistence has not been updated
|
|
20067
|
+
* since last time data was read, in memory copy is used.
|
|
20068
|
+
*
|
|
20069
|
+
* If cacheContext.cacheHasChanged === true, then file lock is created and not deleted until
|
|
20070
|
+
* afterCacheAccess() is called, to prevent the cache file from changing in between
|
|
20071
|
+
* beforeCacheAccess() and afterCacheAccess().
|
|
20072
|
+
*/
|
|
20073
|
+
async beforeCacheAccess(cacheContext) {
|
|
20074
|
+
this.logger.info("Executing before cache access");
|
|
20075
|
+
const reloadNecessary = await this.persistence.reloadNecessary(this.lastSync);
|
|
20076
|
+
if (!reloadNecessary && this.currentCache !== null) {
|
|
20077
|
+
if (cacheContext.cacheHasChanged) {
|
|
20078
|
+
this.logger.verbose("Cache context has changed");
|
|
20079
|
+
await this.crossPlatformLock.lock();
|
|
20080
|
+
}
|
|
20081
|
+
return;
|
|
20082
|
+
}
|
|
20083
|
+
try {
|
|
20084
|
+
this.logger.info(`Reload necessary. Last sync time: ${this.lastSync}`);
|
|
20085
|
+
await this.crossPlatformLock.lock();
|
|
20086
|
+
this.currentCache = await this.persistence.load();
|
|
20087
|
+
this.lastSync = (/* @__PURE__ */ new Date()).getTime();
|
|
20088
|
+
if (this.currentCache) {
|
|
20089
|
+
cacheContext.tokenCache.deserialize(this.currentCache);
|
|
20090
|
+
} else {
|
|
20091
|
+
this.logger.info("Cache empty.");
|
|
20092
|
+
}
|
|
20093
|
+
this.logger.info(`Last sync time updated to: ${this.lastSync}`);
|
|
20094
|
+
} finally {
|
|
20095
|
+
if (!cacheContext.cacheHasChanged) {
|
|
20096
|
+
await this.crossPlatformLock.unlock();
|
|
20097
|
+
this.logger.info(`Pid ${pid2} released lock`);
|
|
20098
|
+
} else {
|
|
20099
|
+
this.logger.info(`Pid ${pid2} beforeCacheAccess did not release lock`);
|
|
20100
|
+
}
|
|
19655
20101
|
}
|
|
19656
|
-
__name(createPersistenceCachePlugin, "createPersistenceCachePlugin");
|
|
19657
|
-
var cachePersistencePlugin2 = /* @__PURE__ */ __name((context) => {
|
|
19658
|
-
const { cachePluginControl } = context;
|
|
19659
|
-
cachePluginControl.setPersistence(createPersistenceCachePlugin);
|
|
19660
|
-
}, "cachePersistencePlugin");
|
|
19661
|
-
exports.cachePersistencePlugin = cachePersistencePlugin2;
|
|
19662
20102
|
}
|
|
19663
|
-
|
|
20103
|
+
/**
|
|
20104
|
+
* Writes to storage if MSAL in memory copy of cache has been changed.
|
|
20105
|
+
*/
|
|
20106
|
+
async afterCacheAccess(cacheContext) {
|
|
20107
|
+
this.logger.info("Executing after cache access");
|
|
20108
|
+
try {
|
|
20109
|
+
if (cacheContext.cacheHasChanged) {
|
|
20110
|
+
this.logger.info("Msal in-memory cache has changed. Writing changes to persistence");
|
|
20111
|
+
this.currentCache = cacheContext.tokenCache.serialize();
|
|
20112
|
+
await this.persistence.save(this.currentCache);
|
|
20113
|
+
} else {
|
|
20114
|
+
this.logger.info("Msal in-memory cache has not changed. Did not write to persistence");
|
|
20115
|
+
}
|
|
20116
|
+
} finally {
|
|
20117
|
+
await this.crossPlatformLock.unlock();
|
|
20118
|
+
this.logger.info(`Pid ${pid2} afterCacheAccess released lock`);
|
|
20119
|
+
}
|
|
20120
|
+
}
|
|
20121
|
+
};
|
|
20122
|
+
__name(_PersistenceCachePlugin, "PersistenceCachePlugin");
|
|
20123
|
+
var PersistenceCachePlugin = _PersistenceCachePlugin;
|
|
20124
|
+
|
|
20125
|
+
// src/authentication/forks/identity-cache-persistence/provider.ts
|
|
20126
|
+
async function createPersistence(options) {
|
|
20127
|
+
var _a2, _b2;
|
|
20128
|
+
const persistence = await ((_b2 = (_a2 = msalPersistencePlatforms)[process.platform]) == null ? void 0 : _b2.call(_a2, options));
|
|
20129
|
+
if (persistence === void 0) {
|
|
20130
|
+
throw new Error("no persistence providers are available on this platform");
|
|
20131
|
+
}
|
|
20132
|
+
return persistence;
|
|
20133
|
+
}
|
|
20134
|
+
__name(createPersistence, "createPersistence");
|
|
20135
|
+
async function createPersistenceCachePlugin(options) {
|
|
20136
|
+
const persistence = await createPersistence(options ?? {});
|
|
20137
|
+
return new PersistenceCachePlugin(persistence, {
|
|
20138
|
+
retryNumber: 100,
|
|
20139
|
+
retryDelay: 50
|
|
20140
|
+
});
|
|
20141
|
+
}
|
|
20142
|
+
__name(createPersistenceCachePlugin, "createPersistenceCachePlugin");
|
|
19664
20143
|
|
|
19665
|
-
// src/authentication/
|
|
19666
|
-
var
|
|
19667
|
-
|
|
20144
|
+
// src/authentication/forks/identity-cache-persistence/cachePersistencePlugin.ts
|
|
20145
|
+
var cachePersistencePlugin = /* @__PURE__ */ __name((context) => {
|
|
20146
|
+
const { cachePluginControl } = context;
|
|
20147
|
+
cachePluginControl.setPersistence(createPersistenceCachePlugin);
|
|
20148
|
+
}, "cachePersistencePlugin");
|
|
19668
20149
|
|
|
19669
20150
|
// src/authentication/getAuthenticationRecord.ts
|
|
19670
20151
|
var import_identity = __toESM(require_dist2(), 1);
|
|
19671
20152
|
import { existsSync, readFileSync as readFileSync2 } from "fs";
|
|
19672
20153
|
|
|
19673
20154
|
// src/authentication/getAuthenticationRecordPath.ts
|
|
19674
|
-
import
|
|
20155
|
+
import path3 from "path";
|
|
19675
20156
|
function getAuthenticationRecordPath(cachePath) {
|
|
19676
|
-
return
|
|
20157
|
+
return path3.join(cachePath, "tokencache.bin");
|
|
19677
20158
|
}
|
|
19678
20159
|
__name(getAuthenticationRecordPath, "getAuthenticationRecordPath");
|
|
19679
20160
|
|
|
@@ -19703,7 +20184,7 @@ __name(saveAuthenticationRecord, "saveAuthenticationRecord");
|
|
|
19703
20184
|
// src/authentication/tokenCachePersistenceOptions.ts
|
|
19704
20185
|
var tokenCachePersistenceOptions = {
|
|
19705
20186
|
enabled: true,
|
|
19706
|
-
name: "
|
|
20187
|
+
name: "Cloudpack"
|
|
19707
20188
|
};
|
|
19708
20189
|
|
|
19709
20190
|
// src/utils/isProcessRunning.ts
|
|
@@ -19711,21 +20192,21 @@ function isErrorWithCode(error) {
|
|
|
19711
20192
|
return error instanceof Error && "code" in error;
|
|
19712
20193
|
}
|
|
19713
20194
|
__name(isErrorWithCode, "isErrorWithCode");
|
|
19714
|
-
function isProcessRunning(
|
|
20195
|
+
function isProcessRunning(pid3) {
|
|
19715
20196
|
try {
|
|
19716
|
-
process.kill(
|
|
20197
|
+
process.kill(pid3, 0);
|
|
19717
20198
|
return true;
|
|
19718
20199
|
} catch (error) {
|
|
19719
20200
|
if (isErrorWithCode(error) && error.code === "ERR_INVALID_ARG_TYPE") {
|
|
19720
|
-
console.log(`Invalid PID: ${
|
|
20201
|
+
console.log(`Invalid PID: ${pid3}`);
|
|
19721
20202
|
return false;
|
|
19722
20203
|
} else if (isErrorWithCode(error) && error.code === "EPERM") {
|
|
19723
20204
|
console.log(
|
|
19724
|
-
`Permission issue indicates that process ${
|
|
20205
|
+
`Permission issue indicates that process ${pid3} exists but user doesn't have permission to signal it.`
|
|
19725
20206
|
);
|
|
19726
20207
|
return true;
|
|
19727
20208
|
} else if (isErrorWithCode(error) && error.code === "ESRCH") {
|
|
19728
|
-
console.log(`Process ${
|
|
20209
|
+
console.log(`Process ${pid3} does not exist.`);
|
|
19729
20210
|
return false;
|
|
19730
20211
|
} else {
|
|
19731
20212
|
throw error;
|
|
@@ -19738,11 +20219,11 @@ __name(isProcessRunning, "isProcessRunning");
|
|
|
19738
20219
|
import { unlinkSync } from "fs";
|
|
19739
20220
|
|
|
19740
20221
|
// src/authentication/lock-file/getAuthenticationLockFilePath.ts
|
|
19741
|
-
import
|
|
20222
|
+
import path4 from "path";
|
|
19742
20223
|
function getAuthenticationLockFilePath() {
|
|
19743
|
-
var
|
|
19744
|
-
const
|
|
19745
|
-
return
|
|
20224
|
+
var _a2, _b2;
|
|
20225
|
+
const localApplicationDataFolder2 = ((_b2 = (_a2 = process.env.APPDATA) == null ? void 0 : _a2.replace) == null ? void 0 : _b2.call(_a2, /(.Roaming)*$/, "\\Local")) ?? (process.env.HOME || "");
|
|
20226
|
+
return path4.join(localApplicationDataFolder2, ".IdentityService", tokenCachePersistenceOptions.name + ".lockfile");
|
|
19746
20227
|
}
|
|
19747
20228
|
__name(getAuthenticationLockFilePath, "getAuthenticationLockFilePath");
|
|
19748
20229
|
|
|
@@ -19795,9 +20276,9 @@ function tryCleaningLockFile() {
|
|
|
19795
20276
|
if (!doesLockFileExist()) {
|
|
19796
20277
|
return true;
|
|
19797
20278
|
}
|
|
19798
|
-
const
|
|
19799
|
-
console.log(`Process ID in the lock file: ${
|
|
19800
|
-
if (!isProcessRunning(
|
|
20279
|
+
const pid3 = readAuthenticationLockFile();
|
|
20280
|
+
console.log(`Process ID in the lock file: ${pid3}`);
|
|
20281
|
+
if (!isProcessRunning(pid3) && deleteAuthenticationLockFile()) {
|
|
19801
20282
|
console.log("Auth lock file is deleted successfully");
|
|
19802
20283
|
return true;
|
|
19803
20284
|
}
|
|
@@ -19828,7 +20309,7 @@ function getCredentialInternal(loginMethod, authenticationRecord, tenantId) {
|
|
|
19828
20309
|
}
|
|
19829
20310
|
__name(getCredentialInternal, "getCredentialInternal");
|
|
19830
20311
|
async function getCredential(options, context) {
|
|
19831
|
-
var
|
|
20312
|
+
var _a2;
|
|
19832
20313
|
const { loginMethod, cachePath, tenantId } = options;
|
|
19833
20314
|
const { reporter, azureLogger, telemetryClient } = context;
|
|
19834
20315
|
if (loginMethod == "azure-cli") {
|
|
@@ -19837,22 +20318,22 @@ async function getCredential(options, context) {
|
|
|
19837
20318
|
const tasks = {};
|
|
19838
20319
|
azureLogger.once("MsalBrowserOpen", (url) => {
|
|
19839
20320
|
tasks.interactiveAuthentication = reporter.addTask(
|
|
19840
|
-
`Prepare to sign in
|
|
20321
|
+
`Prepare to sign in - we are launching a browser page for you. Simply follow the instructions on the login page to seamlessly complete the authentication process. You can manually access the login page by navigating to the folliwing url if you inadvertently close the authentication page or prefer to use a different web browser or a profile. ${url}`
|
|
19841
20322
|
);
|
|
19842
20323
|
});
|
|
19843
|
-
(0, import_identity3.useIdentityPlugin)(import_identity_cache_persistence.cachePersistencePlugin);
|
|
19844
|
-
const credential = getCredentialInternal(loginMethod, getAuthenticationRecord(cachePath), tenantId);
|
|
19845
20324
|
tryCleaningLockFile();
|
|
20325
|
+
(0, import_identity3.useIdentityPlugin)(cachePersistencePlugin);
|
|
20326
|
+
const credential = getCredentialInternal(loginMethod, getAuthenticationRecord(cachePath), tenantId);
|
|
19846
20327
|
const storageScope = "https://storage.azure.com/.default";
|
|
19847
20328
|
const authenticationRecord = await credential.authenticate(storageScope);
|
|
19848
20329
|
const token = await credential.getToken(storageScope);
|
|
19849
20330
|
const storageCustomCredential = {
|
|
19850
|
-
getToken: () => Promise.resolve(token)
|
|
20331
|
+
getToken: /* @__PURE__ */ __name(() => Promise.resolve(token), "getToken")
|
|
19851
20332
|
};
|
|
19852
20333
|
if (authenticationRecord) {
|
|
19853
20334
|
saveAuthenticationRecord(cachePath, authenticationRecord);
|
|
19854
20335
|
}
|
|
19855
|
-
(
|
|
20336
|
+
(_a2 = tasks.interactiveAuthentication) == null ? void 0 : _a2.complete({
|
|
19856
20337
|
message: "You have successfully signed in."
|
|
19857
20338
|
});
|
|
19858
20339
|
telemetryClient.rootSpan.addEvent("SYNC_AUTH", {
|