@typespec/ts-http-runtime 0.1.0-alpha.20250325.2 → 0.2.0-alpha.20250326.3

package/dist/esm/accessTokenCache.d.ts

@@ -1,40 +0,0 @@
-import type { AccessToken } from "./auth/tokenCredential.js";
-/**
- * Defines the default token refresh buffer duration.
- */
-export declare const DefaultTokenRefreshBufferMs: number;
-/**
- * Provides a cache for an AccessToken that was that
- * was returned from a TokenCredential.
- */
-export interface AccessTokenCache {
-    /**
-     * Sets the cached token.
-     *
-     * @param accessToken - The AccessToken to be cached or null to
-     *   clear the cached token.
-     */
-    setCachedToken(accessToken: AccessToken | undefined): void;
-    /**
-     * Returns the cached AccessToken or undefined if nothing is cached.
-     */
-    getCachedToken(): AccessToken | undefined;
-}
-/**
- * Provides an AccessTokenCache implementation which clears
- * the cached AccessToken's after the expiresOnTimestamp has
- * passed.
- * @internal
- */
-export declare class ExpiringAccessTokenCache implements AccessTokenCache {
-    private tokenRefreshBufferMs;
-    private cachedToken?;
-    /**
-     * Constructs an instance of ExpiringAccessTokenCache with
-     * an optional expiration buffer time.
-     */
-    constructor(tokenRefreshBufferMs?: number);
-    setCachedToken(accessToken: AccessToken | undefined): void;
-    getCachedToken(): AccessToken | undefined;
-}
-//# sourceMappingURL=accessTokenCache.d.ts.map

package/dist/esm/accessTokenCache.js

@@ -1,32 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-/**
- * Defines the default token refresh buffer duration.
- */
-export const DefaultTokenRefreshBufferMs = 2 * 60 * 1000; // 2 Minutes
-/**
- * Provides an AccessTokenCache implementation which clears
- * the cached AccessToken's after the expiresOnTimestamp has
- * passed.
- * @internal
- */
-export class ExpiringAccessTokenCache {
-    /**
-     * Constructs an instance of ExpiringAccessTokenCache with
-     * an optional expiration buffer time.
-     */
-    constructor(tokenRefreshBufferMs = DefaultTokenRefreshBufferMs) {
-        this.tokenRefreshBufferMs = tokenRefreshBufferMs;
-    }
-    setCachedToken(accessToken) {
-        this.cachedToken = accessToken;
-    }
-    getCachedToken() {
-        if (this.cachedToken &&
-            Date.now() + this.tokenRefreshBufferMs >= this.cachedToken.expiresOnTimestamp) {
-            this.cachedToken = undefined;
-        }
-        return this.cachedToken;
-    }
-}
-//# sourceMappingURL=accessTokenCache.js.map

package/dist/esm/accessTokenCache.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"accessTokenCache.js","sourceRoot":"","sources":["../../src/accessTokenCache.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC;;GAEG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;AAqBtE;;;;;GAKG;AACH,MAAM,OAAO,wBAAwB;IAInC;;;OAGG;IACH,YAAY,uBAA+B,2BAA2B;QACpE,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;IACnD,CAAC;IAED,cAAc,CAAC,WAAoC;QACjD,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED,cAAc;QACZ,IACE,IAAI,CAAC,WAAW;YAChB,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,oBAAoB,IAAI,IAAI,CAAC,WAAW,CAAC,kBAAkB,EAC7E,CAAC;YACD,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC/B,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken } from \"./auth/tokenCredential.js\";\n\n/**\n * Defines the default token refresh buffer duration.\n */\nexport const DefaultTokenRefreshBufferMs = 2 * 60 * 1000; // 2 Minutes\n\n/**\n * Provides a cache for an AccessToken that was that\n * was returned from a TokenCredential.\n */\nexport interface AccessTokenCache {\n  /**\n   * Sets the cached token.\n   *\n   * @param accessToken - The AccessToken to be cached or null to\n   *   clear the cached token.\n   */\n  setCachedToken(accessToken: AccessToken | undefined): void;\n\n  /**\n   * Returns the cached AccessToken or undefined if nothing is cached.\n   */\n  getCachedToken(): AccessToken | undefined;\n}\n\n/**\n * Provides an AccessTokenCache implementation which clears\n * the cached AccessToken's after the expiresOnTimestamp has\n * passed.\n * @internal\n */\nexport class ExpiringAccessTokenCache implements AccessTokenCache {\n  private tokenRefreshBufferMs: number;\n  private cachedToken?: AccessToken;\n\n  /**\n   * Constructs an instance of ExpiringAccessTokenCache with\n   * an optional expiration buffer time.\n   */\n  constructor(tokenRefreshBufferMs: number = DefaultTokenRefreshBufferMs) {\n    this.tokenRefreshBufferMs = tokenRefreshBufferMs;\n  }\n\n  setCachedToken(accessToken: AccessToken | undefined): void {\n    this.cachedToken = accessToken;\n  }\n\n  getCachedToken(): AccessToken | undefined {\n    if (\n      this.cachedToken &&\n      Date.now() + this.tokenRefreshBufferMs >= this.cachedToken.expiresOnTimestamp\n    ) {\n      this.cachedToken = undefined;\n    }\n\n    return this.cachedToken;\n  }\n}\n"]}

package/dist/esm/auth/keyCredential.d.ts

@@ -1,16 +0,0 @@
-/**
- * Represents a credential defined by a static API key.
- */
-export interface KeyCredential {
-    /**
-     * The value of the API key represented as a string
-     */
-    readonly key: string;
-}
-/**
- * Tests an object to determine whether it implements KeyCredential.
- *
- * @param credential - The assumed KeyCredential to be tested.
- */
-export declare function isKeyCredential(credential: unknown): credential is KeyCredential;
-//# sourceMappingURL=keyCredential.d.ts.map

package/dist/esm/auth/keyCredential.js

@@ -1,12 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-import { isObjectWithProperties } from "../util/typeGuards.js";
-/**
- * Tests an object to determine whether it implements KeyCredential.
- *
- * @param credential - The assumed KeyCredential to be tested.
- */
-export function isKeyCredential(credential) {
-    return isObjectWithProperties(credential, ["key"]) && typeof credential.key === "string";
-}
-//# sourceMappingURL=keyCredential.js.map

package/dist/esm/auth/keyCredential.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"keyCredential.js","sourceRoot":"","sources":["../../../src/auth/keyCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAY/D;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,UAAmB;IACjD,OAAO,sBAAsB,CAAC,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,OAAO,UAAU,CAAC,GAAG,KAAK,QAAQ,CAAC;AAC3F,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { isObjectWithProperties } from \"../util/typeGuards.js\";\n\n/**\n * Represents a credential defined by a static API key.\n */\nexport interface KeyCredential {\n  /**\n   * The value of the API key represented as a string\n   */\n  readonly key: string;\n}\n\n/**\n * Tests an object to determine whether it implements KeyCredential.\n *\n * @param credential - The assumed KeyCredential to be tested.\n */\nexport function isKeyCredential(credential: unknown): credential is KeyCredential {\n  return isObjectWithProperties(credential, [\"key\"]) && typeof credential.key === \"string\";\n}\n"]}

package/dist/esm/auth/tokenCredential.d.ts

@@ -1,71 +0,0 @@
-import type { AbortSignalLike } from "../abort-controller/AbortSignalLike.js";
-/**
- * Represents a credential capable of providing an authentication token.
- */
-export interface TokenCredential {
-    /**
-     * Gets the token provided by this credential.
-     *
-     * This method is called automatically by Azure SDK client libraries. You may call this method
-     * directly, but you must also handle token caching and token refreshing.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
-}
-/**
- * Defines options for TokenCredential.getToken.
- */
-export interface GetTokenOptions {
-    /**
-     * The signal which can be used to abort requests.
-     */
-    abortSignal?: AbortSignalLike;
-    /**
-     * Options used when creating and sending HTTP requests for this operation.
-     */
-    requestOptions?: {
-        /**
-         * The number of milliseconds a request can take before automatically being terminated.
-         */
-        timeout?: number;
-    };
-    /**
-     * Claim details to perform the Continuous Access Evaluation authentication flow
-     */
-    claims?: string;
-    /**
-     * Indicates whether to enable the Continuous Access Evaluation authentication flow
-     */
-    enableCae?: boolean;
-    /**
-     * Allows specifying a tenantId. Useful to handle challenges that provide tenant Id hints.
-     */
-    tenantId?: string;
-}
-/**
- * Represents an access token with an expiration time.
- */
-export interface AccessToken {
-    /**
-     * The access token returned by the authentication service.
-     */
-    token: string;
-    /**
-     * The access token's expiration timestamp in milliseconds, UNIX epoch time.
-     */
-    expiresOnTimestamp: number;
-    /**
-     * The timestamp when the access token should be refreshed, in milliseconds, UNIX epoch time.
-     */
-    refreshAfterTimestamp?: number;
-}
-/**
- * Tests an object to determine whether it implements TokenCredential.
- *
- * @param credential - The assumed TokenCredential to be tested.
- */
-export declare function isTokenCredential(credential: unknown): credential is TokenCredential;
-//# sourceMappingURL=tokenCredential.d.ts.map

package/dist/esm/auth/tokenCredential.js

@@ -1,19 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-/**
- * Tests an object to determine whether it implements TokenCredential.
- *
- * @param credential - The assumed TokenCredential to be tested.
- */
-export function isTokenCredential(credential) {
-    // Check for an object with a 'getToken' function and possibly with
-    // a 'signRequest' function.  We do this check to make sure that
-    // a ServiceClientCredentials implementor (like TokenClientCredentials
-    // in ms-rest-nodeauth) doesn't get mistaken for a TokenCredential if
-    // it doesn't actually implement TokenCredential also.
-    const castCredential = credential;
-    return (castCredential &&
-        typeof castCredential.getToken === "function" &&
-        (castCredential.signRequest === undefined || castCredential.getToken.length > 0));
-}
-//# sourceMappingURL=tokenCredential.js.map

package/dist/esm/auth/tokenCredential.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"tokenCredential.js","sourceRoot":"","sources":["../../../src/auth/tokenCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AA0ElC;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAmB;IACnD,mEAAmE;IACnE,gEAAgE;IAChE,sEAAsE;IACtE,qEAAqE;IACrE,sDAAsD;IACtD,MAAM,cAAc,GAAG,UAGtB,CAAC;IACF,OAAO,CACL,cAAc;QACd,OAAO,cAAc,CAAC,QAAQ,KAAK,UAAU;QAC7C,CAAC,cAAc,CAAC,WAAW,KAAK,SAAS,IAAI,cAAc,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CACjF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AbortSignalLike } from \"../abort-controller/AbortSignalLike.js\";\n\n/**\n * Represents a credential capable of providing an authentication token.\n */\nexport interface TokenCredential {\n  /**\n   * Gets the token provided by this credential.\n   *\n   * This method is called automatically by Azure SDK client libraries. You may call this method\n   * directly, but you must also handle token caching and token refreshing.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;\n}\n\n/**\n * Defines options for TokenCredential.getToken.\n */\nexport interface GetTokenOptions {\n  /**\n   * The signal which can be used to abort requests.\n   */\n  abortSignal?: AbortSignalLike;\n  /**\n   * Options used when creating and sending HTTP requests for this operation.\n   */\n  requestOptions?: {\n    /**\n     * The number of milliseconds a request can take before automatically being terminated.\n     */\n    timeout?: number;\n  };\n  /**\n   * Claim details to perform the Continuous Access Evaluation authentication flow\n   */\n  claims?: string;\n  /**\n   * Indicates whether to enable the Continuous Access Evaluation authentication flow\n   */\n  enableCae?: boolean;\n  /**\n   * Allows specifying a tenantId. Useful to handle challenges that provide tenant Id hints.\n   */\n  tenantId?: string;\n}\n\n/**\n * Represents an access token with an expiration time.\n */\nexport interface AccessToken {\n  /**\n   * The access token returned by the authentication service.\n   */\n  token: string;\n\n  /**\n   * The access token's expiration timestamp in milliseconds, UNIX epoch time.\n   */\n  expiresOnTimestamp: number;\n\n  /**\n   * The timestamp when the access token should be refreshed, in milliseconds, UNIX epoch time.\n   */\n  refreshAfterTimestamp?: number;\n\n  // UNBRANDED DIFFERENCE: Unbranded Core does not support PoP (\"Proof-of-Presence\") tokens.\n}\n\n/**\n * Tests an object to determine whether it implements TokenCredential.\n *\n * @param credential - The assumed TokenCredential to be tested.\n */\nexport function isTokenCredential(credential: unknown): credential is TokenCredential {\n  // Check for an object with a 'getToken' function and possibly with\n  // a 'signRequest' function.  We do this check to make sure that\n  // a ServiceClientCredentials implementor (like TokenClientCredentials\n  // in ms-rest-nodeauth) doesn't get mistaken for a TokenCredential if\n  // it doesn't actually implement TokenCredential also.\n  const castCredential = credential as {\n    getToken: unknown;\n    signRequest: unknown;\n  };\n  return (\n    castCredential &&\n    typeof castCredential.getToken === \"function\" &&\n    (castCredential.signRequest === undefined || castCredential.getToken.length > 0)\n  );\n}\n"]}

package/dist/esm/client/keyCredentialAuthenticationPolicy.d.ts

@@ -1,8 +0,0 @@
-import type { KeyCredential } from "../auth/keyCredential.js";
-import type { PipelinePolicy } from "../pipeline.js";
-/**
- * The programmatic identifier of the bearerTokenAuthenticationPolicy.
- */
-export declare const keyCredentialAuthenticationPolicyName = "keyCredentialAuthenticationPolicy";
-export declare function keyCredentialAuthenticationPolicy(credential: KeyCredential, apiKeyHeaderName: string): PipelinePolicy;
-//# sourceMappingURL=keyCredentialAuthenticationPolicy.d.ts.map

package/dist/esm/client/keyCredentialAuthenticationPolicy.js

@@ -1,16 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-/**
- * The programmatic identifier of the bearerTokenAuthenticationPolicy.
- */
-export const keyCredentialAuthenticationPolicyName = "keyCredentialAuthenticationPolicy";
-export function keyCredentialAuthenticationPolicy(credential, apiKeyHeaderName) {
-    return {
-        name: keyCredentialAuthenticationPolicyName,
-        async sendRequest(request, next) {
-            request.headers.set(apiKeyHeaderName, credential.key);
-            return next(request);
-        },
-    };
-}
-//# sourceMappingURL=keyCredentialAuthenticationPolicy.js.map

package/dist/esm/client/keyCredentialAuthenticationPolicy.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"keyCredentialAuthenticationPolicy.js","sourceRoot":"","sources":["../../../src/client/keyCredentialAuthenticationPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAMlC;;GAEG;AACH,MAAM,CAAC,MAAM,qCAAqC,GAAG,mCAAmC,CAAC;AAEzF,MAAM,UAAU,iCAAiC,CAC/C,UAAyB,EACzB,gBAAwB;IAExB,OAAO;QACL,IAAI,EAAE,qCAAqC;QAC3C,KAAK,CAAC,WAAW,CAAC,OAAwB,EAAE,IAAiB;YAC3D,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;KACF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { KeyCredential } from \"../auth/keyCredential.js\";\nimport type { PipelineRequest, PipelineResponse, SendRequest } from \"../interfaces.js\";\nimport type { PipelinePolicy } from \"../pipeline.js\";\n\n/**\n * The programmatic identifier of the bearerTokenAuthenticationPolicy.\n */\nexport const keyCredentialAuthenticationPolicyName = \"keyCredentialAuthenticationPolicy\";\n\nexport function keyCredentialAuthenticationPolicy(\n  credential: KeyCredential,\n  apiKeyHeaderName: string,\n): PipelinePolicy {\n  return {\n    name: keyCredentialAuthenticationPolicyName,\n    async sendRequest(request: PipelineRequest, next: SendRequest): Promise<PipelineResponse> {\n      request.headers.set(apiKeyHeaderName, credential.key);\n      return next(request);\n    },\n  };\n}\n"]}

package/dist/esm/policies/bearerTokenAuthenticationPolicy.d.ts

@@ -1,99 +0,0 @@
-import type { AccessToken, GetTokenOptions, TokenCredential } from "../auth/tokenCredential.js";
-import type { TypeSpecRuntimeLogger } from "../logger/logger.js";
-import type { PipelineRequest, PipelineResponse } from "../interfaces.js";
-import type { PipelinePolicy } from "../pipeline.js";
-/**
- * The programmatic identifier of the bearerTokenAuthenticationPolicy.
- */
-export declare const bearerTokenAuthenticationPolicyName = "bearerTokenAuthenticationPolicy";
-/**
- * Options sent to the authorizeRequest callback
- */
-export interface AuthorizeRequestOptions {
-    /**
-     * The scopes for which the bearer token applies.
-     */
-    scopes: string[];
-    /**
-     * Function that retrieves either a cached access token or a new access token.
-     */
-    getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;
-    /**
-     * Request that the policy is trying to fulfill.
-     */
-    request: PipelineRequest;
-    /**
-     * A logger, if one was sent through the HTTP pipeline.
-     */
-    logger?: TypeSpecRuntimeLogger;
-}
-/**
- * Options sent to the authorizeRequestOnChallenge callback
- */
-export interface AuthorizeRequestOnChallengeOptions {
-    /**
-     * The scopes for which the bearer token applies.
-     */
-    scopes: string[];
-    /**
-     * Function that retrieves either a cached access token or a new access token.
-     */
-    getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;
-    /**
-     * Request that the policy is trying to fulfill.
-     */
-    request: PipelineRequest;
-    /**
-     * Response containing the challenge.
-     */
-    response: PipelineResponse;
-    /**
-     * A logger, if one was sent through the HTTP pipeline.
-     */
-    logger?: TypeSpecRuntimeLogger;
-}
-/**
- * Options to override the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
- */
-export interface ChallengeCallbacks {
-    /**
-     * Allows for the authorization of the main request of this policy before it's sent.
-     */
-    authorizeRequest?(options: AuthorizeRequestOptions): Promise<void>;
-    /**
-     * Allows to handle authentication challenges and to re-authorize the request.
-     * The response containing the challenge is `options.response`.
-     * If this method returns true, the underlying request will be sent once again.
-     * The request may be modified before being sent.
-     */
-    authorizeRequestOnChallenge?(options: AuthorizeRequestOnChallengeOptions): Promise<boolean>;
-}
-/**
- * Options to configure the bearerTokenAuthenticationPolicy
- */
-export interface BearerTokenAuthenticationPolicyOptions {
-    /**
-     * The TokenCredential implementation that can supply the bearer token.
-     */
-    credential?: TokenCredential;
-    /**
-     * The scopes for which the bearer token applies.
-     */
-    scopes: string | string[];
-    /**
-     * Allows for the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
-     * If provided, it must contain at least the `authorizeRequestOnChallenge` method.
-     * If provided, after a request is sent, if it has a challenge, it can be processed to re-send the original request with the relevant challenge information.
-     */
-    challengeCallbacks?: ChallengeCallbacks;
-    /**
-     * A logger can be sent for debugging purposes.
-     */
-    logger?: TypeSpecRuntimeLogger;
-}
-/**
- * A policy that can request a token from a TokenCredential implementation and
- * then apply it to the Authorization header of a request as a Bearer token.
- */
-export declare function bearerTokenAuthenticationPolicy(options: BearerTokenAuthenticationPolicyOptions): PipelinePolicy;
-//# sourceMappingURL=bearerTokenAuthenticationPolicy.d.ts.map

package/dist/esm/policies/bearerTokenAuthenticationPolicy.js

@@ -1,107 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-import { createTokenCycler } from "../util/tokenCycler.js";
-import { logger as coreLogger } from "../log.js";
-/**
- * The programmatic identifier of the bearerTokenAuthenticationPolicy.
- */
-export const bearerTokenAuthenticationPolicyName = "bearerTokenAuthenticationPolicy";
-/**
- * Default authorize request handler
- */
-async function defaultAuthorizeRequest(options) {
-    const { scopes, getAccessToken, request } = options;
-    const getTokenOptions = {
-        abortSignal: request.abortSignal,
-    };
-    const accessToken = await getAccessToken(scopes, getTokenOptions);
-    if (accessToken) {
-        options.request.headers.set("Authorization", `Bearer ${accessToken.token}`);
-    }
-}
-/**
- * We will retrieve the challenge only if the response status code was 401,
- * and if the response contained the header "WWW-Authenticate" with a non-empty value.
- */
-function getChallenge(response) {
-    const challenge = response.headers.get("WWW-Authenticate");
-    if (response.status === 401 && challenge) {
-        return challenge;
-    }
-    return;
-}
-/**
- * A policy that can request a token from a TokenCredential implementation and
- * then apply it to the Authorization header of a request as a Bearer token.
- */
-export function bearerTokenAuthenticationPolicy(options) {
-    var _a;
-    const { credential, scopes, challengeCallbacks } = options;
-    const logger = options.logger || coreLogger;
-    const callbacks = Object.assign({ authorizeRequest: (_a = challengeCallbacks === null || challengeCallbacks === void 0 ? void 0 : challengeCallbacks.authorizeRequest) !== null && _a !== void 0 ? _a : defaultAuthorizeRequest, authorizeRequestOnChallenge: challengeCallbacks === null || challengeCallbacks === void 0 ? void 0 : challengeCallbacks.authorizeRequestOnChallenge }, challengeCallbacks);
-    // This function encapsulates the entire process of reliably retrieving the token
-    // The options are left out of the public API until there's demand to configure this.
-    // Remember to extend `BearerTokenAuthenticationPolicyOptions` with `TokenCyclerOptions`
-    // in order to pass through the `options` object.
-    const getAccessToken = credential
-        ? createTokenCycler(credential /* , options */)
-        : () => Promise.resolve(null);
-    return {
-        name: bearerTokenAuthenticationPolicyName,
-        /**
-         * If there's no challenge parameter:
-         * - It will try to retrieve the token using the cache, or the credential's getToken.
-         * - Then it will try the next policy with or without the retrieved token.
-         *
-         * It uses the challenge parameters to:
-         * - Skip a first attempt to get the token from the credential if there's no cached token,
-         *   since it expects the token to be retrievable only after the challenge.
-         * - Prepare the outgoing request if the `prepareRequest` method has been provided.
-         * - Send an initial request to receive the challenge if it fails.
-         * - Process a challenge if the response contains it.
-         * - Retrieve a token with the challenge information, then re-send the request.
-         */
-        async sendRequest(request, next) {
-            if (!request.url.toLowerCase().startsWith("https://")) {
-                throw new Error("Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.");
-            }
-            await callbacks.authorizeRequest({
-                scopes: Array.isArray(scopes) ? scopes : [scopes],
-                request,
-                getAccessToken,
-                logger,
-            });
-            let response;
-            let error;
-            try {
-                response = await next(request);
-            }
-            catch (err) {
-                error = err;
-                response = err.response;
-            }
-            if (callbacks.authorizeRequestOnChallenge &&
-                (response === null || response === void 0 ? void 0 : response.status) === 401 &&
-                getChallenge(response)) {
-                // processes challenge
-                const shouldSendRequest = await callbacks.authorizeRequestOnChallenge({
-                    scopes: Array.isArray(scopes) ? scopes : [scopes],
-                    request,
-                    response,
-                    getAccessToken,
-                    logger,
-                });
-                if (shouldSendRequest) {
-                    return next(request);
-                }
-            }
-            if (error) {
-                throw error;
-            }
-            else {
-                return response;
-            }
-        },
-    };
-}
-//# sourceMappingURL=bearerTokenAuthenticationPolicy.js.map

package/dist/esm/policies/bearerTokenAuthenticationPolicy.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"bearerTokenAuthenticationPolicy.js","sourceRoot":"","sources":["../../../src/policies/bearerTokenAuthenticationPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAMlC,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,WAAW,CAAC;AAEjD;;GAEG;AACH,MAAM,CAAC,MAAM,mCAAmC,GAAG,iCAAiC,CAAC;AA2FrF;;GAEG;AACH,KAAK,UAAU,uBAAuB,CAAC,OAAgC;IACrE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IACpD,MAAM,eAAe,GAAoB;QACvC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;IACF,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAElE,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,YAAY,CAAC,QAA0B;IAC9C,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IAC3D,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,SAAS,EAAE,CAAC;QACzC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO;AACT,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAC7C,OAA+C;;IAE/C,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC;IAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,UAAU,CAAC;IAC5C,MAAM,SAAS,mBACb,gBAAgB,EAAE,MAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,gBAAgB,mCAAI,uBAAuB,EACjF,2BAA2B,EAAE,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,2BAA2B,IAEzE,kBAAkB,CACtB,CAAC;IAEF,iFAAiF;IACjF,qFAAqF;IACrF,wFAAwF;IACxF,iDAAiD;IACjD,MAAM,cAAc,GAAG,UAAU;QAC/B,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,eAAe,CAAC;QAC/C,CAAC,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC,OAAO;QACL,IAAI,EAAE,mCAAmC;QACzC;;;;;;;;;;;;WAYG;QACH,KAAK,CAAC,WAAW,CAAC,OAAwB,EAAE,IAAiB;YAC3D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAC;YACJ,CAAC;YAED,MAAM,SAAS,CAAC,gBAAgB,CAAC;gBAC/B,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBACjD,OAAO;gBACP,cAAc;gBACd,MAAM;aACP,CAAC,CAAC;YAEH,IAAI,QAA0B,CAAC;YAC/B,IAAI,KAAwB,CAAC;YAC7B,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC;YACjC,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,KAAK,GAAG,GAAG,CAAC;gBACZ,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;YAC1B,CAAC;YAED,IACE,SAAS,CAAC,2BAA2B;gBACrC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,MAAK,GAAG;gBACxB,YAAY,CAAC,QAAQ,CAAC,EACtB,CAAC;gBACD,sBAAsB;gBACtB,MAAM,iBAAiB,GAAG,MAAM,SAAS,CAAC,2BAA2B,CAAC;oBACpE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;oBACjD,OAAO;oBACP,QAAQ;oBACR,cAAc;oBACd,MAAM;iBACP,CAAC,CAAC;gBAEH,IAAI,iBAAiB,EAAE,CAAC;oBACtB,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;gBACvB,CAAC;YACH,CAAC;YAED,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,KAAK,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"../auth/tokenCredential.js\";\nimport type { TypeSpecRuntimeLogger } from \"../logger/logger.js\";\nimport type { PipelineRequest, PipelineResponse, SendRequest } from \"../interfaces.js\";\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { createTokenCycler } from \"../util/tokenCycler.js\";\nimport { logger as coreLogger } from \"../log.js\";\n\n/**\n * The programmatic identifier of the bearerTokenAuthenticationPolicy.\n */\nexport const bearerTokenAuthenticationPolicyName = \"bearerTokenAuthenticationPolicy\";\n\n/**\n * Options sent to the authorizeRequest callback\n */\nexport interface AuthorizeRequestOptions {\n  /**\n   * The scopes for which the bearer token applies.\n   */\n  scopes: string[];\n  /**\n   * Function that retrieves either a cached access token or a new access token.\n   */\n  getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n  /**\n   * Request that the policy is trying to fulfill.\n   */\n  request: PipelineRequest;\n  /**\n   * A logger, if one was sent through the HTTP pipeline.\n   */\n  logger?: TypeSpecRuntimeLogger;\n}\n\n/**\n * Options sent to the authorizeRequestOnChallenge callback\n */\nexport interface AuthorizeRequestOnChallengeOptions {\n  /**\n   * The scopes for which the bearer token applies.\n   */\n  scopes: string[];\n  /**\n   * Function that retrieves either a cached access token or a new access token.\n   */\n  getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n  /**\n   * Request that the policy is trying to fulfill.\n   */\n  request: PipelineRequest;\n  /**\n   * Response containing the challenge.\n   */\n  response: PipelineResponse;\n  /**\n   * A logger, if one was sent through the HTTP pipeline.\n   */\n  logger?: TypeSpecRuntimeLogger;\n}\n\n/**\n * Options to override the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n */\nexport interface ChallengeCallbacks {\n  /**\n   * Allows for the authorization of the main request of this policy before it's sent.\n   */\n  authorizeRequest?(options: AuthorizeRequestOptions): Promise<void>;\n  /**\n   * Allows to handle authentication challenges and to re-authorize the request.\n   * The response containing the challenge is `options.response`.\n   * If this method returns true, the underlying request will be sent once again.\n   * The request may be modified before being sent.\n   */\n  authorizeRequestOnChallenge?(options: AuthorizeRequestOnChallengeOptions): Promise<boolean>;\n}\n\n/**\n * Options to configure the bearerTokenAuthenticationPolicy\n */\nexport interface BearerTokenAuthenticationPolicyOptions {\n  /**\n   * The TokenCredential implementation that can supply the bearer token.\n   */\n  credential?: TokenCredential;\n  /**\n   * The scopes for which the bearer token applies.\n   */\n  scopes: string | string[];\n  /**\n   * Allows for the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n   * If provided, it must contain at least the `authorizeRequestOnChallenge` method.\n   * If provided, after a request is sent, if it has a challenge, it can be processed to re-send the original request with the relevant challenge information.\n   */\n  challengeCallbacks?: ChallengeCallbacks;\n  /**\n   * A logger can be sent for debugging purposes.\n   */\n  logger?: TypeSpecRuntimeLogger;\n}\n\n/**\n * Default authorize request handler\n */\nasync function defaultAuthorizeRequest(options: AuthorizeRequestOptions): Promise<void> {\n  const { scopes, getAccessToken, request } = options;\n  const getTokenOptions: GetTokenOptions = {\n    abortSignal: request.abortSignal,\n  };\n  const accessToken = await getAccessToken(scopes, getTokenOptions);\n\n  if (accessToken) {\n    options.request.headers.set(\"Authorization\", `Bearer ${accessToken.token}`);\n  }\n}\n\n/**\n * We will retrieve the challenge only if the response status code was 401,\n * and if the response contained the header \"WWW-Authenticate\" with a non-empty value.\n */\nfunction getChallenge(response: PipelineResponse): string | undefined {\n  const challenge = response.headers.get(\"WWW-Authenticate\");\n  if (response.status === 401 && challenge) {\n    return challenge;\n  }\n  return;\n}\n\n/**\n * A policy that can request a token from a TokenCredential implementation and\n * then apply it to the Authorization header of a request as a Bearer token.\n */\nexport function bearerTokenAuthenticationPolicy(\n  options: BearerTokenAuthenticationPolicyOptions,\n): PipelinePolicy {\n  const { credential, scopes, challengeCallbacks } = options;\n  const logger = options.logger || coreLogger;\n  const callbacks = {\n    authorizeRequest: challengeCallbacks?.authorizeRequest ?? defaultAuthorizeRequest,\n    authorizeRequestOnChallenge: challengeCallbacks?.authorizeRequestOnChallenge,\n    // keep all other properties\n    ...challengeCallbacks,\n  };\n\n  // This function encapsulates the entire process of reliably retrieving the token\n  // The options are left out of the public API until there's demand to configure this.\n  // Remember to extend `BearerTokenAuthenticationPolicyOptions` with `TokenCyclerOptions`\n  // in order to pass through the `options` object.\n  const getAccessToken = credential\n    ? createTokenCycler(credential /* , options */)\n    : () => Promise.resolve(null);\n\n  return {\n    name: bearerTokenAuthenticationPolicyName,\n    /**\n     * If there's no challenge parameter:\n     * - It will try to retrieve the token using the cache, or the credential's getToken.\n     * - Then it will try the next policy with or without the retrieved token.\n     *\n     * It uses the challenge parameters to:\n     * - Skip a first attempt to get the token from the credential if there's no cached token,\n     *   since it expects the token to be retrievable only after the challenge.\n     * - Prepare the outgoing request if the `prepareRequest` method has been provided.\n     * - Send an initial request to receive the challenge if it fails.\n     * - Process a challenge if the response contains it.\n     * - Retrieve a token with the challenge information, then re-send the request.\n     */\n    async sendRequest(request: PipelineRequest, next: SendRequest): Promise<PipelineResponse> {\n      if (!request.url.toLowerCase().startsWith(\"https://\")) {\n        throw new Error(\n          \"Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.\",\n        );\n      }\n\n      await callbacks.authorizeRequest({\n        scopes: Array.isArray(scopes) ? scopes : [scopes],\n        request,\n        getAccessToken,\n        logger,\n      });\n\n      let response: PipelineResponse;\n      let error: Error | undefined;\n      try {\n        response = await next(request);\n      } catch (err: any) {\n        error = err;\n        response = err.response;\n      }\n\n      if (\n        callbacks.authorizeRequestOnChallenge &&\n        response?.status === 401 &&\n        getChallenge(response)\n      ) {\n        // processes challenge\n        const shouldSendRequest = await callbacks.authorizeRequestOnChallenge({\n          scopes: Array.isArray(scopes) ? scopes : [scopes],\n          request,\n          response,\n          getAccessToken,\n          logger,\n        });\n\n        if (shouldSendRequest) {\n          return next(request);\n        }\n      }\n\n      if (error) {\n        throw error;\n      } else {\n        return response;\n      }\n    },\n  };\n}\n"]}

package/dist/esm/util/tokenCycler.d.ts

@@ -1,45 +0,0 @@
-import type { AccessToken, GetTokenOptions, TokenCredential } from "../auth/tokenCredential.js";
-/**
- * A function that gets a promise of an access token and allows providing
- * options.
- *
- * @param options - the options to pass to the underlying token provider
- */
-export type AccessTokenGetter = (scopes: string | string[], options: GetTokenOptions) => Promise<AccessToken>;
-export interface TokenCyclerOptions {
-    /**
-     * The window of time before token expiration during which the token will be
-     * considered unusable due to risk of the token expiring before sending the
-     * request.
-     *
-     * This will only become meaningful if the refresh fails for over
-     * (refreshWindow - forcedRefreshWindow) milliseconds.
-     */
-    forcedRefreshWindowInMs: number;
-    /**
-     * Interval in milliseconds to retry failed token refreshes.
-     */
-    retryIntervalInMs: number;
-    /**
-     * The window of time before token expiration during which
-     * we will attempt to refresh the token.
-     */
-    refreshWindowInMs: number;
-}
-export declare const DEFAULT_CYCLER_OPTIONS: TokenCyclerOptions;
-/**
- * Creates a token cycler from a credential, scopes, and optional settings.
- *
- * A token cycler represents a way to reliably retrieve a valid access token
- * from a TokenCredential. It will handle initializing the token, refreshing it
- * when it nears expiration, and synchronizes refresh attempts to avoid
- * concurrency hazards.
- *
- * @param credential - the underlying TokenCredential that provides the access
- * token
- * @param tokenCyclerOptions - optionally override default settings for the cycler
- *
- * @returns - a function that reliably produces a valid access token
- */
-export declare function createTokenCycler(credential: TokenCredential, tokenCyclerOptions?: Partial<TokenCyclerOptions>): AccessTokenGetter;
-//# sourceMappingURL=tokenCycler.d.ts.map