@sphereon/ssi-sdk.ms-authenticator 0.33.1-next.3 → 0.33.1-next.68

package/dist/index.cjs

@@ -0,0 +1,159 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  MS_DID_ENDPOINT_EU: () => MS_DID_ENDPOINT_EU,
+  MS_DID_ENDPOINT_NON_EU: () => MS_DID_ENDPOINT_NON_EU,
+  UsernamePasswordAuthenticator: () => UsernamePasswordAuthenticator,
+  assertEntraCredentialManifestUrlInCorrectRegion: () => assertEntraCredentialManifestUrlInCorrectRegion,
+  determineMSAuthId: () => determineMSAuthId,
+  getEntraDIDEndpoint: () => getEntraDIDEndpoint,
+  getMSClientCredentialAccessToken: () => getMSClientCredentialAccessToken,
+  getMSOpenIDClientRegion: () => getMSOpenIDClientRegion,
+  newMSClientCredentialAuthenticator: () => newMSClientCredentialAuthenticator
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/authenticators/MsAuthenticator.ts
+var import_msal_node = require("@azure/msal-node");
+var import_cross_fetch = require("cross-fetch");
+var import_object_hash = __toESM(require("object-hash"), 1);
+var EU = "EU";
+var HTTP_METHOD_GET = "GET";
+var MS_DID_ENDPOINT_NON_EU = "https://beta.did.msidentity.com/v1.0/";
+var MS_DID_ENDPOINT_EU = "https://beta.eu.did.msidentity.com/v1.0/";
+var MS_LOGIN_PREFIX = "https://login.microsoftonline.com/";
+var MS_LOGIN_OPENID_CONFIG_POSTFIX = "/v2.0/.well-known/openid-configuration";
+var MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE = "3db474b9-6a0c-4840-96ac-1fceb342124f/.default";
+var ERROR_CREDENTIAL_MANIFEST_REGION = `Error in config file. CredentialManifest URL configured for wrong tenant region. Should start with:`;
+var ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT = "Could not acquire verifiableCredentials to access your Azure Key Vault:\n";
+var ERROR_FAILED_AUTHENTICATION = "failed to authenticate: ";
+async function getMSOpenIDClientRegion(azTenantId) {
+  return (0, import_cross_fetch.fetch)(MS_LOGIN_PREFIX + azTenantId + MS_LOGIN_OPENID_CONFIG_POSTFIX, {
+    method: HTTP_METHOD_GET
+  }).then((res) => res.json()).then(async (resp) => {
+    return resp.tenant_region_scope ?? EU;
+  });
+}
+__name(getMSOpenIDClientRegion, "getMSOpenIDClientRegion");
+async function getEntraDIDEndpoint(opts) {
+  const region = opts?.region ?? await getMSOpenIDClientRegion(opts.azTenantId);
+  return region === EU ? MS_DID_ENDPOINT_EU : MS_DID_ENDPOINT_NON_EU;
+}
+__name(getEntraDIDEndpoint, "getEntraDIDEndpoint");
+async function assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs) {
+  const msDIDEndpoint = await getEntraDIDEndpoint(authenticationArgs);
+  if (!authenticationArgs.credentialManifestUrl?.startsWith(msDIDEndpoint)) {
+    throw new Error(ERROR_CREDENTIAL_MANIFEST_REGION + msDIDEndpoint + `. value: ${authenticationArgs.credentialManifestUrl}`);
+  }
+  return msDIDEndpoint;
+}
+__name(assertEntraCredentialManifestUrlInCorrectRegion, "assertEntraCredentialManifestUrlInCorrectRegion");
+async function getMSClientCredentialAccessToken(authenticationArgs, opts) {
+  const confidentialClient = opts?.confidentialClient ?? await newMSClientCredentialAuthenticator(authenticationArgs).then((cca) => cca.confidentialClient);
+  if (!confidentialClient) {
+    throw Error("No Credential Client Authenticator could be constructed");
+  }
+  if (authenticationArgs?.credentialManifestUrl) {
+    await assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs);
+  }
+  const msalClientCredentialRequest = {
+    scopes: authenticationArgs.scopes ?? (authenticationArgs?.credentialManifestUrl ? [
+      MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE
+    ] : []),
+    skipCache: authenticationArgs.skipCache ?? false
+  };
+  try {
+    const result = await confidentialClient.acquireTokenByClientCredential(msalClientCredentialRequest);
+    if (result) {
+      return result;
+    }
+  } catch (err) {
+    throw {
+      error: ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT + err
+    };
+  }
+  throw {
+    error: ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT
+  };
+}
+__name(getMSClientCredentialAccessToken, "getMSClientCredentialAccessToken");
+async function newMSClientCredentialAuthenticator(authenticationArgs) {
+  const didEndpoint = authenticationArgs?.credentialManifestUrl ? await assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs) : void 0;
+  const auth = authOptions(authenticationArgs);
+  const id = (0, import_object_hash.default)(auth);
+  const msalConfig = {
+    auth,
+    system: {
+      loggerOptions: {
+        piiLoggingEnabled: authenticationArgs.piiLoggingEnabled ? authenticationArgs.piiLoggingEnabled : false,
+        logLevel: authenticationArgs.logLevel ? authenticationArgs.logLevel : import_msal_node.LogLevel.Verbose
+      }
+    }
+  };
+  const confidentialClientApp = new import_msal_node.ConfidentialClientApplication(msalConfig);
+  return {
+    confidentialClient: confidentialClientApp,
+    msalConfig,
+    authenticationArgs,
+    didEndpoint,
+    id
+  };
+}
+__name(newMSClientCredentialAuthenticator, "newMSClientCredentialAuthenticator");
+async function UsernamePasswordAuthenticator(authenticationArgs) {
+  const msalConfig = {
+    auth: authOptions(authenticationArgs)
+  };
+  const pca = new import_msal_node.PublicClientApplication(msalConfig);
+  return await pca.acquireTokenByUsernamePassword(authenticationArgs).then((response) => {
+    return response;
+  }).catch((error) => {
+    throw new Error(ERROR_FAILED_AUTHENTICATION + error);
+  });
+}
+__name(UsernamePasswordAuthenticator, "UsernamePasswordAuthenticator");
+function authOptions(authenticationArgs) {
+  return {
+    clientId: authenticationArgs.azClientId,
+    authority: authenticationArgs.authority ? authenticationArgs.authority : MS_LOGIN_PREFIX + authenticationArgs.azTenantId,
+    ...authenticationArgs && "azClientSecret" in authenticationArgs && {
+      clientSecret: authenticationArgs.azClientSecret
+    }
+  };
+}
+__name(authOptions, "authOptions");
+function determineMSAuthId(authenticationArgs) {
+  return (0, import_object_hash.default)(authOptions(authenticationArgs));
+}
+__name(determineMSAuthId, "determineMSAuthId");
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts","../src/authenticators/MsAuthenticator.ts"],"sourcesContent":["export * from './authenticators'\nexport * from './types'\n","import {\n  AuthenticationResult,\n  ConfidentialClientApplication,\n  Configuration,\n  LogLevel,\n  NodeAuthOptions,\n  PublicClientApplication,\n  UsernamePasswordRequest,\n} from '@azure/msal-node'\nimport { fetch } from 'cross-fetch'\nimport { IMSClientCredentialAuthInfo, IMsAuthenticationClientCredentialArgs, IMsAuthenticationUsernamePasswordArgs } from '../index'\n\nimport hash from 'object-hash'\n\nconst EU = 'EU'\n\nconst HTTP_METHOD_GET = 'GET'\n\n// Event though there are many regions, MS has only 2 DID identity host names (EU and NON_EU)\n// https://docs.microsoft.com/en-us/azure/active-directory/verifiable-credentials/whats-new#are-there-any-changes-to-the-way-that-we-use-the-request-api-as-a-result-of-this-move\nexport const MS_DID_ENDPOINT_NON_EU = 'https://beta.did.msidentity.com/v1.0/'\nexport const MS_DID_ENDPOINT_EU = 'https://beta.eu.did.msidentity.com/v1.0/'\nconst MS_LOGIN_PREFIX = 'https://login.microsoftonline.com/'\nconst MS_LOGIN_OPENID_CONFIG_POSTFIX = '/v2.0/.well-known/openid-configuration'\nconst MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE = '3db474b9-6a0c-4840-96ac-1fceb342124f/.default'\n\nconst ERROR_CREDENTIAL_MANIFEST_REGION = `Error in config file. CredentialManifest URL configured for wrong tenant region. Should start with:`\nconst ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT = 'Could not acquire verifiableCredentials to access your Azure Key Vault:\\n'\nconst ERROR_FAILED_AUTHENTICATION = 'failed to authenticate: '\n\n// todo: This is a pretty heavy operation. Getting all the OIDC discovery data from a fetch only to return the region. Probably wise to add some caching and refactor so we can do more with the other OIDC info as well\nexport async function getMSOpenIDClientRegion(azTenantId: string): Promise<string> {\n  return fetch(MS_LOGIN_PREFIX + azTenantId + MS_LOGIN_OPENID_CONFIG_POSTFIX, { method: HTTP_METHOD_GET })\n    .then((res) => res.json())\n    .then(async (resp) => {\n      return resp.tenant_region_scope ?? EU\n    })\n}\n\nexport async function getEntraDIDEndpoint(opts: { region?: string; azTenantId: string }) {\n  const region = opts?.region ?? (await getMSOpenIDClientRegion(opts.azTenantId))\n  return region === EU ? MS_DID_ENDPOINT_EU : MS_DID_ENDPOINT_NON_EU\n}\n\nexport async function assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<string> {\n  const msDIDEndpoint = await getEntraDIDEndpoint(authenticationArgs)\n  // Check that the Credential Manifest URL is in the same tenant Region and throw an error if it's not\n  if (!authenticationArgs.credentialManifestUrl?.startsWith(msDIDEndpoint)) {\n    throw new Error(ERROR_CREDENTIAL_MANIFEST_REGION + msDIDEndpoint + `. value: ${authenticationArgs.credentialManifestUrl}`)\n  }\n  return msDIDEndpoint\n}\n\n/**\n * necessary fields are:\n *   azClientId: clientId of the application you're trying to login\n *   azClientSecret: secret of the application you're trying to login\n *   azTenantId: your MS Azure tenantId\n * optional fields:\n *   credentialManifest: address of your credential manifest. usually in following format:\n *    https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema>\n * @param authenticationArgs\n * @constructor\n */\nexport async function getMSClientCredentialAccessToken(\n  authenticationArgs: IMsAuthenticationClientCredentialArgs,\n  opts?: {\n    confidentialClient?: ConfidentialClientApplication\n  },\n): Promise<AuthenticationResult> {\n  const confidentialClient =\n    opts?.confidentialClient ?? (await newMSClientCredentialAuthenticator(authenticationArgs).then((cca) => cca.confidentialClient))\n  if (!confidentialClient) {\n    throw Error('No Credential Client Authenticator could be constructed')\n  }\n  if (authenticationArgs?.credentialManifestUrl) {\n    await assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs)\n  }\n\n  const msalClientCredentialRequest = {\n    scopes: authenticationArgs.scopes ?? (authenticationArgs?.credentialManifestUrl ? [MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE] : []),\n    skipCache: authenticationArgs.skipCache ?? false,\n  }\n\n  // get the Access Token\n  try {\n    const result = await confidentialClient.acquireTokenByClientCredential(msalClientCredentialRequest)\n    if (result) {\n      return result\n    }\n  } catch (err) {\n    throw {\n      error: ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT + err,\n    }\n  }\n  throw {\n    error: ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT,\n  }\n}\n\nexport async function newMSClientCredentialAuthenticator(\n  authenticationArgs: IMsAuthenticationClientCredentialArgs,\n): Promise<IMSClientCredentialAuthInfo> {\n  const didEndpoint = authenticationArgs?.credentialManifestUrl\n    ? await assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs)\n    : undefined\n  const auth = authOptions(authenticationArgs)\n  const id = hash(auth)\n  const msalConfig: Configuration = {\n    auth,\n    system: {\n      loggerOptions: {\n        piiLoggingEnabled: authenticationArgs.piiLoggingEnabled ? authenticationArgs.piiLoggingEnabled : false,\n        logLevel: authenticationArgs.logLevel ? authenticationArgs.logLevel : LogLevel.Verbose,\n      },\n    },\n  }\n  const confidentialClientApp = new ConfidentialClientApplication(msalConfig)\n\n  return { confidentialClient: confidentialClientApp, msalConfig, authenticationArgs, didEndpoint, id }\n}\n\n/**\n * Logs in with provided authenticationArgs and returns access token\n * @param authenticationArgs\n * @constructor\n */\nexport async function UsernamePasswordAuthenticator(authenticationArgs: IMsAuthenticationUsernamePasswordArgs): Promise<string> {\n  const msalConfig = {\n    auth: authOptions(authenticationArgs),\n  }\n  const pca = new PublicClientApplication(msalConfig)\n  return await pca\n    .acquireTokenByUsernamePassword(authenticationArgs as UsernamePasswordRequest)\n    .then((response: any) => {\n      return response\n    })\n    .catch((error: any) => {\n      throw new Error(ERROR_FAILED_AUTHENTICATION + error)\n    })\n}\n\nfunction authOptions(authenticationArgs: IMsAuthenticationClientCredentialArgs | IMsAuthenticationUsernamePasswordArgs): NodeAuthOptions {\n  return {\n    clientId: authenticationArgs.azClientId,\n    authority: authenticationArgs.authority ? authenticationArgs.authority : MS_LOGIN_PREFIX + authenticationArgs.azTenantId,\n    ...(authenticationArgs && 'azClientSecret' in authenticationArgs && { clientSecret: authenticationArgs.azClientSecret }),\n  }\n}\n\nexport function determineMSAuthId(authenticationArgs: IMsAuthenticationClientCredentialArgs | IMsAuthenticationUsernamePasswordArgs): string {\n  return hash(authOptions(authenticationArgs))\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;;;ACAA,uBAQO;AACP,yBAAsB;AAGtB,yBAAiB;AAEjB,IAAMA,KAAK;AAEX,IAAMC,kBAAkB;AAIjB,IAAMC,yBAAyB;AAC/B,IAAMC,qBAAqB;AAClC,IAAMC,kBAAkB;AACxB,IAAMC,iCAAiC;AACvC,IAAMC,qCAAqC;AAE3C,IAAMC,mCAAmC;AACzC,IAAMC,wCAAwC;AAC9C,IAAMC,8BAA8B;AAGpC,eAAsBC,wBAAwBC,YAAkB;AAC9D,aAAOC,0BAAMR,kBAAkBO,aAAaN,gCAAgC;IAAEQ,QAAQZ;EAAgB,CAAA,EACnGa,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,OAAOG,SAAAA;AACX,WAAOA,KAAKC,uBAAuBlB;EACrC,CAAA;AACJ;AANsBU;AAQtB,eAAsBS,oBAAoBC,MAA6C;AACrF,QAAMC,SAASD,MAAMC,UAAW,MAAMX,wBAAwBU,KAAKT,UAAU;AAC7E,SAAOU,WAAWrB,KAAKG,qBAAqBD;AAC9C;AAHsBiB;AAKtB,eAAsBG,gDAAgDC,oBAAyD;AAC7H,QAAMC,gBAAgB,MAAML,oBAAoBI,kBAAAA;AAEhD,MAAI,CAACA,mBAAmBE,uBAAuBC,WAAWF,aAAAA,GAAgB;AACxE,UAAM,IAAIG,MAAMpB,mCAAmCiB,gBAAgB,YAAYD,mBAAmBE,qBAAqB,EAAE;EAC3H;AACA,SAAOD;AACT;AAPsBF;AAoBtB,eAAsBM,iCACpBL,oBACAH,MAEC;AAED,QAAMS,qBACJT,MAAMS,sBAAuB,MAAMC,mCAAmCP,kBAAAA,EAAoBT,KAAK,CAACiB,QAAQA,IAAIF,kBAAkB;AAChI,MAAI,CAACA,oBAAoB;AACvB,UAAMF,MAAM,yDAAA;EACd;AACA,MAAIJ,oBAAoBE,uBAAuB;AAC7C,UAAMH,gDAAgDC,kBAAAA;EACxD;AAEA,QAAMS,8BAA8B;IAClCC,QAAQV,mBAAmBU,WAAWV,oBAAoBE,wBAAwB;MAACnB;QAAsC,CAAA;IACzH4B,WAAWX,mBAAmBW,aAAa;EAC7C;AAGA,MAAI;AACF,UAAMC,SAAS,MAAMN,mBAAmBO,+BAA+BJ,2BAAAA;AACvE,QAAIG,QAAQ;AACV,aAAOA;IACT;EACF,SAASE,KAAK;AACZ,UAAM;MACJC,OAAO9B,wCAAwC6B;IACjD;EACF;AACA,QAAM;IACJC,OAAO9B;EACT;AACF;AAlCsBoB;AAoCtB,eAAsBE,mCACpBP,oBAAyD;AAEzD,QAAMgB,cAAchB,oBAAoBE,wBACpC,MAAMH,gDAAgDC,kBAAAA,IACtDiB;AACJ,QAAMC,OAAOC,YAAYnB,kBAAAA;AACzB,QAAMoB,SAAKC,mBAAAA,SAAKH,IAAAA;AAChB,QAAMI,aAA4B;IAChCJ;IACAK,QAAQ;MACNC,eAAe;QACbC,mBAAmBzB,mBAAmByB,oBAAoBzB,mBAAmByB,oBAAoB;QACjGC,UAAU1B,mBAAmB0B,WAAW1B,mBAAmB0B,WAAWC,0BAASC;MACjF;IACF;EACF;AACA,QAAMC,wBAAwB,IAAIC,+CAA8BR,UAAAA;AAEhE,SAAO;IAAEhB,oBAAoBuB;IAAuBP;IAAYtB;IAAoBgB;IAAaI;EAAG;AACtG;AApBsBb;AA2BtB,eAAsBwB,8BAA8B/B,oBAAyD;AAC3G,QAAMsB,aAAa;IACjBJ,MAAMC,YAAYnB,kBAAAA;EACpB;AACA,QAAMgC,MAAM,IAAIC,yCAAwBX,UAAAA;AACxC,SAAO,MAAMU,IACVE,+BAA+BlC,kBAAAA,EAC/BT,KAAK,CAAC4C,aAAAA;AACL,WAAOA;EACT,CAAA,EACCC,MAAM,CAACrB,UAAAA;AACN,UAAM,IAAIX,MAAMlB,8BAA8B6B,KAAAA;EAChD,CAAA;AACJ;AAbsBgB;AAetB,SAASZ,YAAYnB,oBAAiG;AACpH,SAAO;IACLqC,UAAUrC,mBAAmBsC;IAC7BC,WAAWvC,mBAAmBuC,YAAYvC,mBAAmBuC,YAAY1D,kBAAkBmB,mBAAmBZ;IAC9G,GAAIY,sBAAsB,oBAAoBA,sBAAsB;MAAEwC,cAAcxC,mBAAmByC;IAAe;EACxH;AACF;AANStB;AAQF,SAASuB,kBAAkB1C,oBAAiG;AACjI,aAAOqB,mBAAAA,SAAKF,YAAYnB,kBAAAA,CAAAA;AAC1B;AAFgB0C;","names":["EU","HTTP_METHOD_GET","MS_DID_ENDPOINT_NON_EU","MS_DID_ENDPOINT_EU","MS_LOGIN_PREFIX","MS_LOGIN_OPENID_CONFIG_POSTFIX","MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE","ERROR_CREDENTIAL_MANIFEST_REGION","ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT","ERROR_FAILED_AUTHENTICATION","getMSOpenIDClientRegion","azTenantId","fetch","method","then","res","json","resp","tenant_region_scope","getEntraDIDEndpoint","opts","region","assertEntraCredentialManifestUrlInCorrectRegion","authenticationArgs","msDIDEndpoint","credentialManifestUrl","startsWith","Error","getMSClientCredentialAccessToken","confidentialClient","newMSClientCredentialAuthenticator","cca","msalClientCredentialRequest","scopes","skipCache","result","acquireTokenByClientCredential","err","error","didEndpoint","undefined","auth","authOptions","id","hash","msalConfig","system","loggerOptions","piiLoggingEnabled","logLevel","LogLevel","Verbose","confidentialClientApp","ConfidentialClientApplication","UsernamePasswordAuthenticator","pca","PublicClientApplication","acquireTokenByUsernamePassword","response","catch","clientId","azClientId","authority","clientSecret","azClientSecret","determineMSAuthId"]}

package/dist/{types/IMsAuthenticator.d.ts → index.d.cts}

@@ -1,4 +1,36 @@
-import { ConfidentialClientApplication, Configuration, LogLevel } from '@azure/msal-node';
+import { ConfidentialClientApplication, AuthenticationResult, LogLevel, Configuration } from '@azure/msal-node';
+
+declare const MS_DID_ENDPOINT_NON_EU = "https://beta.did.msidentity.com/v1.0/";
+declare const MS_DID_ENDPOINT_EU = "https://beta.eu.did.msidentity.com/v1.0/";
+declare function getMSOpenIDClientRegion(azTenantId: string): Promise<string>;
+declare function getEntraDIDEndpoint(opts: {
+    region?: string;
+    azTenantId: string;
+}): Promise<"https://beta.did.msidentity.com/v1.0/" | "https://beta.eu.did.msidentity.com/v1.0/">;
+declare function assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<string>;
+/**
+ * necessary fields are:
+ *   azClientId: clientId of the application you're trying to login
+ *   azClientSecret: secret of the application you're trying to login
+ *   azTenantId: your MS Azure tenantId
+ * optional fields:
+ *   credentialManifest: address of your credential manifest. usually in following format:
+ *    https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema>
+ * @param authenticationArgs
+ * @constructor
+ */
+declare function getMSClientCredentialAccessToken(authenticationArgs: IMsAuthenticationClientCredentialArgs, opts?: {
+    confidentialClient?: ConfidentialClientApplication;
+}): Promise<AuthenticationResult>;
+declare function newMSClientCredentialAuthenticator(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<IMSClientCredentialAuthInfo>;
+/**
+ * Logs in with provided authenticationArgs and returns access token
+ * @param authenticationArgs
+ * @constructor
+ */
+declare function UsernamePasswordAuthenticator(authenticationArgs: IMsAuthenticationUsernamePasswordArgs): Promise<string>;
+declare function determineMSAuthId(authenticationArgs: IMsAuthenticationClientCredentialArgs | IMsAuthenticationUsernamePasswordArgs): string;
+
 /**
  *   azClientId: clientId of the application you're trying to login
  *   azClientSecret: secret of the application you're trying to login
@@ -20,7 +52,7 @@ import { ConfidentialClientApplication, Configuration, LogLevel } from '@azure/m
  *     Trace = 4
  *     if not provided defaults to LogLevel.Verbose
  */
-export interface IMsAuthenticationClientCredentialArgs {
+interface IMsAuthenticationClientCredentialArgs {
     azClientId: string;
     azTenantId: string;
     azClientSecret: string;
@@ -42,7 +74,7 @@ export interface IMsAuthenticationClientCredentialArgs {
  *    - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant.
  *    - Work and school accounts: https://login.microsoftonline.com/organizations/.
  */
-export interface IMsAuthenticationUsernamePasswordArgs {
+interface IMsAuthenticationUsernamePasswordArgs {
     azClientId: string;
     azTenantId: string;
     password: string;
@@ -50,11 +82,12 @@ export interface IMsAuthenticationUsernamePasswordArgs {
     username: string;
     authority?: string;
 }
-export interface IMSClientCredentialAuthInfo {
+interface IMSClientCredentialAuthInfo {
     id: string;
     confidentialClient: ConfidentialClientApplication;
     msalConfig: Configuration;
     authenticationArgs: IMsAuthenticationClientCredentialArgs;
     didEndpoint?: string;
 }
-//# sourceMappingURL=IMsAuthenticator.d.ts.map
+
+export { type IMSClientCredentialAuthInfo, type IMsAuthenticationClientCredentialArgs, type IMsAuthenticationUsernamePasswordArgs, MS_DID_ENDPOINT_EU, MS_DID_ENDPOINT_NON_EU, UsernamePasswordAuthenticator, assertEntraCredentialManifestUrlInCorrectRegion, determineMSAuthId, getEntraDIDEndpoint, getMSClientCredentialAccessToken, getMSOpenIDClientRegion, newMSClientCredentialAuthenticator };

package/dist/index.d.ts

@@ -1,3 +1,93 @@
-export * from './authenticators';
-export * from './types';
-//# sourceMappingURL=index.d.ts.map
+import { ConfidentialClientApplication, AuthenticationResult, LogLevel, Configuration } from '@azure/msal-node';
+
+declare const MS_DID_ENDPOINT_NON_EU = "https://beta.did.msidentity.com/v1.0/";
+declare const MS_DID_ENDPOINT_EU = "https://beta.eu.did.msidentity.com/v1.0/";
+declare function getMSOpenIDClientRegion(azTenantId: string): Promise<string>;
+declare function getEntraDIDEndpoint(opts: {
+    region?: string;
+    azTenantId: string;
+}): Promise<"https://beta.did.msidentity.com/v1.0/" | "https://beta.eu.did.msidentity.com/v1.0/">;
+declare function assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<string>;
+/**
+ * necessary fields are:
+ *   azClientId: clientId of the application you're trying to login
+ *   azClientSecret: secret of the application you're trying to login
+ *   azTenantId: your MS Azure tenantId
+ * optional fields:
+ *   credentialManifest: address of your credential manifest. usually in following format:
+ *    https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema>
+ * @param authenticationArgs
+ * @constructor
+ */
+declare function getMSClientCredentialAccessToken(authenticationArgs: IMsAuthenticationClientCredentialArgs, opts?: {
+    confidentialClient?: ConfidentialClientApplication;
+}): Promise<AuthenticationResult>;
+declare function newMSClientCredentialAuthenticator(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<IMSClientCredentialAuthInfo>;
+/**
+ * Logs in with provided authenticationArgs and returns access token
+ * @param authenticationArgs
+ * @constructor
+ */
+declare function UsernamePasswordAuthenticator(authenticationArgs: IMsAuthenticationUsernamePasswordArgs): Promise<string>;
+declare function determineMSAuthId(authenticationArgs: IMsAuthenticationClientCredentialArgs | IMsAuthenticationUsernamePasswordArgs): string;
+
+/**
+ *   azClientId: clientId of the application you're trying to login
+ *   azClientSecret: secret of the application you're trying to login
+ *   azTenantId: your MS Azure tenantId
+ *   credentialManifestUrl: url of your credential manifest. usually in following format:
+ *    https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema>
+ *   authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats:
+ *    - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant.
+ *    - Work and school accounts: https://login.microsoftonline.com/organizations/.
+ *   region?: if present will use the provided, if not will make a request to determine the region
+ *   scopes?: scopes that you want to access via this authentication
+ *   skipCache?: whether to skip cache
+ *   piiLoggingEnabled?: if not provided defaults to false
+ *   logLevel?: can be one of these values:
+ *     Error = 0,
+ *     Warning = 1,
+ *     Info = 2,
+ *     Verbose = 3,
+ *     Trace = 4
+ *     if not provided defaults to LogLevel.Verbose
+ */
+interface IMsAuthenticationClientCredentialArgs {
+    azClientId: string;
+    azTenantId: string;
+    azClientSecret: string;
+    credentialManifestUrl?: string;
+    authority?: string;
+    region?: string;
+    scopes?: string[];
+    skipCache?: boolean;
+    piiLoggingEnabled?: boolean;
+    logLevel?: LogLevel;
+}
+/**
+ *   azClientId: clientId of the application you're trying to login
+ *   azTenantId: your MS Azure tenantId
+ *   username: username of the user
+ *   password: password of the user
+ *   scopes: scopes that you want to access via this authentication
+ *   authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats:
+ *    - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant.
+ *    - Work and school accounts: https://login.microsoftonline.com/organizations/.
+ */
+interface IMsAuthenticationUsernamePasswordArgs {
+    azClientId: string;
+    azTenantId: string;
+    password: string;
+    scopes: string[];
+    username: string;
+    authority?: string;
+}
+interface IMSClientCredentialAuthInfo {
+    id: string;
+    confidentialClient: ConfidentialClientApplication;
+    msalConfig: Configuration;
+    authenticationArgs: IMsAuthenticationClientCredentialArgs;
+    didEndpoint?: string;
+}
+
+export { type IMSClientCredentialAuthInfo, type IMsAuthenticationClientCredentialArgs, type IMsAuthenticationUsernamePasswordArgs, MS_DID_ENDPOINT_EU, MS_DID_ENDPOINT_NON_EU, UsernamePasswordAuthenticator, assertEntraCredentialManifestUrlInCorrectRegion, determineMSAuthId, getEntraDIDEndpoint, getMSClientCredentialAccessToken, getMSOpenIDClientRegion, newMSClientCredentialAuthenticator };

package/dist/index.js

@@ -1,19 +1,128 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
+var __defProp = Object.defineProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+
+// src/authenticators/MsAuthenticator.ts
+import { ConfidentialClientApplication, LogLevel, PublicClientApplication } from "@azure/msal-node";
+import { fetch } from "cross-fetch";
+import hash from "object-hash";
+var EU = "EU";
+var HTTP_METHOD_GET = "GET";
+var MS_DID_ENDPOINT_NON_EU = "https://beta.did.msidentity.com/v1.0/";
+var MS_DID_ENDPOINT_EU = "https://beta.eu.did.msidentity.com/v1.0/";
+var MS_LOGIN_PREFIX = "https://login.microsoftonline.com/";
+var MS_LOGIN_OPENID_CONFIG_POSTFIX = "/v2.0/.well-known/openid-configuration";
+var MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE = "3db474b9-6a0c-4840-96ac-1fceb342124f/.default";
+var ERROR_CREDENTIAL_MANIFEST_REGION = `Error in config file. CredentialManifest URL configured for wrong tenant region. Should start with:`;
+var ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT = "Could not acquire verifiableCredentials to access your Azure Key Vault:\n";
+var ERROR_FAILED_AUTHENTICATION = "failed to authenticate: ";
+async function getMSOpenIDClientRegion(azTenantId) {
+  return fetch(MS_LOGIN_PREFIX + azTenantId + MS_LOGIN_OPENID_CONFIG_POSTFIX, {
+    method: HTTP_METHOD_GET
+  }).then((res) => res.json()).then(async (resp) => {
+    return resp.tenant_region_scope ?? EU;
+  });
+}
+__name(getMSOpenIDClientRegion, "getMSOpenIDClientRegion");
+async function getEntraDIDEndpoint(opts) {
+  const region = opts?.region ?? await getMSOpenIDClientRegion(opts.azTenantId);
+  return region === EU ? MS_DID_ENDPOINT_EU : MS_DID_ENDPOINT_NON_EU;
+}
+__name(getEntraDIDEndpoint, "getEntraDIDEndpoint");
+async function assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs) {
+  const msDIDEndpoint = await getEntraDIDEndpoint(authenticationArgs);
+  if (!authenticationArgs.credentialManifestUrl?.startsWith(msDIDEndpoint)) {
+    throw new Error(ERROR_CREDENTIAL_MANIFEST_REGION + msDIDEndpoint + `. value: ${authenticationArgs.credentialManifestUrl}`);
+  }
+  return msDIDEndpoint;
+}
+__name(assertEntraCredentialManifestUrlInCorrectRegion, "assertEntraCredentialManifestUrlInCorrectRegion");
+async function getMSClientCredentialAccessToken(authenticationArgs, opts) {
+  const confidentialClient = opts?.confidentialClient ?? await newMSClientCredentialAuthenticator(authenticationArgs).then((cca) => cca.confidentialClient);
+  if (!confidentialClient) {
+    throw Error("No Credential Client Authenticator could be constructed");
+  }
+  if (authenticationArgs?.credentialManifestUrl) {
+    await assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs);
+  }
+  const msalClientCredentialRequest = {
+    scopes: authenticationArgs.scopes ?? (authenticationArgs?.credentialManifestUrl ? [
+      MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE
+    ] : []),
+    skipCache: authenticationArgs.skipCache ?? false
+  };
+  try {
+    const result = await confidentialClient.acquireTokenByClientCredential(msalClientCredentialRequest);
+    if (result) {
+      return result;
     }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+  } catch (err) {
+    throw {
+      error: ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT + err
+    };
+  }
+  throw {
+    error: ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT
+  };
+}
+__name(getMSClientCredentialAccessToken, "getMSClientCredentialAccessToken");
+async function newMSClientCredentialAuthenticator(authenticationArgs) {
+  const didEndpoint = authenticationArgs?.credentialManifestUrl ? await assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs) : void 0;
+  const auth = authOptions(authenticationArgs);
+  const id = hash(auth);
+  const msalConfig = {
+    auth,
+    system: {
+      loggerOptions: {
+        piiLoggingEnabled: authenticationArgs.piiLoggingEnabled ? authenticationArgs.piiLoggingEnabled : false,
+        logLevel: authenticationArgs.logLevel ? authenticationArgs.logLevel : LogLevel.Verbose
+      }
+    }
+  };
+  const confidentialClientApp = new ConfidentialClientApplication(msalConfig);
+  return {
+    confidentialClient: confidentialClientApp,
+    msalConfig,
+    authenticationArgs,
+    didEndpoint,
+    id
+  };
+}
+__name(newMSClientCredentialAuthenticator, "newMSClientCredentialAuthenticator");
+async function UsernamePasswordAuthenticator(authenticationArgs) {
+  const msalConfig = {
+    auth: authOptions(authenticationArgs)
+  };
+  const pca = new PublicClientApplication(msalConfig);
+  return await pca.acquireTokenByUsernamePassword(authenticationArgs).then((response) => {
+    return response;
+  }).catch((error) => {
+    throw new Error(ERROR_FAILED_AUTHENTICATION + error);
+  });
+}
+__name(UsernamePasswordAuthenticator, "UsernamePasswordAuthenticator");
+function authOptions(authenticationArgs) {
+  return {
+    clientId: authenticationArgs.azClientId,
+    authority: authenticationArgs.authority ? authenticationArgs.authority : MS_LOGIN_PREFIX + authenticationArgs.azTenantId,
+    ...authenticationArgs && "azClientSecret" in authenticationArgs && {
+      clientSecret: authenticationArgs.azClientSecret
+    }
+  };
+}
+__name(authOptions, "authOptions");
+function determineMSAuthId(authenticationArgs) {
+  return hash(authOptions(authenticationArgs));
+}
+__name(determineMSAuthId, "determineMSAuthId");
+export {
+  MS_DID_ENDPOINT_EU,
+  MS_DID_ENDPOINT_NON_EU,
+  UsernamePasswordAuthenticator,
+  assertEntraCredentialManifestUrlInCorrectRegion,
+  determineMSAuthId,
+  getEntraDIDEndpoint,
+  getMSClientCredentialAccessToken,
+  getMSOpenIDClientRegion,
+  newMSClientCredentialAuthenticator
 };
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./authenticators"), exports);
-__exportStar(require("./types"), exports);
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,mDAAgC;AAChC,0CAAuB"}
+{"version":3,"sources":["../src/authenticators/MsAuthenticator.ts"],"sourcesContent":["import {\n  AuthenticationResult,\n  ConfidentialClientApplication,\n  Configuration,\n  LogLevel,\n  NodeAuthOptions,\n  PublicClientApplication,\n  UsernamePasswordRequest,\n} from '@azure/msal-node'\nimport { fetch } from 'cross-fetch'\nimport { IMSClientCredentialAuthInfo, IMsAuthenticationClientCredentialArgs, IMsAuthenticationUsernamePasswordArgs } from '../index'\n\nimport hash from 'object-hash'\n\nconst EU = 'EU'\n\nconst HTTP_METHOD_GET = 'GET'\n\n// Event though there are many regions, MS has only 2 DID identity host names (EU and NON_EU)\n// https://docs.microsoft.com/en-us/azure/active-directory/verifiable-credentials/whats-new#are-there-any-changes-to-the-way-that-we-use-the-request-api-as-a-result-of-this-move\nexport const MS_DID_ENDPOINT_NON_EU = 'https://beta.did.msidentity.com/v1.0/'\nexport const MS_DID_ENDPOINT_EU = 'https://beta.eu.did.msidentity.com/v1.0/'\nconst MS_LOGIN_PREFIX = 'https://login.microsoftonline.com/'\nconst MS_LOGIN_OPENID_CONFIG_POSTFIX = '/v2.0/.well-known/openid-configuration'\nconst MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE = '3db474b9-6a0c-4840-96ac-1fceb342124f/.default'\n\nconst ERROR_CREDENTIAL_MANIFEST_REGION = `Error in config file. CredentialManifest URL configured for wrong tenant region. Should start with:`\nconst ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT = 'Could not acquire verifiableCredentials to access your Azure Key Vault:\\n'\nconst ERROR_FAILED_AUTHENTICATION = 'failed to authenticate: '\n\n// todo: This is a pretty heavy operation. Getting all the OIDC discovery data from a fetch only to return the region. Probably wise to add some caching and refactor so we can do more with the other OIDC info as well\nexport async function getMSOpenIDClientRegion(azTenantId: string): Promise<string> {\n  return fetch(MS_LOGIN_PREFIX + azTenantId + MS_LOGIN_OPENID_CONFIG_POSTFIX, { method: HTTP_METHOD_GET })\n    .then((res) => res.json())\n    .then(async (resp) => {\n      return resp.tenant_region_scope ?? EU\n    })\n}\n\nexport async function getEntraDIDEndpoint(opts: { region?: string; azTenantId: string }) {\n  const region = opts?.region ?? (await getMSOpenIDClientRegion(opts.azTenantId))\n  return region === EU ? MS_DID_ENDPOINT_EU : MS_DID_ENDPOINT_NON_EU\n}\n\nexport async function assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<string> {\n  const msDIDEndpoint = await getEntraDIDEndpoint(authenticationArgs)\n  // Check that the Credential Manifest URL is in the same tenant Region and throw an error if it's not\n  if (!authenticationArgs.credentialManifestUrl?.startsWith(msDIDEndpoint)) {\n    throw new Error(ERROR_CREDENTIAL_MANIFEST_REGION + msDIDEndpoint + `. value: ${authenticationArgs.credentialManifestUrl}`)\n  }\n  return msDIDEndpoint\n}\n\n/**\n * necessary fields are:\n *   azClientId: clientId of the application you're trying to login\n *   azClientSecret: secret of the application you're trying to login\n *   azTenantId: your MS Azure tenantId\n * optional fields:\n *   credentialManifest: address of your credential manifest. usually in following format:\n *    https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema>\n * @param authenticationArgs\n * @constructor\n */\nexport async function getMSClientCredentialAccessToken(\n  authenticationArgs: IMsAuthenticationClientCredentialArgs,\n  opts?: {\n    confidentialClient?: ConfidentialClientApplication\n  },\n): Promise<AuthenticationResult> {\n  const confidentialClient =\n    opts?.confidentialClient ?? (await newMSClientCredentialAuthenticator(authenticationArgs).then((cca) => cca.confidentialClient))\n  if (!confidentialClient) {\n    throw Error('No Credential Client Authenticator could be constructed')\n  }\n  if (authenticationArgs?.credentialManifestUrl) {\n    await assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs)\n  }\n\n  const msalClientCredentialRequest = {\n    scopes: authenticationArgs.scopes ?? (authenticationArgs?.credentialManifestUrl ? [MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE] : []),\n    skipCache: authenticationArgs.skipCache ?? false,\n  }\n\n  // get the Access Token\n  try {\n    const result = await confidentialClient.acquireTokenByClientCredential(msalClientCredentialRequest)\n    if (result) {\n      return result\n    }\n  } catch (err) {\n    throw {\n      error: ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT + err,\n    }\n  }\n  throw {\n    error: ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT,\n  }\n}\n\nexport async function newMSClientCredentialAuthenticator(\n  authenticationArgs: IMsAuthenticationClientCredentialArgs,\n): Promise<IMSClientCredentialAuthInfo> {\n  const didEndpoint = authenticationArgs?.credentialManifestUrl\n    ? await assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs)\n    : undefined\n  const auth = authOptions(authenticationArgs)\n  const id = hash(auth)\n  const msalConfig: Configuration = {\n    auth,\n    system: {\n      loggerOptions: {\n        piiLoggingEnabled: authenticationArgs.piiLoggingEnabled ? authenticationArgs.piiLoggingEnabled : false,\n        logLevel: authenticationArgs.logLevel ? authenticationArgs.logLevel : LogLevel.Verbose,\n      },\n    },\n  }\n  const confidentialClientApp = new ConfidentialClientApplication(msalConfig)\n\n  return { confidentialClient: confidentialClientApp, msalConfig, authenticationArgs, didEndpoint, id }\n}\n\n/**\n * Logs in with provided authenticationArgs and returns access token\n * @param authenticationArgs\n * @constructor\n */\nexport async function UsernamePasswordAuthenticator(authenticationArgs: IMsAuthenticationUsernamePasswordArgs): Promise<string> {\n  const msalConfig = {\n    auth: authOptions(authenticationArgs),\n  }\n  const pca = new PublicClientApplication(msalConfig)\n  return await pca\n    .acquireTokenByUsernamePassword(authenticationArgs as UsernamePasswordRequest)\n    .then((response: any) => {\n      return response\n    })\n    .catch((error: any) => {\n      throw new Error(ERROR_FAILED_AUTHENTICATION + error)\n    })\n}\n\nfunction authOptions(authenticationArgs: IMsAuthenticationClientCredentialArgs | IMsAuthenticationUsernamePasswordArgs): NodeAuthOptions {\n  return {\n    clientId: authenticationArgs.azClientId,\n    authority: authenticationArgs.authority ? authenticationArgs.authority : MS_LOGIN_PREFIX + authenticationArgs.azTenantId,\n    ...(authenticationArgs && 'azClientSecret' in authenticationArgs && { clientSecret: authenticationArgs.azClientSecret }),\n  }\n}\n\nexport function determineMSAuthId(authenticationArgs: IMsAuthenticationClientCredentialArgs | IMsAuthenticationUsernamePasswordArgs): string {\n  return hash(authOptions(authenticationArgs))\n}\n"],"mappings":";;;;AAAA,SAEEA,+BAEAC,UAEAC,+BAEK;AACP,SAASC,aAAa;AAGtB,OAAOC,UAAU;AAEjB,IAAMC,KAAK;AAEX,IAAMC,kBAAkB;AAIjB,IAAMC,yBAAyB;AAC/B,IAAMC,qBAAqB;AAClC,IAAMC,kBAAkB;AACxB,IAAMC,iCAAiC;AACvC,IAAMC,qCAAqC;AAE3C,IAAMC,mCAAmC;AACzC,IAAMC,wCAAwC;AAC9C,IAAMC,8BAA8B;AAGpC,eAAsBC,wBAAwBC,YAAkB;AAC9D,SAAOC,MAAMR,kBAAkBO,aAAaN,gCAAgC;IAAEQ,QAAQZ;EAAgB,CAAA,EACnGa,KAAK,CAACC,QAAQA,IAAIC,KAAI,CAAA,EACtBF,KAAK,OAAOG,SAAAA;AACX,WAAOA,KAAKC,uBAAuBlB;EACrC,CAAA;AACJ;AANsBU;AAQtB,eAAsBS,oBAAoBC,MAA6C;AACrF,QAAMC,SAASD,MAAMC,UAAW,MAAMX,wBAAwBU,KAAKT,UAAU;AAC7E,SAAOU,WAAWrB,KAAKG,qBAAqBD;AAC9C;AAHsBiB;AAKtB,eAAsBG,gDAAgDC,oBAAyD;AAC7H,QAAMC,gBAAgB,MAAML,oBAAoBI,kBAAAA;AAEhD,MAAI,CAACA,mBAAmBE,uBAAuBC,WAAWF,aAAAA,GAAgB;AACxE,UAAM,IAAIG,MAAMpB,mCAAmCiB,gBAAgB,YAAYD,mBAAmBE,qBAAqB,EAAE;EAC3H;AACA,SAAOD;AACT;AAPsBF;AAoBtB,eAAsBM,iCACpBL,oBACAH,MAEC;AAED,QAAMS,qBACJT,MAAMS,sBAAuB,MAAMC,mCAAmCP,kBAAAA,EAAoBT,KAAK,CAACiB,QAAQA,IAAIF,kBAAkB;AAChI,MAAI,CAACA,oBAAoB;AACvB,UAAMF,MAAM,yDAAA;EACd;AACA,MAAIJ,oBAAoBE,uBAAuB;AAC7C,UAAMH,gDAAgDC,kBAAAA;EACxD;AAEA,QAAMS,8BAA8B;IAClCC,QAAQV,mBAAmBU,WAAWV,oBAAoBE,wBAAwB;MAACnB;QAAsC,CAAA;IACzH4B,WAAWX,mBAAmBW,aAAa;EAC7C;AAGA,MAAI;AACF,UAAMC,SAAS,MAAMN,mBAAmBO,+BAA+BJ,2BAAAA;AACvE,QAAIG,QAAQ;AACV,aAAOA;IACT;EACF,SAASE,KAAK;AACZ,UAAM;MACJC,OAAO9B,wCAAwC6B;IACjD;EACF;AACA,QAAM;IACJC,OAAO9B;EACT;AACF;AAlCsBoB;AAoCtB,eAAsBE,mCACpBP,oBAAyD;AAEzD,QAAMgB,cAAchB,oBAAoBE,wBACpC,MAAMH,gDAAgDC,kBAAAA,IACtDiB;AACJ,QAAMC,OAAOC,YAAYnB,kBAAAA;AACzB,QAAMoB,KAAKC,KAAKH,IAAAA;AAChB,QAAMI,aAA4B;IAChCJ;IACAK,QAAQ;MACNC,eAAe;QACbC,mBAAmBzB,mBAAmByB,oBAAoBzB,mBAAmByB,oBAAoB;QACjGC,UAAU1B,mBAAmB0B,WAAW1B,mBAAmB0B,WAAWC,SAASC;MACjF;IACF;EACF;AACA,QAAMC,wBAAwB,IAAIC,8BAA8BR,UAAAA;AAEhE,SAAO;IAAEhB,oBAAoBuB;IAAuBP;IAAYtB;IAAoBgB;IAAaI;EAAG;AACtG;AApBsBb;AA2BtB,eAAsBwB,8BAA8B/B,oBAAyD;AAC3G,QAAMsB,aAAa;IACjBJ,MAAMC,YAAYnB,kBAAAA;EACpB;AACA,QAAMgC,MAAM,IAAIC,wBAAwBX,UAAAA;AACxC,SAAO,MAAMU,IACVE,+BAA+BlC,kBAAAA,EAC/BT,KAAK,CAAC4C,aAAAA;AACL,WAAOA;EACT,CAAA,EACCC,MAAM,CAACrB,UAAAA;AACN,UAAM,IAAIX,MAAMlB,8BAA8B6B,KAAAA;EAChD,CAAA;AACJ;AAbsBgB;AAetB,SAASZ,YAAYnB,oBAAiG;AACpH,SAAO;IACLqC,UAAUrC,mBAAmBsC;IAC7BC,WAAWvC,mBAAmBuC,YAAYvC,mBAAmBuC,YAAY1D,kBAAkBmB,mBAAmBZ;IAC9G,GAAIY,sBAAsB,oBAAoBA,sBAAsB;MAAEwC,cAAcxC,mBAAmByC;IAAe;EACxH;AACF;AANStB;AAQF,SAASuB,kBAAkB1C,oBAAiG;AACjI,SAAOqB,KAAKF,YAAYnB,kBAAAA,CAAAA;AAC1B;AAFgB0C;","names":["ConfidentialClientApplication","LogLevel","PublicClientApplication","fetch","hash","EU","HTTP_METHOD_GET","MS_DID_ENDPOINT_NON_EU","MS_DID_ENDPOINT_EU","MS_LOGIN_PREFIX","MS_LOGIN_OPENID_CONFIG_POSTFIX","MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE","ERROR_CREDENTIAL_MANIFEST_REGION","ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT","ERROR_FAILED_AUTHENTICATION","getMSOpenIDClientRegion","azTenantId","fetch","method","then","res","json","resp","tenant_region_scope","getEntraDIDEndpoint","opts","region","assertEntraCredentialManifestUrlInCorrectRegion","authenticationArgs","msDIDEndpoint","credentialManifestUrl","startsWith","Error","getMSClientCredentialAccessToken","confidentialClient","newMSClientCredentialAuthenticator","cca","msalClientCredentialRequest","scopes","skipCache","result","acquireTokenByClientCredential","err","error","didEndpoint","undefined","auth","authOptions","id","hash","msalConfig","system","loggerOptions","piiLoggingEnabled","logLevel","LogLevel","Verbose","confidentialClientApp","ConfidentialClientApplication","UsernamePasswordAuthenticator","pca","PublicClientApplication","acquireTokenByUsernamePassword","response","catch","clientId","azClientId","authority","clientSecret","azClientSecret","determineMSAuthId"]}

package/package.json

@@ -1,12 +1,24 @@
 {
   "name": "@sphereon/ssi-sdk.ms-authenticator",
-  "version": "0.33.1-next.3+fd1a6fba",
+  "version": "0.33.1-next.68+b6c8b366",
   "source": "src/index.ts",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    "react-native": "./dist/index.js",
+    "import": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "require": {
+      "types": "./dist/index.d.cts",
+      "require": "./dist/index.cjs"
+    }
+  },
   "scripts": {
-    "build": "tsc --build",
-    "build:clean": "tsc --build --clean && tsc --build"
+    "build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json"
   },
   "dependencies": {
     "@azure/msal-common": "^13.3.3",
@@ -15,18 +27,15 @@
     "object-hash": "^3.0.0"
   },
   "devDependencies": {
-    "@types/jest": "^27.5.2",
     "@types/object-hash": "^3.0.6",
-    "jest": "^27.5.1",
-    "prettier": "^2.8.8",
-    "ts-jest": "^27.1.5"
+    "prettier": "^2.8.8"
   },
   "engines": {
     "node": ">= 20.0.0 < 22"
   },
   "files": [
-    "dist/**/*",
-    "src/**/*",
+    "dist",
+    "src",
     "README.md",
     "plugin.schema.json",
     "LICENSE"
@@ -46,6 +55,5 @@
     "SSI",
     "Veramo"
   ],
-  "nx": {},
-  "gitHead": "fd1a6fba306a83a73ff7c531db87fa207dbf436d"
+  "gitHead": "b6c8b36636fa3777494f55860d6a75f2e5a5611e"
 }

package/src/__tests__/authenticators.test.ts

@@ -0,0 +1,33 @@
+import * as process from 'process'
+import { AuthenticationResult } from '@azure/msal-node'
+import { getMSClientCredentialAccessToken, UsernamePasswordAuthenticator } from '../index'
+//jest.setTimeout(100000)
+import { describe, expect, it } from 'vitest'
+
+describe('@sphereon/ssi-sdk.ms-authenticator', (): void => {
+  it.skip('should authenticate using clientCredential', async (): Promise<void> => {
+    // TODO REVERT
+    const result: AuthenticationResult = await getMSClientCredentialAccessToken({
+      azClientId: process.env.SPHEREON_SSI_MSAL_CLIENT_ID ?? 'client_id',
+      azClientSecret: process.env.SPHEREON_SSI_MSAL_CLIENT_SECRET ?? 'client_secret',
+      azTenantId: process.env.SPHEREON_SSI_MSAL_TENANT_ID ?? 'tenant_id',
+      credentialManifestUrl:
+        'https://beta.eu.did.msidentity.com/v1.0/e2a42b2f-7460-4499-afc2-425315ef058a/verifiableCredential/contracts/VerifiedCredentialExpert2',
+    })
+
+    expect(result).toBeDefined()
+  })
+
+  it.skip('should authenticate using usernamePassword', async (): Promise<void> => {
+    // TODO REVERT
+    const result: string = await UsernamePasswordAuthenticator({
+      azTenantId: process.env.SPHEREON_SSI_MSAL_TENANT_ID ?? 'tenant_id',
+      azClientId: process.env.SPHEREON_SSI_MSAL_CLIENT_ID ?? 'client_id',
+      scopes: ['user.read'],
+      username: process.env.SPHEREON_SSI_MSAL_USERNAME ?? 'username',
+      password: process.env.SPHEREON_SSI_MSAL_PASSWORD ?? 'password',
+    })
+
+    expect(result).toBeDefined()
+  })
+})

package/dist/authenticators/MsAuthenticator.d.ts

@@ -1,33 +0,0 @@
-import { AuthenticationResult, ConfidentialClientApplication } from '@azure/msal-node';
-import { IMSClientCredentialAuthInfo, IMsAuthenticationClientCredentialArgs, IMsAuthenticationUsernamePasswordArgs } from '../index';
-export declare const MS_DID_ENDPOINT_NON_EU = "https://beta.did.msidentity.com/v1.0/";
-export declare const MS_DID_ENDPOINT_EU = "https://beta.eu.did.msidentity.com/v1.0/";
-export declare function getMSOpenIDClientRegion(azTenantId: string): Promise<string>;
-export declare function getEntraDIDEndpoint(opts: {
-    region?: string;
-    azTenantId: string;
-}): Promise<"https://beta.did.msidentity.com/v1.0/" | "https://beta.eu.did.msidentity.com/v1.0/">;
-export declare function assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<string>;
-/**
- * necessary fields are:
- *   azClientId: clientId of the application you're trying to login
- *   azClientSecret: secret of the application you're trying to login
- *   azTenantId: your MS Azure tenantId
- * optional fields:
- *   credentialManifest: address of your credential manifest. usually in following format:
- *    https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema>
- * @param authenticationArgs
- * @constructor
- */
-export declare function getMSClientCredentialAccessToken(authenticationArgs: IMsAuthenticationClientCredentialArgs, opts?: {
-    confidentialClient?: ConfidentialClientApplication;
-}): Promise<AuthenticationResult>;
-export declare function newMSClientCredentialAuthenticator(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<IMSClientCredentialAuthInfo>;
-/**
- * Logs in with provided authenticationArgs and returns access token
- * @param authenticationArgs
- * @constructor
- */
-export declare function UsernamePasswordAuthenticator(authenticationArgs: IMsAuthenticationUsernamePasswordArgs): Promise<string>;
-export declare function determineMSAuthId(authenticationArgs: IMsAuthenticationClientCredentialArgs | IMsAuthenticationUsernamePasswordArgs): string;
-//# sourceMappingURL=MsAuthenticator.d.ts.map

package/dist/authenticators/MsAuthenticator.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"MsAuthenticator.d.ts","sourceRoot":"","sources":["../../src/authenticators/MsAuthenticator.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACpB,6BAA6B,EAM9B,MAAM,kBAAkB,CAAA;AAEzB,OAAO,EAAE,2BAA2B,EAAE,qCAAqC,EAAE,qCAAqC,EAAE,MAAM,UAAU,CAAA;AAUpI,eAAO,MAAM,sBAAsB,0CAA0C,CAAA;AAC7E,eAAO,MAAM,kBAAkB,6CAA6C,CAAA;AAU5E,wBAAsB,uBAAuB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAMjF;AAED,wBAAsB,mBAAmB,CAAC,IAAI,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,iGAGtF;AAED,wBAAsB,+CAA+C,CAAC,kBAAkB,EAAE,qCAAqC,GAAG,OAAO,CAAC,MAAM,CAAC,CAOhJ;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,gCAAgC,CACpD,kBAAkB,EAAE,qCAAqC,EACzD,IAAI,CAAC,EAAE;IACL,kBAAkB,CAAC,EAAE,6BAA6B,CAAA;CACnD,GACA,OAAO,CAAC,oBAAoB,CAAC,CA6B/B;AAED,wBAAsB,kCAAkC,CACtD,kBAAkB,EAAE,qCAAqC,GACxD,OAAO,CAAC,2BAA2B,CAAC,CAkBtC;AAED;;;;GAIG;AACH,wBAAsB,6BAA6B,CAAC,kBAAkB,EAAE,qCAAqC,GAAG,OAAO,CAAC,MAAM,CAAC,CAa9H;AAUD,wBAAgB,iBAAiB,CAAC,kBAAkB,EAAE,qCAAqC,GAAG,qCAAqC,GAAG,MAAM,CAE3I"}

package/dist/authenticators/MsAuthenticator.js

@@ -1,156 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.MS_DID_ENDPOINT_EU = exports.MS_DID_ENDPOINT_NON_EU = void 0;
-exports.getMSOpenIDClientRegion = getMSOpenIDClientRegion;
-exports.getEntraDIDEndpoint = getEntraDIDEndpoint;
-exports.assertEntraCredentialManifestUrlInCorrectRegion = assertEntraCredentialManifestUrlInCorrectRegion;
-exports.getMSClientCredentialAccessToken = getMSClientCredentialAccessToken;
-exports.newMSClientCredentialAuthenticator = newMSClientCredentialAuthenticator;
-exports.UsernamePasswordAuthenticator = UsernamePasswordAuthenticator;
-exports.determineMSAuthId = determineMSAuthId;
-const msal_node_1 = require("@azure/msal-node");
-const cross_fetch_1 = require("cross-fetch");
-const object_hash_1 = __importDefault(require("object-hash"));
-const EU = 'EU';
-const HTTP_METHOD_GET = 'GET';
-// Event though there are many regions, MS has only 2 DID identity host names (EU and NON_EU)
-// https://docs.microsoft.com/en-us/azure/active-directory/verifiable-credentials/whats-new#are-there-any-changes-to-the-way-that-we-use-the-request-api-as-a-result-of-this-move
-exports.MS_DID_ENDPOINT_NON_EU = 'https://beta.did.msidentity.com/v1.0/';
-exports.MS_DID_ENDPOINT_EU = 'https://beta.eu.did.msidentity.com/v1.0/';
-const MS_LOGIN_PREFIX = 'https://login.microsoftonline.com/';
-const MS_LOGIN_OPENID_CONFIG_POSTFIX = '/v2.0/.well-known/openid-configuration';
-const MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE = '3db474b9-6a0c-4840-96ac-1fceb342124f/.default';
-const ERROR_CREDENTIAL_MANIFEST_REGION = `Error in config file. CredentialManifest URL configured for wrong tenant region. Should start with:`;
-const ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT = 'Could not acquire verifiableCredentials to access your Azure Key Vault:\n';
-const ERROR_FAILED_AUTHENTICATION = 'failed to authenticate: ';
-// todo: This is a pretty heavy operation. Getting all the OIDC discovery data from a fetch only to return the region. Probably wise to add some caching and refactor so we can do more with the other OIDC info as well
-function getMSOpenIDClientRegion(azTenantId) {
-    return __awaiter(this, void 0, void 0, function* () {
-        return (0, cross_fetch_1.fetch)(MS_LOGIN_PREFIX + azTenantId + MS_LOGIN_OPENID_CONFIG_POSTFIX, { method: HTTP_METHOD_GET })
-            .then((res) => res.json())
-            .then((resp) => __awaiter(this, void 0, void 0, function* () {
-            var _a;
-            return (_a = resp.tenant_region_scope) !== null && _a !== void 0 ? _a : EU;
-        }));
-    });
-}
-function getEntraDIDEndpoint(opts) {
-    return __awaiter(this, void 0, void 0, function* () {
-        var _a;
-        const region = (_a = opts === null || opts === void 0 ? void 0 : opts.region) !== null && _a !== void 0 ? _a : (yield getMSOpenIDClientRegion(opts.azTenantId));
-        return region === EU ? exports.MS_DID_ENDPOINT_EU : exports.MS_DID_ENDPOINT_NON_EU;
-    });
-}
-function assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs) {
-    return __awaiter(this, void 0, void 0, function* () {
-        var _a;
-        const msDIDEndpoint = yield getEntraDIDEndpoint(authenticationArgs);
-        // Check that the Credential Manifest URL is in the same tenant Region and throw an error if it's not
-        if (!((_a = authenticationArgs.credentialManifestUrl) === null || _a === void 0 ? void 0 : _a.startsWith(msDIDEndpoint))) {
-            throw new Error(ERROR_CREDENTIAL_MANIFEST_REGION + msDIDEndpoint + `. value: ${authenticationArgs.credentialManifestUrl}`);
-        }
-        return msDIDEndpoint;
-    });
-}
-/**
- * necessary fields are:
- *   azClientId: clientId of the application you're trying to login
- *   azClientSecret: secret of the application you're trying to login
- *   azTenantId: your MS Azure tenantId
- * optional fields:
- *   credentialManifest: address of your credential manifest. usually in following format:
- *    https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema>
- * @param authenticationArgs
- * @constructor
- */
-function getMSClientCredentialAccessToken(authenticationArgs, opts) {
-    return __awaiter(this, void 0, void 0, function* () {
-        var _a, _b, _c;
-        const confidentialClient = (_a = opts === null || opts === void 0 ? void 0 : opts.confidentialClient) !== null && _a !== void 0 ? _a : (yield newMSClientCredentialAuthenticator(authenticationArgs).then((cca) => cca.confidentialClient));
-        if (!confidentialClient) {
-            throw Error('No Credential Client Authenticator could be constructed');
-        }
-        if (authenticationArgs === null || authenticationArgs === void 0 ? void 0 : authenticationArgs.credentialManifestUrl) {
-            yield assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs);
-        }
-        const msalClientCredentialRequest = {
-            scopes: (_b = authenticationArgs.scopes) !== null && _b !== void 0 ? _b : ((authenticationArgs === null || authenticationArgs === void 0 ? void 0 : authenticationArgs.credentialManifestUrl) ? [MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE] : []),
-            skipCache: (_c = authenticationArgs.skipCache) !== null && _c !== void 0 ? _c : false,
-        };
-        // get the Access Token
-        try {
-            const result = yield confidentialClient.acquireTokenByClientCredential(msalClientCredentialRequest);
-            if (result) {
-                return result;
-            }
-        }
-        catch (err) {
-            throw {
-                error: ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT + err,
-            };
-        }
-        throw {
-            error: ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT,
-        };
-    });
-}
-function newMSClientCredentialAuthenticator(authenticationArgs) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const didEndpoint = (authenticationArgs === null || authenticationArgs === void 0 ? void 0 : authenticationArgs.credentialManifestUrl)
-            ? yield assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs)
-            : undefined;
-        const auth = authOptions(authenticationArgs);
-        const id = (0, object_hash_1.default)(auth);
-        const msalConfig = {
-            auth,
-            system: {
-                loggerOptions: {
-                    piiLoggingEnabled: authenticationArgs.piiLoggingEnabled ? authenticationArgs.piiLoggingEnabled : false,
-                    logLevel: authenticationArgs.logLevel ? authenticationArgs.logLevel : msal_node_1.LogLevel.Verbose,
-                },
-            },
-        };
-        const confidentialClientApp = new msal_node_1.ConfidentialClientApplication(msalConfig);
-        return { confidentialClient: confidentialClientApp, msalConfig, authenticationArgs, didEndpoint, id };
-    });
-}
-/**
- * Logs in with provided authenticationArgs and returns access token
- * @param authenticationArgs
- * @constructor
- */
-function UsernamePasswordAuthenticator(authenticationArgs) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const msalConfig = {
-            auth: authOptions(authenticationArgs),
-        };
-        const pca = new msal_node_1.PublicClientApplication(msalConfig);
-        return yield pca
-            .acquireTokenByUsernamePassword(authenticationArgs)
-            .then((response) => {
-            return response;
-        })
-            .catch((error) => {
-            throw new Error(ERROR_FAILED_AUTHENTICATION + error);
-        });
-    });
-}
-function authOptions(authenticationArgs) {
-    return Object.assign({ clientId: authenticationArgs.azClientId, authority: authenticationArgs.authority ? authenticationArgs.authority : MS_LOGIN_PREFIX + authenticationArgs.azTenantId }, (authenticationArgs && 'azClientSecret' in authenticationArgs && { clientSecret: authenticationArgs.azClientSecret }));
-}
-function determineMSAuthId(authenticationArgs) {
-    return (0, object_hash_1.default)(authOptions(authenticationArgs));
-}
-//# sourceMappingURL=MsAuthenticator.js.map

package/dist/authenticators/MsAuthenticator.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"MsAuthenticator.js","sourceRoot":"","sources":["../../src/authenticators/MsAuthenticator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AA+BA,0DAMC;AAED,kDAGC;AAED,0GAOC;AAaD,4EAkCC;AAED,gFAoBC;AAOD,sEAaC;AAUD,8CAEC;AAxJD,gDAQyB;AACzB,6CAAmC;AAGnC,8DAA8B;AAE9B,MAAM,EAAE,GAAG,IAAI,CAAA;AAEf,MAAM,eAAe,GAAG,KAAK,CAAA;AAE7B,6FAA6F;AAC7F,iLAAiL;AACpK,QAAA,sBAAsB,GAAG,uCAAuC,CAAA;AAChE,QAAA,kBAAkB,GAAG,0CAA0C,CAAA;AAC5E,MAAM,eAAe,GAAG,oCAAoC,CAAA;AAC5D,MAAM,8BAA8B,GAAG,wCAAwC,CAAA;AAC/E,MAAM,kCAAkC,GAAG,+CAA+C,CAAA;AAE1F,MAAM,gCAAgC,GAAG,qGAAqG,CAAA;AAC9I,MAAM,qCAAqC,GAAG,2EAA2E,CAAA;AACzH,MAAM,2BAA2B,GAAG,0BAA0B,CAAA;AAE9D,wNAAwN;AACxN,SAAsB,uBAAuB,CAAC,UAAkB;;QAC9D,OAAO,IAAA,mBAAK,EAAC,eAAe,GAAG,UAAU,GAAG,8BAA8B,EAAE,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;aACrG,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;aACzB,IAAI,CAAC,CAAO,IAAI,EAAE,EAAE;;YACnB,OAAO,MAAA,IAAI,CAAC,mBAAmB,mCAAI,EAAE,CAAA;QACvC,CAAC,CAAA,CAAC,CAAA;IACN,CAAC;CAAA;AAED,SAAsB,mBAAmB,CAAC,IAA6C;;;QACrF,MAAM,MAAM,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,MAAM,mCAAI,CAAC,MAAM,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAA;QAC/E,OAAO,MAAM,KAAK,EAAE,CAAC,CAAC,CAAC,0BAAkB,CAAC,CAAC,CAAC,8BAAsB,CAAA;IACpE,CAAC;CAAA;AAED,SAAsB,+CAA+C,CAAC,kBAAyD;;;QAC7H,MAAM,aAAa,GAAG,MAAM,mBAAmB,CAAC,kBAAkB,CAAC,CAAA;QACnE,qGAAqG;QACrG,IAAI,CAAC,CAAA,MAAA,kBAAkB,CAAC,qBAAqB,0CAAE,UAAU,CAAC,aAAa,CAAC,CAAA,EAAE,CAAC;YACzE,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,aAAa,GAAG,YAAY,kBAAkB,CAAC,qBAAqB,EAAE,CAAC,CAAA;QAC5H,CAAC;QACD,OAAO,aAAa,CAAA;IACtB,CAAC;CAAA;AAED;;;;;;;;;;GAUG;AACH,SAAsB,gCAAgC,CACpD,kBAAyD,EACzD,IAEC;;;QAED,MAAM,kBAAkB,GACtB,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,kBAAkB,mCAAI,CAAC,MAAM,kCAAkC,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAA;QAClI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACxB,MAAM,KAAK,CAAC,yDAAyD,CAAC,CAAA;QACxE,CAAC;QACD,IAAI,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,qBAAqB,EAAE,CAAC;YAC9C,MAAM,+CAA+C,CAAC,kBAAkB,CAAC,CAAA;QAC3E,CAAC;QAED,MAAM,2BAA2B,GAAG;YAClC,MAAM,EAAE,MAAA,kBAAkB,CAAC,MAAM,mCAAI,CAAC,CAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,qBAAqB,EAAC,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5H,SAAS,EAAE,MAAA,kBAAkB,CAAC,SAAS,mCAAI,KAAK;SACjD,CAAA;QAED,uBAAuB;QACvB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,8BAA8B,CAAC,2BAA2B,CAAC,CAAA;YACnG,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,MAAM,CAAA;YACf,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM;gBACJ,KAAK,EAAE,qCAAqC,GAAG,GAAG;aACnD,CAAA;QACH,CAAC;QACD,MAAM;YACJ,KAAK,EAAE,qCAAqC;SAC7C,CAAA;IACH,CAAC;CAAA;AAED,SAAsB,kCAAkC,CACtD,kBAAyD;;QAEzD,MAAM,WAAW,GAAG,CAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,qBAAqB;YAC3D,CAAC,CAAC,MAAM,+CAA+C,CAAC,kBAAkB,CAAC;YAC3E,CAAC,CAAC,SAAS,CAAA;QACb,MAAM,IAAI,GAAG,WAAW,CAAC,kBAAkB,CAAC,CAAA;QAC5C,MAAM,EAAE,GAAG,IAAA,qBAAI,EAAC,IAAI,CAAC,CAAA;QACrB,MAAM,UAAU,GAAkB;YAChC,IAAI;YACJ,MAAM,EAAE;gBACN,aAAa,EAAE;oBACb,iBAAiB,EAAE,kBAAkB,CAAC,iBAAiB,CAAC,CAAC,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,CAAC,CAAC,KAAK;oBACtG,QAAQ,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,oBAAQ,CAAC,OAAO;iBACvF;aACF;SACF,CAAA;QACD,MAAM,qBAAqB,GAAG,IAAI,yCAA6B,CAAC,UAAU,CAAC,CAAA;QAE3E,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,UAAU,EAAE,kBAAkB,EAAE,WAAW,EAAE,EAAE,EAAE,CAAA;IACvG,CAAC;CAAA;AAED;;;;GAIG;AACH,SAAsB,6BAA6B,CAAC,kBAAyD;;QAC3G,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE,WAAW,CAAC,kBAAkB,CAAC;SACtC,CAAA;QACD,MAAM,GAAG,GAAG,IAAI,mCAAuB,CAAC,UAAU,CAAC,CAAA;QACnD,OAAO,MAAM,GAAG;aACb,8BAA8B,CAAC,kBAA6C,CAAC;aAC7E,IAAI,CAAC,CAAC,QAAa,EAAE,EAAE;YACtB,OAAO,QAAQ,CAAA;QACjB,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,KAAU,EAAE,EAAE;YACpB,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,KAAK,CAAC,CAAA;QACtD,CAAC,CAAC,CAAA;IACN,CAAC;CAAA;AAED,SAAS,WAAW,CAAC,kBAAiG;IACpH,uBACE,QAAQ,EAAE,kBAAkB,CAAC,UAAU,EACvC,SAAS,EAAE,kBAAkB,CAAC,SAAS,CAAC,CAAC,CAAC,kBAAkB,CAAC,SAAS,CAAC,CAAC,CAAC,eAAe,GAAG,kBAAkB,CAAC,UAAU,IACrH,CAAC,kBAAkB,IAAI,gBAAgB,IAAI,kBAAkB,IAAI,EAAE,YAAY,EAAE,kBAAkB,CAAC,cAAc,EAAE,CAAC,EACzH;AACH,CAAC;AAED,SAAgB,iBAAiB,CAAC,kBAAiG;IACjI,OAAO,IAAA,qBAAI,EAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC,CAAA;AAC9C,CAAC"}

package/dist/authenticators/index.d.ts

@@ -1,2 +0,0 @@
-export * from './MsAuthenticator';
-//# sourceMappingURL=index.d.ts.map

package/dist/authenticators/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/authenticators/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAA"}

package/dist/authenticators/index.js

@@ -1,18 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./MsAuthenticator"), exports);
-//# sourceMappingURL=index.js.map

package/dist/authenticators/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/authenticators/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAiC"}

package/dist/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAA;AAChC,cAAc,SAAS,CAAA"}

package/dist/types/IMsAuthenticator.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"IMsAuthenticator.d.ts","sourceRoot":"","sources":["../../src/types/IMsAuthenticator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAA;AACzF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,WAAW,qCAAqC;IACpD,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,cAAc,EAAE,MAAM,CAAA;IACtB,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;IACjB,SAAS,CAAC,EAAE,OAAO,CAAA;IACnB,iBAAiB,CAAC,EAAE,OAAO,CAAA;IAC3B,QAAQ,CAAC,EAAE,QAAQ,CAAA;CACpB;AAED;;;;;;;;;GASG;AACH,MAAM,WAAW,qCAAqC;IACpD,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,2BAA2B;IAC1C,EAAE,EAAE,MAAM,CAAA;IACV,kBAAkB,EAAE,6BAA6B,CAAA;IACjD,UAAU,EAAE,aAAa,CAAA;IACzB,kBAAkB,EAAE,qCAAqC,CAAA;IACzD,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB"}

package/dist/types/IMsAuthenticator.js

@@ -1,3 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=IMsAuthenticator.js.map

package/dist/types/IMsAuthenticator.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"IMsAuthenticator.js","sourceRoot":"","sources":["../../src/types/IMsAuthenticator.ts"],"names":[],"mappings":""}

package/dist/types/index.d.ts

@@ -1,2 +0,0 @@
-export * from './IMsAuthenticator';
-//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAA"}

package/dist/types/index.js

@@ -1,18 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./IMsAuthenticator"), exports);
-//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qDAAkC"}