reconstruct and build @anthropic-ai/claude-code source from source map

- Extract 4756 source files from cli.js.map (57MB)
- Set up Bun build system with bun:bundle feature flag shim
- Configure 90+ compile-time feature flags matching production defaults
- Inject MACRO constants (VERSION, BUILD_TIME, etc.)
- Create stubs for private packages (color-diff-napi, modifiers-napi, etc.)
- Install all public dependencies via pnpm
- Patch commander v14 to allow multi-char short flags (-d2e)
- Build output: dist/cli.js (22MB), verified working
This commit is contained in:
janlaywss
2026-03-31 19:19:50 +08:00
commit 6187147b74
37865 changed files with 5438634 additions and 0 deletions

View File

@@ -0,0 +1 @@
../../../@azure+abort-controller@2.1.2/node_modules/@azure/abort-controller

View File

@@ -0,0 +1 @@
../../../@azure+core-auth@1.10.1/node_modules/@azure/core-auth

View File

@@ -0,0 +1 @@
../../../@azure+core-client@1.10.1/node_modules/@azure/core-client

View File

@@ -0,0 +1 @@
../../../@azure+core-rest-pipeline@1.23.0/node_modules/@azure/core-rest-pipeline

View File

@@ -0,0 +1 @@
../../../@azure+core-tracing@1.3.1/node_modules/@azure/core-tracing

View File

@@ -0,0 +1 @@
../../../@azure+core-util@1.13.1/node_modules/@azure/core-util

View File

@@ -0,0 +1,21 @@
Copyright (c) Microsoft Corporation.
MIT License
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

View File

@@ -0,0 +1,378 @@
# Azure Identity client library for JavaScript
The Azure Identity library provides [Microsoft Entra ID](https://learn.microsoft.com/entra/fundamentals/whatis) token-based authentication through a set of convenient [TokenCredential](https://learn.microsoft.com/javascript/api/@azure/core-auth/tokencredential) implementations.
For examples of various credentials, see the [Azure Identity examples page](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md).
Key links:
- [Source code](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/identity/identity)
- [Package (npm)](https://www.npmjs.com/package/@azure/identity)
- [API Reference Documentation](https://learn.microsoft.com/javascript/api/@azure/identity)
- [Microsoft Entra ID documentation](https://learn.microsoft.com/entra/identity)
- [Samples](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples)
## Getting started
### Currently supported environments
- [LTS versions of Node.js](https://github.com/nodejs/release#release-schedule)
- Latest versions of Safari, Chrome, Edge, and Firefox.
- **Note**: Among the different credentials exported in this library, `InteractiveBrowserCredential` is the only one supported in the browser.
For more information, see our [support policy](https://github.com/Azure/azure-sdk-for-js/blob/main/SUPPORT.md).
### Install the package
Install Azure Identity with `npm`:
```sh
npm install --save @azure/identity
```
### Prerequisites
- An [Azure subscription](https://azure.microsoft.com/free/).
- Optional: The [Azure CLI][azure_cli] and/or [Azure PowerShell][azure_powershell] can also be useful for authenticating in a development environment and managing account roles.
### When to use @azure/identity
The credential classes exposed by `@azure/identity` are focused on providing the most straightforward way to authenticate the Azure SDK clients locally, in your development environments, and in production. We aim for simplicity and reasonable support of the authentication protocols to cover most of the authentication scenarios possible on Azure. We're actively expanding to cover more scenarios. For a full list of the credentials offered, see the [Credential Classes](#credential-classes) section.
All credential types provided by `@azure/identity` are supported in Node.js. For browsers, `InteractiveBrowserCredential` is the credential type to be used for basic authentication scenarios.
Most of the credential types offered by `@azure/identity` use the [Microsoft Authentication Library for JavaScript (MSAL.js)](https://github.com/AzureAD/microsoft-authentication-library-for-js). Specifically, we use the v2 MSAL.js libraries, which use [OAuth 2.0 Authorization Code Flow with PKCE](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow) and are [OpenID-compliant](https://learn.microsoft.com/entra/identity-platform/v2-protocols-oidc). While `@azure/identity` focuses on simplicity, the MSAL.js libraries, such as [@azure/msal-common](https://www.npmjs.com/package/@azure/msal-common), [@azure/msal-node](https://www.npmjs.com/package/@azure/msal-node), and [@azure/msal-browser](https://www.npmjs.com/package/@azure/msal-browser), are designed to provide robust support for the authentication protocols that Azure supports.
#### When to use something else
The `@azure/identity` credential types are implementations of [@azure/core-auth](https://www.npmjs.com/package/@azure/core-auth)'s `TokenCredential` class. In principle, any object with a `getToken` method that satisfies `getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>` works as a `TokenCredential`. This means developers can write their own credential types to support authentication cases not covered by `@azure/identity`. To learn more, see [Custom Credentials](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#custom-credentials).
Though our credential types support many advanced scenarios, developers may want to use [Microsoft Authentication Library for JavaScript (MSAL.js)](https://github.com/AzureAD/microsoft-authentication-library-for-js) directly instead. Consider using MSAL.js in the following scenarios:
- Developers who want full control of the authentication protocol and its configuration.
- Our credential types are designed to be used with Azure SDK clients with intelligent caching and token refreshing handled at the core HTTP layer. If you find yourself having to use `getToken` directly, you may benefit from using MSAL.js for more control over the authentication flow and token caching.
You can read more through the following links:
- We portray some advanced use cases of `@azure/identity` on the [Azure Identity Examples](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md) page.
- There, we specifically have an [Advanced Examples](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#advanced-examples) section.
- We also have a section that shows how to [Authenticate with MSAL directly](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-with-msal-directly).
For advanced authentication workflows in the browser, we have a section where we showcase how to use the [@azure/msal-browser](https://www.npmjs.com/package/@azure/msal-browser) library directly to authenticate Azure SDK clients.
### Authenticate the client in development environment
While we recommend using managed identity in your Azure-hosted application, it's typical for a developer to use their own account for authenticating calls to Azure services when debugging and executing code locally. There are several developer tools that can be used to perform this authentication in your development environment.
#### Authenticate via the Azure Developer CLI
Developers coding outside of an IDE can also use the [Azure Developer CLI][azure_developer_cli] to authenticate. Applications using the `DefaultAzureCredential` or the `AzureDeveloperCliCredential` can then use this account to authenticate calls in their application when running locally.
To authenticate with the [Azure Developer CLI][azure_developer_cli], users can run the command `azd auth login`. For users running on a system with a default web browser, the Azure Developer CLI launches the browser to authenticate the user.
For systems without a default web browser, the `azd auth login --use-device-code` command uses the device code authentication flow.
#### Authenticate via the Azure CLI
Applications using the `AzureCliCredential`, whether directly or via the `DefaultAzureCredential`, can use the Azure CLI account to authenticate calls in the application when running locally.
To authenticate with the [Azure CLI][azure_cli], run the command `az login`. For users running on a system with a default web browser, the Azure CLI launches the browser to authenticate the user.
![Azure CLI Account Sign In][azureclilogin_image]
For systems without a default web browser, the `az login` command uses the device code authentication flow. The user can also force the Azure CLI to use the device code flow rather than launching a browser by specifying the `--use-device-code` argument.
![Azure CLI Account Device Code Sign In][azureclilogindevicecode_image]
#### Authenticate via Azure PowerShell
Applications using the `AzurePowerShellCredential`, whether directly or via the `DefaultAzureCredential`, can use the account connected to Azure PowerShell to authenticate calls in the application when running locally.
To authenticate with [Azure PowerShell][azure_powershell], run the `Connect-AzAccount` cmdlet. By default, like the Azure CLI, `Connect-AzAccount` launches the default web browser to authenticate a user account.
![Azure PowerShell Account Sign In][azurepowershelllogin_image]
If interactive authentication can't be supported in the session, then the `-UseDeviceAuthentication` argument forces the cmdlet to use a device code authentication flow instead, similar to the corresponding option in the Azure CLI credential.
### Authenticate the client in browsers
To authenticate Azure SDK clients within web browsers, we offer the `InteractiveBrowserCredential`, which can be set to use redirection or popups to complete the authentication flow. It's necessary to [create an Azure App Registration](https://learn.microsoft.com/entra/identity-platform/scenario-spa-app-registration) in the Azure portal for your web application first.
## Key concepts
If this is your first time using `@azure/identity` or Microsoft Entra ID, read [Using `@azure/identity` with Microsoft Entra ID](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/using-azure-identity.md) first. This document provides a deeper understanding of the platform and how to configure your Azure account correctly.
### Credentials
A credential is a class that contains or can obtain the data needed for a service client to authenticate requests. Service clients across the Azure SDK accept credentials when they're constructed. Service clients use those credentials to authenticate requests to the service.
The Azure Identity library focuses on OAuth authentication with Microsoft Entra ID, and it offers various credential classes capable of acquiring a Microsoft Entra token to authenticate service requests. All of the credential classes in this library are implementations of the [TokenCredential](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/core/core-auth/src/tokenCredential.ts) abstract class, and any of them can be used by to construct service clients capable of authenticating with a `TokenCredential`.
See [Credential Classes](#credential-classes).
### DefaultAzureCredential
`DefaultAzureCredential` simplifies authentication while developing apps that deploy to Azure by combining credentials used in Azure hosting environments with credentials used in local development. For more information, see [DefaultAzureCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-defaultazurecredential-for-flexibility).
#### Continuation policy
As of version 3.3.0, `DefaultAzureCredential` attempts to authenticate with all developer credentials until one succeeds, regardless of any errors previous developer credentials experienced. For example, a developer credential may attempt to get a token and fail, so `DefaultAzureCredential` continues to the next credential in the flow. Deployed service credentials stop the flow with a thrown exception if they're able to attempt token retrieval, but don't receive one.
This allows for trying all of the developer credentials on your machine while having predictable deployed behavior.
## Plugins
Azure Identity for JavaScript provides a plugin API that allows us to provide certain functionality through separate _plugin packages_. The `@azure/identity` package exports a top-level function (`useIdentityPlugin`) that can be used to enable a plugin. We provide two plugin packages:
- [`@azure/identity-broker`](https://www.npmjs.com/package/@azure/identity-broker), which provides brokered authentication support through a native broker, such as Web Account Manager.
- [`@azure/identity-vscode`](https://www.npmjs.com/package/@azure/identity-vscode), which provides Visual Studio Code authentication support for signing in through Azure Resource extension.
- [`@azure/identity-cache-persistence`](https://www.npmjs.com/package/@azure/identity-cache-persistence), which provides persistent token caching in Node.js using a native secure storage system provided by your operating system. This plugin allows cached `access_token` values to persist across sessions, meaning that an interactive login flow doesn't need to be repeated as long as a cached token is available.
## Examples
You can find more examples of using various credentials in [Azure Identity Examples Page](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md)
### Authenticate with `DefaultAzureCredential`
This example demonstrates authenticating the `KeyClient` from the [@azure/keyvault-keys](https://www.npmjs.com/package/@azure/keyvault-keys) client library using `DefaultAzureCredential`.
```ts snippet:defaultazurecredential_authenticate
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient } from "@azure/keyvault-keys";
// Configure vault URL
const vaultUrl = "https://<your-unique-keyvault-name>.vault.azure.net";
// Azure SDK clients accept the credential as a parameter
const credential = new DefaultAzureCredential();
// Create authenticated client
const client = new KeyClient(vaultUrl, credential);
```
### Specify a user-assigned managed identity with `DefaultAzureCredential`
A relatively common scenario involves authenticating using a user-assigned managed identity for an Azure resource. Explore the [example on Authenticating a user-assigned managed identity with DefaultAzureCredential](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-assigned-managed-identity-with-defaultazurecredential) to see how this is made a relatively straightforward task that can be configured using environment variables or in code.
### Authenticate with Visual Studio Code via `DefaultAzureCredential`
`DefaultAzureCredential` can automatically use the signed-in user from Visual Studio Code to authenticate your application during local development. Before using Visual Studio Code authentication, ensure you have:
1. **Azure Resources Extension**: Install the [Azure Resources extension](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-azureresourcegroups) in Visual Studio Code
2. **Signed in to Azure**: Use the `Azure: Sign In` command in VS Code
3. **Broker package configuration**: Install the `@azure/identity-vscode` package v2.0.0 or above in your project with `npm install @azure/identity-vscode` and configure `useIdentityPlugin` as shown below:
```ts snippet:defaultazurecredential_vscode
import { useIdentityPlugin, DefaultAzureCredential } from "@azure/identity";
useIdentityPlugin(vsCodePlugin);
const credential = new DefaultAzureCredential();
```
Once these prerequisites are met, `DefaultAzureCredential` will automatically detect and use VS Code authentication when running locally.
### Define a custom authentication flow with `ChainedTokenCredential`
While `DefaultAzureCredential` is generally the quickest way to get started developing applications for Azure, more advanced users may want to customize the credentials considered when authenticating. The `ChainedTokenCredential` enables users to combine multiple credential instances to define a customized chain of credentials. This example demonstrates creating a `ChainedTokenCredential` that attempts to authenticate using two differently configured instances of `ClientSecretCredential`, to then authenticate the `KeyClient` from the [@azure/keyvault-keys](https://www.npmjs.com/package/@azure/keyvault-keys):
```ts snippet:chaintedtokencredential_authenticate
import { ClientSecretCredential, ChainedTokenCredential } from "@azure/identity";
import { KeyClient } from "@azure/keyvault-keys";
// Configure variables
const vaultUrl = "https://<your-unique-keyvault-name>.vault.azure.net";
const tenantId = "<tenant-id>";
const clientId = "<client-id>";
const clientSecret = "<client-secret>";
const anotherClientId = "<another-client-id>";
const anotherSecret = "<another-client-secret>";
// When an access token is requested, the chain will try each
// credential in order, stopping when one provides a token
const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);
const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);
// The chain can be used anywhere a credential is required
const client = new KeyClient(vaultUrl, credentialChain);
```
## Managed identity support
The [Managed identity authentication](https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/overview) is supported via either the `DefaultAzureCredential` or the `ManagedIdentityCredential` credential classes directly for the following Azure services:
- [Azure App Service and Azure Functions](https://learn.microsoft.com/azure/app-service/overview-managed-identity)
- [Azure Arc](https://learn.microsoft.com/azure/azure-arc/servers/managed-identity-authentication)
- [Azure Cloud Shell](https://learn.microsoft.com/azure/cloud-shell/msi-authorization)
- [Azure Kubernetes Service](https://learn.microsoft.com/azure/aks/use-managed-identity)
- [Azure Service Fabric](https://learn.microsoft.com/azure/service-fabric/concepts-managed-identity)
- [Azure Virtual Machines](https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/how-to-use-vm-token)
- [Azure Virtual Machines Scale Sets](https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/qs-configure-powershell-windows-vmss)
For examples of how to use managed identity for authentication, see [the examples](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-in-azure-with-managed-identity).
## Cloud configuration
Credentials default to authenticating to the Microsoft Entra endpoint for Azure Public Cloud. To access resources in other clouds, such as Azure Government or a private cloud, configure credentials with the `authorityHost` argument in the constructor. The [`AzureAuthorityHosts`][authority_hosts] enum defines authorities for well-known clouds. For the US Government cloud, you could instantiate a credential this way:
```ts snippet:cloudconfiguration_authenticate
import { ClientSecretCredential, AzureAuthorityHosts } from "@azure/identity";
const credential = new ClientSecretCredential(
"<YOUR_TENANT_ID>",
"<YOUR_CLIENT_ID>",
"<YOUR_CLIENT_SECRET>",
{
authorityHost: AzureAuthorityHosts.AzureGovernment,
},
);
```
As an alternative to specifying the `authorityHost` argument, you can also set the `AZURE_AUTHORITY_HOST` environment variable to the URL of your cloud's authority. This approach is useful when configuring multiple credentials to authenticate to the same cloud or when the deployed environment needs to define the target cloud:
```sh
AZURE_AUTHORITY_HOST=https://login.partner.microsoftonline.cn
```
The `AzureAuthorityHosts` enum defines authorities for well-known clouds for your convenience; however, if the authority for your cloud isn't listed in `AzureAuthorityHosts`, you may pass any valid authority URL as a string argument. For example:
```ts snippet:cloudconfiguration_authorityhost
import { ClientSecretCredential } from "@azure/identity";
const credential = new ClientSecretCredential(
"<YOUR_TENANT_ID>",
"<YOUR_CLIENT_ID>",
"<YOUR_CLIENT_SECRET>",
{
authorityHost: "https://login.partner.microsoftonline.cn",
},
);
```
Not all credentials require this configuration. Credentials that authenticate through a development tool, such as `AzureCliCredential`, use that tool's configuration.
## Credential classes
### Credential chains
| Credential | Usage | Example |
| -------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [`DefaultAzureCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/defaultazurecredential?view=azure-node-latest) | Provides a simplified authentication experience to quickly start developing applications run in Azure. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-with-defaultazurecredential) |
| [`ChainedTokenCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/chainedtokencredential?view=azure-node-latest) | Allows users to define custom authentication flows composing multiple credentials. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#chaining-credentials) |
### Authenticate Azure-hosted applications
| Credential | Usage | Example |
| -------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [`EnvironmentCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/environmentcredential?view=azure-node-latest) | Authenticates a service principal or user via credential information specified in environment variables. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-service-principal-with-environment-credentials) |
| [`ManagedIdentityCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/managedidentitycredential?view=azure-node-latest) | Authenticates the managed identity of an Azure resource. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-in-azure-with-managed-identity) |
| [`WorkloadIdentityCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/workloadidentitycredential?view=azure-node-latest) | Supports [Microsoft Entra Workload ID](https://learn.microsoft.com/azure/aks/workload-identity-overview) on Kubernetes. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-in-azure-with-workload-identity) |
### Authenticate service principals
| Credential | Usage | Example | Reference |
| ---------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- |
| [`AzurePipelinesCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/azurepipelinescredential?view=azure-node-latest) | Supports [Microsoft Entra Workload ID](https://learn.microsoft.com/azure/devops/pipelines/release/configure-workload-identity?view=azure-devops) on Azure Pipelines. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-in-azure-pipelines-with-service-connections) |
| [`ClientAssertionCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/clientassertioncredential?view=azure-node-latest) | Authenticates a service principal using a signed client assertion. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-service-principal-with-a-client-assertion) | [Service principal authentication](https://learn.microsoft.com/entra/identity-platform/app-objects-and-service-principals) |
| [`ClientCertificateCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/clientcertificatecredential?view=azure-node-latest) | Authenticates a service principal using a certificate. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-service-principal-with-a-client-certificate) | [Service principal authentication](https://learn.microsoft.com/entra/identity-platform/app-objects-and-service-principals) |
| [`ClientSecretCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/clientsecretcredential?view=azure-node-latest) | Authenticates a service principal using a secret. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-service-principal-with-a-client-secret) | [Service principal authentication](https://learn.microsoft.com/entra/identity-platform/app-objects-and-service-principals) |
### Authenticate users
| Credential | Usage | Example | Reference |
| ------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- |
| [`AuthorizationCodeCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/authorizationcodecredential?view=azure-node-latest) | Authenticates a user with a previously obtained authorization code. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-account-with-auth-code-flow) | [OAuth2 authentication code](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow) |
| [`DeviceCodeCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/devicecodecredential?view=azure-node-latest) | Interactively authenticates a user on devices with limited UI. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-account-with-device-code-flow) | [Device code authentication](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-device-code) |
| [`InteractiveBrowserCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/interactivebrowsercredential?view=azure-node-latest) | Interactively authenticates a user with the default system browser. Read more about how this happens [here](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/interactive-browser-credential.md). | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-account-interactively-in-the-browser) | [OAuth2 authorization code](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow) |
| [`OnBehalfOfCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/onbehalfofcredential?view=azure-node-latest) | Propagates the delegated user identity and permissions through the request chain | | [On-behalf-of authentication](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-on-behalf-of-flow) |
### Authenticate via development tools
| Credential | Usage | Example | Reference |
| ---------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- |
| [`AzureCliCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/azureclicredential?view=azure-node-latest) | Authenticate in a development environment with the Azure CLI. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-account-with-azure-cli) | [Azure CLI authentication](https://learn.microsoft.com/cli/azure/authenticate-azure-cli) |
| [`AzureDeveloperCliCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/azuredeveloperclicredential?view=azure-node-latest) | Authenticate in a development environment with the enabled user or service principal in Azure Developer CLI. | | [Azure Developer CLI Reference](https://learn.microsoft.com/azure/developer/azure-developer-cli/reference) |
| [`AzurePowerShellCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/azurepowershellcredential?view=azure-node-latest) | Authenticate in a development environment using Azure PowerShell. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-account-with-azure-powershell) | [Azure PowerShell authentication](https://learn.microsoft.com/powershell/azure/authenticate-azureps) |
| [`VisualStudioCodeCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/visualstudiocodecredential?view=azure-node-latest) | Authenticate in a development environment with Visual Studio Code. | | |
## Environment variables
`DefaultAzureCredential` and `EnvironmentCredential` can be configured with environment variables. Each type of authentication requires values for specific variables.
### Service principal with secret
| Variable name | Value |
| --------------------- | ---------------------------------------------- |
| `AZURE_CLIENT_ID` | ID of a Microsoft Entra application |
| `AZURE_TENANT_ID` | ID of the application's Microsoft Entra tenant |
| `AZURE_CLIENT_SECRET` | one of the application's client secrets |
### Service principal with certificate
| Variable name | Value |
|---------------------------------------|--------------------------------------------------------------|
| `AZURE_CLIENT_ID` | ID of a Microsoft Entra application |
| `AZURE_TENANT_ID` | ID of the application's Microsoft Entra tenant |
| `AZURE_CLIENT_CERTIFICATE_PATH` | path to a PEM-encoded certificate file including private key |
| `AZURE_CLIENT_CERTIFICATE_PASSWORD` | (optional) password of the certificate file, if any |
| `AZURE_CLIENT_SEND_CERTIFICATE_CHAIN` | (optional) send certificate chain in x5c header to support subject name / issuer-based authentication |
Configuration is attempted in the preceding order. For example, if values for a client secret and certificate are both present, the client secret is used.
## Continuous Access Evaluation
As of version 3.3.0, accessing resources protected by [Continuous Access Evaluation](https://learn.microsoft.com/entra/identity/conditional-access/concept-continuous-access-evaluation) (CAE) is possible on a per-request basis. This can be enabled using the [`GetTokenOptions.enableCae(boolean)` API](https://learn.microsoft.com/javascript/api/@azure/core-auth/gettokenoptions?view=azure-node-latest#@azure-core-auth-gettokenoptions-enablecae). CAE isn't supported for developer credentials.
## Token caching
Token caching is a feature provided by the Azure Identity library that allows apps to:
- Cache tokens in memory (default) and on disk (opt-in).
- Improve resilience and performance.
- Reduce the number of requests made to Microsoft Entra ID to obtain access tokens.
The Azure Identity library offers both in-memory and persistent disk caching. For more information, see the [token caching documentation](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/TOKEN_CACHING.md).
## Brokered authentication
An authentication broker is an application that runs on a users machine and manages the authentication handshakes and token maintenance for connected accounts. Currently, only the Windows Web Account Manager (WAM) is supported. Broker authentication is used by `DefaultAzureCredential` to enable secure sign-in via the WAM. To enable support, use the [`@azure/identity-broker`][azure_identity_broker] package. For details on authenticating using WAM, see the [broker plugin documentation][azure_identity_broker_readme].
## Troubleshooting
For assistance with troubleshooting, see the [troubleshooting guide](https://aka.ms/azsdk/js/identity/troubleshoot).
## Next steps
### Read the documentation
API documentation for this library can be found on our [documentation site](https://learn.microsoft.com/javascript/api/@azure/identity).
### Client library support
Client and management libraries listed on the [Azure SDK releases page](https://azure.github.io/azure-sdk/releases/latest/js.html) that support Microsoft Entra authentication accept credentials from this library. Learn more about using these libraries in their documentation, which is linked from the releases page.
### Known issues
#### Azure AD B2C support
This library doesn't support the [Azure AD B2C](https://learn.microsoft.com/azure/active-directory-b2c/overview) service.
For other open issues, see the library's [GitHub repository](https://github.com/Azure/azure-sdk-for-js/issues?q=is%3Aopen+is%3Aissue+label%3AAzure.Identity).
### Provide feedback
If you encounter bugs or have suggestions, [open an issue](https://github.com/Azure/azure-sdk-for-js/issues).
## Contributing
To contribute to this library, read the [contributing guide](https://github.com/Azure/azure-sdk-for-js/blob/main/CONTRIBUTING.md) to learn more about how to build and test the code.
[azure_cli]: https://learn.microsoft.com/cli/azure
[azure_developer_cli]: https://learn.microsoft.com/azure/developer/azure-developer-cli
[azure_powershell]: https://learn.microsoft.com/powershell/azure/
[azureclilogin_image]: https://raw.githubusercontent.com/Azure/azure-sdk-for-js/main/sdk/identity/identity/images/AzureCliLogin.png
[azureclilogindevicecode_image]: https://raw.githubusercontent.com/Azure/azure-sdk-for-js/main/sdk/identity/identity/images/AzureCliLoginDeviceCode.png
[azurepowershelllogin_image]: https://raw.githubusercontent.com/Azure/azure-sdk-for-js/main/sdk/identity/identity/images/AzurePowerShellLogin.png
[azure_identity_broker]: https://www.npmjs.com/package/@azure/identity-broker
[azure_identity_broker_readme]: https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/identity/identity-broker
[authority_hosts]: https://learn.microsoft.com/javascript/api/@azure/identity/azureauthorityhosts

View File

@@ -0,0 +1,65 @@
import type { INetworkModule, NetworkRequestOptions, NetworkResponse } from "@azure/msal-node";
import type { AccessToken, GetTokenOptions } from "@azure/core-auth";
import { ServiceClient } from "@azure/core-client";
import type { PipelineRequest } from "@azure/core-rest-pipeline";
import type { AbortSignalLike } from "@azure/abort-controller";
import type { TokenCredentialOptions } from "../tokenCredentialOptions.js";
/**
* An internal type used to communicate details of a token request's
* response that should not be sent back as part of the access token.
*/
export interface TokenResponse {
/**
* The AccessToken to be returned from getToken.
*/
accessToken: AccessToken;
/**
* The refresh token if the 'offline_access' scope was used.
*/
refreshToken?: string;
}
/**
* @internal
*/
export declare function getIdentityClientAuthorityHost(options?: TokenCredentialOptions): string;
/**
* The network module used by the Identity credentials.
*
* It allows for credentials to abort any pending request independently of the MSAL flow,
* by calling to the `abortRequests()` method.
*
*/
export declare class IdentityClient extends ServiceClient implements INetworkModule {
authorityHost: string;
private allowLoggingAccountIdentifiers?;
private abortControllers;
private allowInsecureConnection;
private tokenCredentialOptions;
constructor(options?: TokenCredentialOptions);
sendTokenRequest(request: PipelineRequest): Promise<TokenResponse | null>;
refreshAccessToken(tenantId: string, clientId: string, scopes: string, refreshToken: string | undefined, clientSecret: string | undefined, options?: GetTokenOptions): Promise<TokenResponse | null>;
generateAbortSignal(correlationId: string): AbortSignalLike;
abortRequests(correlationId?: string): void;
getCorrelationId(options?: NetworkRequestOptions): string;
sendGetRequestAsync<T>(url: string, options?: NetworkRequestOptions): Promise<NetworkResponse<T>>;
sendPostRequestAsync<T>(url: string, options?: NetworkRequestOptions): Promise<NetworkResponse<T>>;
/**
*
* @internal
*/
getTokenCredentialOptions(): TokenCredentialOptions;
/**
* If allowLoggingAccountIdentifiers was set on the constructor options
* we try to log the account identifiers by parsing the received access token.
*
* The account identifiers we try to log are:
* - `appid`: The application or Client Identifier.
* - `upn`: User Principal Name.
* - It might not be available in some authentication scenarios.
* - If it's not available, we put a placeholder: "No User Principal Name available".
* - `tid`: Tenant Identifier.
* - `oid`: Object Identifier of the authenticated user.
*/
private logIdentifiers;
}
//# sourceMappingURL=identityClient.d.ts.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"identityClient.d.ts","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAC/F,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,KAAK,EAAE,eAAe,EAAoB,MAAM,2BAA2B,CAAC;AAEnF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAM/D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAS3E;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,WAAW,EAAE,WAAW,CAAC;IACzB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,wBAAgB,8BAA8B,CAAC,OAAO,CAAC,EAAE,sBAAsB,GAAG,MAAM,CAWvF;AAED;;;;;;GAMG;AACH,qBAAa,cAAe,SAAQ,aAAc,YAAW,cAAc;IAClE,aAAa,EAAE,MAAM,CAAC;IAC7B,OAAO,CAAC,8BAA8B,CAAC,CAAU;IACjD,OAAO,CAAC,gBAAgB,CAA6C;IACrE,OAAO,CAAC,uBAAuB,CAAkB;IAEjD,OAAO,CAAC,sBAAsB,CAAyB;gBAE3C,OAAO,CAAC,EAAE,sBAAsB;IAmCtC,gBAAgB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAmCzE,kBAAkB,CACtB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GAAG,SAAS,EAChC,YAAY,EAAE,MAAM,GAAG,SAAS,EAChC,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAkEhC,mBAAmB,CAAC,aAAa,EAAE,MAAM,GAAG,eAAe;IAe3D,aAAa,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI;IAgB3C,gBAAgB,CAAC,OAAO,CAAC,EAAE,qBAAqB,GAAG,MAAM;IAUnD,mBAAmB,CAAC,CAAC,EACzB,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAqBxB,oBAAoB,CAAC,CAAC,EAC1B,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAsB9B;;;OAGG;IACH,yBAAyB,IAAI,sBAAsB;IAGnD;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,cAAc;CA6BvB"}

View File

@@ -0,0 +1,260 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
import { ServiceClient } from "@azure/core-client";
import { isNode } from "@azure/core-util";
import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
import { AuthenticationError, AuthenticationErrorName } from "../errors.js";
import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint.js";
import { DefaultAuthorityHost, SDK_VERSION } from "../constants.js";
import { tracingClient } from "../util/tracing.js";
import { logger } from "../util/logging.js";
import { parseExpirationTimestamp, parseRefreshTimestamp, } from "../credentials/managedIdentityCredential/utils.js";
const noCorrelationId = "noCorrelationId";
/**
* @internal
*/
export function getIdentityClientAuthorityHost(options) {
// The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.
let authorityHost = options?.authorityHost;
// The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.
if (isNode) {
authorityHost = authorityHost ?? process.env.AZURE_AUTHORITY_HOST;
}
// If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com
return authorityHost ?? DefaultAuthorityHost;
}
/**
* The network module used by the Identity credentials.
*
* It allows for credentials to abort any pending request independently of the MSAL flow,
* by calling to the `abortRequests()` method.
*
*/
export class IdentityClient extends ServiceClient {
authorityHost;
allowLoggingAccountIdentifiers;
abortControllers;
allowInsecureConnection = false;
// used for WorkloadIdentity
tokenCredentialOptions;
constructor(options) {
const packageDetails = `azsdk-js-identity/${SDK_VERSION}`;
const userAgentPrefix = options?.userAgentOptions?.userAgentPrefix
? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
: `${packageDetails}`;
const baseUri = getIdentityClientAuthorityHost(options);
if (!baseUri.startsWith("https:")) {
throw new Error("The authorityHost address must use the 'https' protocol.");
}
super({
requestContentType: "application/json; charset=utf-8",
retryOptions: {
maxRetries: 3,
},
...options,
userAgentOptions: {
userAgentPrefix,
},
baseUri,
});
this.authorityHost = baseUri;
this.abortControllers = new Map();
this.allowLoggingAccountIdentifiers = options?.loggingOptions?.allowLoggingAccountIdentifiers;
// used for WorkloadIdentity
this.tokenCredentialOptions = { ...options };
// used for ManagedIdentity
if (options?.allowInsecureConnection) {
this.allowInsecureConnection = options.allowInsecureConnection;
}
}
async sendTokenRequest(request) {
logger.info(`IdentityClient: sending token request to [${request.url}]`);
const response = await this.sendRequest(request);
if (response.bodyAsText && (response.status === 200 || response.status === 201)) {
const parsedBody = JSON.parse(response.bodyAsText);
if (!parsedBody.access_token) {
return null;
}
this.logIdentifiers(response);
const token = {
accessToken: {
token: parsedBody.access_token,
expiresOnTimestamp: parseExpirationTimestamp(parsedBody),
refreshAfterTimestamp: parseRefreshTimestamp(parsedBody),
tokenType: "Bearer",
},
refreshToken: parsedBody.refresh_token,
};
logger.info(`IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`);
return token;
}
else {
const error = new AuthenticationError(response.status, response.bodyAsText);
logger.warning(`IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`);
throw error;
}
}
async refreshAccessToken(tenantId, clientId, scopes, refreshToken, clientSecret, options = {}) {
if (refreshToken === undefined) {
return null;
}
logger.info(`IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`);
const refreshParams = {
grant_type: "refresh_token",
client_id: clientId,
refresh_token: refreshToken,
scope: scopes,
};
if (clientSecret !== undefined) {
refreshParams.client_secret = clientSecret;
}
const query = new URLSearchParams(refreshParams);
return tracingClient.withSpan("IdentityClient.refreshAccessToken", options, async (updatedOptions) => {
try {
const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);
const request = createPipelineRequest({
url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,
method: "POST",
body: query.toString(),
abortSignal: options.abortSignal,
headers: createHttpHeaders({
Accept: "application/json",
"Content-Type": "application/x-www-form-urlencoded",
}),
tracingOptions: updatedOptions.tracingOptions,
});
const response = await this.sendTokenRequest(request);
logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);
return response;
}
catch (err) {
if (err.name === AuthenticationErrorName &&
err.errorResponse.error === "interaction_required") {
// It's likely that the refresh token has expired, so
// return null so that the credential implementation will
// initiate the authentication flow again.
logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);
return null;
}
else {
logger.warning(`IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`);
throw err;
}
}
});
}
// Here is a custom layer that allows us to abort requests that go through MSAL,
// since MSAL doesn't allow us to pass options all the way through.
generateAbortSignal(correlationId) {
const controller = new AbortController();
const controllers = this.abortControllers.get(correlationId) || [];
controllers.push(controller);
this.abortControllers.set(correlationId, controllers);
const existingOnAbort = controller.signal.onabort;
controller.signal.onabort = (...params) => {
this.abortControllers.set(correlationId, undefined);
if (existingOnAbort) {
existingOnAbort.apply(controller.signal, params);
}
};
return controller.signal;
}
abortRequests(correlationId) {
const key = correlationId || noCorrelationId;
const controllers = [
...(this.abortControllers.get(key) || []),
// MSAL passes no correlation ID to the get requests...
...(this.abortControllers.get(noCorrelationId) || []),
];
if (!controllers.length) {
return;
}
for (const controller of controllers) {
controller.abort();
}
this.abortControllers.set(key, undefined);
}
getCorrelationId(options) {
const parameter = options?.body
?.split("&")
.map((part) => part.split("="))
.find(([key]) => key === "client-request-id");
return parameter && parameter.length ? parameter[1] || noCorrelationId : noCorrelationId;
}
// The MSAL network module methods follow
async sendGetRequestAsync(url, options) {
const request = createPipelineRequest({
url,
method: "GET",
body: options?.body,
allowInsecureConnection: this.allowInsecureConnection,
headers: createHttpHeaders(options?.headers),
abortSignal: this.generateAbortSignal(noCorrelationId),
});
const response = await this.sendRequest(request);
this.logIdentifiers(response);
return {
body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,
headers: response.headers.toJSON(),
status: response.status,
};
}
async sendPostRequestAsync(url, options) {
const request = createPipelineRequest({
url,
method: "POST",
body: options?.body,
headers: createHttpHeaders(options?.headers),
allowInsecureConnection: this.allowInsecureConnection,
// MSAL doesn't send the correlation ID on the get requests.
abortSignal: this.generateAbortSignal(this.getCorrelationId(options)),
});
const response = await this.sendRequest(request);
this.logIdentifiers(response);
return {
body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,
headers: response.headers.toJSON(),
status: response.status,
};
}
/**
*
* @internal
*/
getTokenCredentialOptions() {
return this.tokenCredentialOptions;
}
/**
* If allowLoggingAccountIdentifiers was set on the constructor options
* we try to log the account identifiers by parsing the received access token.
*
* The account identifiers we try to log are:
* - `appid`: The application or Client Identifier.
* - `upn`: User Principal Name.
* - It might not be available in some authentication scenarios.
* - If it's not available, we put a placeholder: "No User Principal Name available".
* - `tid`: Tenant Identifier.
* - `oid`: Object Identifier of the authenticated user.
*/
logIdentifiers(response) {
if (!this.allowLoggingAccountIdentifiers || !response.bodyAsText) {
return;
}
const unavailableUpn = "No User Principal Name available";
try {
const parsed = response.parsedBody || JSON.parse(response.bodyAsText);
const accessToken = parsed.access_token;
if (!accessToken) {
// Without an access token allowLoggingAccountIdentifiers isn't useful.
return;
}
const base64Metadata = accessToken.split(".")[1];
const { appid, upn, tid, oid } = JSON.parse(Buffer.from(base64Metadata, "base64").toString("utf8"));
logger.info(`[Authenticated account] Client ID: ${appid}. Tenant ID: ${tid}. User Principal Name: ${upn || unavailableUpn}. Object ID (user): ${oid}`);
}
catch (e) {
logger.warning("allowLoggingAccountIdentifiers was set, but we couldn't log the account information. Error:", e.message);
}
}
}
//# sourceMappingURL=identityClient.js.map

File diff suppressed because one or more lines are too long

View File

@@ -0,0 +1,69 @@
/**
* Current version of the `@azure/identity` package.
*/
export declare const SDK_VERSION = "4.13.1";
/**
* The default client ID for authentication
* @internal
*/
export declare const DeveloperSignOnClientId = "04b07795-8ddb-461a-bbee-02f9e1bf7b46";
/**
* The default tenant for authentication
* @internal
*/
export declare const DefaultTenantId = "common";
/**
* A list of known Azure authority hosts
*/
export declare enum AzureAuthorityHosts {
/**
* China-based Azure Authority Host
*/
AzureChina = "https://login.chinacloudapi.cn",
/**
* Germany-based Azure Authority Host
*
* @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.
*
* */
AzureGermany = "https://login.microsoftonline.de",
/**
* US Government Azure Authority Host
*/
AzureGovernment = "https://login.microsoftonline.us",
/**
* Public Cloud Azure Authority Host
*/
AzurePublicCloud = "https://login.microsoftonline.com"
}
/**
* @internal
* The default authority host.
*/
export declare const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;
/**
* @internal
* The default environment host for Azure Public Cloud
*/
export declare const DefaultAuthority = "login.microsoftonline.com";
/**
* @internal
* Allow acquiring tokens for any tenant for multi-tentant auth.
*/
export declare const ALL_TENANTS: string[];
/**
* @internal
*/
export declare const CACHE_CAE_SUFFIX = "cae";
/**
* @internal
*/
export declare const CACHE_NON_CAE_SUFFIX = "nocae";
/**
* @internal
*
* The default name for the cache persistence plugin.
* Matches the constant defined in the cache persistence package.
*/
export declare const DEFAULT_TOKEN_CACHE_NAME = "msal.cache";
//# sourceMappingURL=constants.d.ts.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,eAAO,MAAM,WAAW,WAAW,CAAC;AAEpC;;;GAGG;AAIH,eAAO,MAAM,uBAAuB,yCAAyC,CAAC;AAE9E;;;GAGG;AACH,eAAO,MAAM,eAAe,WAAW,CAAC;AAExC;;GAEG;AACH,oBAAY,mBAAmB;IAC7B;;OAEG;IACH,UAAU,mCAAmC;IAC7C;;;;;SAKK;IACL,YAAY,qCAAqC;IACjD;;OAEG;IACH,eAAe,qCAAqC;IACpD;;OAEG;IACH,gBAAgB,sCAAsC;CACvD;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB,uCAAuC,CAAC;AAEzE;;;GAGG;AACH,eAAO,MAAM,gBAAgB,8BAA8B,CAAC;AAE5D;;;GAGG;AACH,eAAO,MAAM,WAAW,EAAE,MAAM,EAAU,CAAC;AAE3C;;GAEG;AACH,eAAO,MAAM,gBAAgB,QAAQ,CAAC;AAEtC;;GAEG;AACH,eAAO,MAAM,oBAAoB,UAAU,CAAC;AAE5C;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,eAAe,CAAC"}

View File

@@ -0,0 +1,75 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
/**
* Current version of the `@azure/identity` package.
*/
export const SDK_VERSION = `4.13.1`;
/**
* The default client ID for authentication
* @internal
*/
// TODO: temporary - this is the Azure CLI clientID - we'll replace it when
// Developer Sign On application is available
// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9
export const DeveloperSignOnClientId = "04b07795-8ddb-461a-bbee-02f9e1bf7b46";
/**
* The default tenant for authentication
* @internal
*/
export const DefaultTenantId = "common";
/**
* A list of known Azure authority hosts
*/
export var AzureAuthorityHosts;
(function (AzureAuthorityHosts) {
/**
* China-based Azure Authority Host
*/
AzureAuthorityHosts["AzureChina"] = "https://login.chinacloudapi.cn";
/**
* Germany-based Azure Authority Host
*
* @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.
*
* */
AzureAuthorityHosts["AzureGermany"] = "https://login.microsoftonline.de";
/**
* US Government Azure Authority Host
*/
AzureAuthorityHosts["AzureGovernment"] = "https://login.microsoftonline.us";
/**
* Public Cloud Azure Authority Host
*/
AzureAuthorityHosts["AzurePublicCloud"] = "https://login.microsoftonline.com";
})(AzureAuthorityHosts || (AzureAuthorityHosts = {}));
/**
* @internal
* The default authority host.
*/
export const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;
/**
* @internal
* The default environment host for Azure Public Cloud
*/
export const DefaultAuthority = "login.microsoftonline.com";
/**
* @internal
* Allow acquiring tokens for any tenant for multi-tentant auth.
*/
export const ALL_TENANTS = ["*"];
/**
* @internal
*/
export const CACHE_CAE_SUFFIX = "cae";
/**
* @internal
*/
export const CACHE_NON_CAE_SUFFIX = "nocae";
/**
* @internal
*
* The default name for the cache persistence plugin.
* Matches the constant defined in the cache persistence package.
*/
export const DEFAULT_TOKEN_CACHE_NAME = "msal.cache";
//# sourceMappingURL=constants.js.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,QAAQ,CAAC;AAEpC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AACvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,KAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `4.13.1`;\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n /**\n * China-based Azure Authority Host\n */\n AzureChina = \"https://login.chinacloudapi.cn\",\n /**\n * Germany-based Azure Authority Host\n *\n * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n *\n * */\n AzureGermany = \"https://login.microsoftonline.de\",\n /**\n * US Government Azure Authority Host\n */\n AzureGovernment = \"https://login.microsoftonline.us\",\n /**\n * Public Cloud Azure Authority Host\n */\n AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/**\n * @internal\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/**\n * @internal\n * The default environment host for Azure Public Cloud\n */\nexport const DefaultAuthority = \"login.microsoftonline.com\";\n\n/**\n * @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n */\nexport const ALL_TENANTS: string[] = [\"*\"];\n\n/**\n * @internal\n */\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/**\n * @internal\n */\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/**\n * @internal\n *\n * The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}

View File

@@ -0,0 +1,16 @@
/**
* Provides options to configure how the Identity library
* does authority validation during authentication requests
* to Microsoft Entra ID.
*/
export interface AuthorityValidationOptions {
/**
* The field determines whether instance discovery is performed when attempting to authenticate.
* Setting this to `true` will completely disable both instance discovery and authority validation.
* As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.
* This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.
* The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.
*/
disableInstanceDiscovery?: boolean;
}
//# sourceMappingURL=authorityValidationOptions.d.ts.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"authorityValidationOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorityValidationOptions.ts"],"names":[],"mappings":"AAGA;;;;GAIG;AACH,MAAM,WAAW,0BAA0B;IACzC;;;;;;OAMG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;CACpC"}

View File

@@ -0,0 +1,4 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
export {};
//# sourceMappingURL=authorityValidationOptions.js.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"authorityValidationOptions.js","sourceRoot":"","sources":["../../../src/credentials/authorityValidationOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Provides options to configure how the Identity library\n * does authority validation during authentication requests\n * to Microsoft Entra ID.\n */\nexport interface AuthorityValidationOptions {\n /**\n * The field determines whether instance discovery is performed when attempting to authenticate.\n * Setting this to `true` will completely disable both instance discovery and authority validation.\n * As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.\n * This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.\n * The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.\n */\n disableInstanceDiscovery?: boolean;\n}\n"]}

View File

@@ -0,0 +1 @@
{"version":3,"file":"authorizationCodeCredential-browser.d.mts","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential-browser.mts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAErE,OAAO,KAAK,EAAE,kCAAkC,EAAE,MAAM,yCAAyC,CAAC;AAOlG,qBAAa,2BAA4B,YAAW,eAAe;IACjE;;OAEG;gBAED,QAAQ,EAAE,MAAM,GAAG,QAAQ,EAC3B,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,iBAAiB,EAAE,MAAM,EACzB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,kCAAkC;gBAG5C,QAAQ,EAAE,MAAM,GAAG,QAAQ,EAC3B,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EACzB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,kCAAkC;IAOvC,QAAQ,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;CAI/C"}

View File

@@ -0,0 +1 @@
{"version":3,"file":"authorizationCodeCredential-browser.mjs","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential-browser.mts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGnE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,kIAAkI,CACnI,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D,MAAM,OAAO,2BAA2B;IAmBtC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging.js\";\nimport type { AuthorizationCodeCredentialOptions } from \"./authorizationCodeCredentialOptions.js\";\n\nconst BrowserNotSupportedError = new Error(\n \"AuthorizationCodeCredential is not supported in the browser. InteractiveBrowserCredential is more appropriate for this use case.\",\n);\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\nexport class AuthorizationCodeCredential implements TokenCredential {\n /**\n * Only available in Node.js\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}

View File

@@ -0,0 +1,11 @@
import type { AccessToken, TokenCredential } from "@azure/core-auth";
import type { AuthorizationCodeCredentialOptions } from "./authorizationCodeCredentialOptions.js";
export declare class AuthorizationCodeCredential implements TokenCredential {
/**
* Only available in Node.js
*/
constructor(tenantId: string | "common", clientId: string, clientSecret: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
constructor(tenantId: string | "common", clientId: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
getToken(): Promise<AccessToken | null>;
}
//# sourceMappingURL=authorizationCodeCredential-browser.d.mts.map

View File

@@ -0,0 +1,16 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
import { credentialLogger, formatError } from "../util/logging.js";
const BrowserNotSupportedError = new Error("AuthorizationCodeCredential is not supported in the browser. InteractiveBrowserCredential is more appropriate for this use case.");
const logger = credentialLogger("AuthorizationCodeCredential");
export class AuthorizationCodeCredential {
constructor() {
logger.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
}
getToken() {
logger.getToken.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
}
}
//# sourceMappingURL=authorizationCodeCredential-browser.mjs.map

View File

@@ -0,0 +1,8 @@
import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
/**
* Options for the {@link AuthorizationCodeCredential}
*/
export interface AuthorizationCodeCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
}
//# sourceMappingURL=authorizationCodeCredentialOptions.d.ts.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"authorizationCodeCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,kCACf,SAAQ,iCAAiC,EACvC,0BAA0B;CAAG"}

View File

@@ -0,0 +1,4 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
export {};
//# sourceMappingURL=authorizationCodeCredentialOptions.js.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"authorizationCodeCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link AuthorizationCodeCredential}\n */\nexport interface AuthorizationCodeCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n AuthorityValidationOptions {}\n"]}

View File

@@ -0,0 +1 @@
{"version":3,"file":"azureCliCredential-browser.d.mts","sourceRoot":"","sources":["../../../src/credentials/azureCliCredential-browser.mts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAMrE;;;GAGG;AACH,qBAAa,kBAAmB,YAAW,eAAe;IACxD;;OAEG;;IAMH,QAAQ,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;CAIxC"}

View File

@@ -0,0 +1 @@
{"version":3,"file":"azureCliCredential-browser.mjs","sourceRoot":"","sources":["../../../src/credentials/azureCliCredential-browser.mts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEnE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;AAClG,MAAM,MAAM,GAAG,gBAAgB,CAAC,oBAAoB,CAAC,CAAC;AAEtD;;;GAGG;AACH,MAAM,OAAO,kBAAkB;IAC7B;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging.js\";\n\nconst BrowserNotSupportedError = new Error(\"AzureCliCredential is not supported in the browser.\");\nconst logger = credentialLogger(\"AzureCliCredential\");\n\n/**\n * This credential will use the currently logged-in user login information\n * via the Azure CLI ('az') commandline tool.\n */\nexport class AzureCliCredential implements TokenCredential {\n /**\n * Only available in Node.js\n */\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}

View File

@@ -0,0 +1,13 @@
import type { AccessToken, TokenCredential } from "@azure/core-auth";
/**
* This credential will use the currently logged-in user login information
* via the Azure CLI ('az') commandline tool.
*/
export declare class AzureCliCredential implements TokenCredential {
/**
* Only available in Node.js
*/
constructor();
getToken(): Promise<AccessToken | null>;
}
//# sourceMappingURL=azureCliCredential-browser.d.mts.map

View File

@@ -0,0 +1,23 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
import { credentialLogger, formatError } from "../util/logging.js";
const BrowserNotSupportedError = new Error("AzureCliCredential is not supported in the browser.");
const logger = credentialLogger("AzureCliCredential");
/**
* This credential will use the currently logged-in user login information
* via the Azure CLI ('az') commandline tool.
*/
export class AzureCliCredential {
/**
* Only available in Node.js
*/
constructor() {
logger.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
}
getToken() {
logger.getToken.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
}
}
//# sourceMappingURL=azureCliCredential-browser.mjs.map

View File

@@ -0,0 +1,20 @@
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
/**
* Options for the {@link AzureCliCredential}
*/
export interface AzureCliCredentialOptions extends MultiTenantTokenCredentialOptions {
/**
* Allows specifying a tenant ID
*/
tenantId?: string;
/**
* Process timeout configurable for making token requests, provided in milliseconds
*/
processTimeoutInMs?: number;
/**
* Subscription is the name or ID of a subscription. Set this to acquire tokens for an account other
* than the Azure CLI's current account.
*/
subscription?: string;
}
//# sourceMappingURL=azureCliCredentialOptions.d.ts.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"azureCliCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureCliCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,yBAA0B,SAAQ,iCAAiC;IAClF;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB"}

View File

@@ -0,0 +1,4 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
export {};
//# sourceMappingURL=azureCliCredentialOptions.js.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"azureCliCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azureCliCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link AzureCliCredential}\n */\nexport interface AzureCliCredentialOptions extends MultiTenantTokenCredentialOptions {\n /**\n * Allows specifying a tenant ID\n */\n tenantId?: string;\n /**\n * Process timeout configurable for making token requests, provided in milliseconds\n */\n processTimeoutInMs?: number;\n /**\n * Subscription is the name or ID of a subscription. Set this to acquire tokens for an account other\n * than the Azure CLI's current account.\n */\n subscription?: string;\n}\n"]}

View File

@@ -0,0 +1 @@
{"version":3,"file":"azureDeveloperCliCredential-browser.d.mts","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredential-browser.mts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAQrE;;;GAGG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE;;OAEG;;IAMH,QAAQ,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;CAIxC"}

View File

@@ -0,0 +1 @@
{"version":3,"file":"azureDeveloperCliCredential-browser.mjs","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredential-browser.mts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEnE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,8DAA8D,CAC/D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;GAGG;AACH,MAAM,OAAO,2BAA2B;IACtC;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging.js\";\n\nconst BrowserNotSupportedError = new Error(\n \"AzureDeveloperCliCredential is not supported in the browser.\",\n);\nconst logger = credentialLogger(\"AzureDeveloperCliCredential\");\n\n/**\n * This credential will use the currently logged-in user login information\n * via the Azure Developer CLI ('azd') commandline tool.\n */\nexport class AzureDeveloperCliCredential implements TokenCredential {\n /**\n * Only available in Node.js\n */\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}

View File

@@ -0,0 +1,13 @@
import type { AccessToken, TokenCredential } from "@azure/core-auth";
/**
* This credential will use the currently logged-in user login information
* via the Azure Developer CLI ('azd') commandline tool.
*/
export declare class AzureDeveloperCliCredential implements TokenCredential {
/**
* Only available in Node.js
*/
constructor();
getToken(): Promise<AccessToken | null>;
}
//# sourceMappingURL=azureDeveloperCliCredential-browser.d.mts.map

View File

@@ -0,0 +1,23 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
import { credentialLogger, formatError } from "../util/logging.js";
const BrowserNotSupportedError = new Error("AzureDeveloperCliCredential is not supported in the browser.");
const logger = credentialLogger("AzureDeveloperCliCredential");
/**
* This credential will use the currently logged-in user login information
* via the Azure Developer CLI ('azd') commandline tool.
*/
export class AzureDeveloperCliCredential {
/**
* Only available in Node.js
*/
constructor() {
logger.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
}
getToken() {
logger.getToken.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
}
}
//# sourceMappingURL=azureDeveloperCliCredential-browser.mjs.map

View File

@@ -0,0 +1,15 @@
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
/**
* Options for the {@link AzureDeveloperCliCredential}
*/
export interface AzureDeveloperCliCredentialOptions extends MultiTenantTokenCredentialOptions {
/**
* Allows specifying a tenant ID
*/
tenantId?: string;
/**
* Process timeout configurable for making token requests, provided in milliseconds
*/
processTimeoutInMs?: number;
}
//# sourceMappingURL=azureDeveloperCliCredentialOptions.d.ts.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"azureDeveloperCliCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,kCAAmC,SAAQ,iCAAiC;IAC3F;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B"}

View File

@@ -0,0 +1,4 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
export {};
//# sourceMappingURL=azureDeveloperCliCredentialOptions.js.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"azureDeveloperCliCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link AzureDeveloperCliCredential}\n */\nexport interface AzureDeveloperCliCredentialOptions extends MultiTenantTokenCredentialOptions {\n /**\n * Allows specifying a tenant ID\n */\n tenantId?: string;\n /**\n * Process timeout configurable for making token requests, provided in milliseconds\n */\n processTimeoutInMs?: number;\n}\n"]}

View File

@@ -0,0 +1 @@
{"version":3,"file":"azurePipelinesCredential-browser.d.mts","sourceRoot":"","sources":["../../../src/credentials/azurePipelinesCredential-browser.mts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAQrE;;;GAGG;AACH,qBAAa,wBAAyB,YAAW,eAAe;IAC9D;;OAEG;;IAMI,QAAQ,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;CAI/C"}

View File

@@ -0,0 +1 @@
{"version":3,"file":"azurePipelinesCredential-browser.mjs","sourceRoot":"","sources":["../../../src/credentials/azurePipelinesCredential-browser.mts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEnE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,2DAA2D,CAC5D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,0BAA0B,CAAC,CAAC;AAE5D;;;GAGG;AACH,MAAM,OAAO,wBAAwB;IACnC;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging.js\";\n\nconst BrowserNotSupportedError = new Error(\n \"AzurePipelinesCredential is not supported in the browser.\",\n);\nconst logger = credentialLogger(\"AzurePipelinesCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID using a PEM-encoded\n * certificate that is assigned to an App Registration.\n */\nexport class AzurePipelinesCredential implements TokenCredential {\n /**\n * Only available in Node.js\n */\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}

View File

@@ -0,0 +1,13 @@
import type { AccessToken, TokenCredential } from "@azure/core-auth";
/**
* Enables authentication to Microsoft Entra ID using a PEM-encoded
* certificate that is assigned to an App Registration.
*/
export declare class AzurePipelinesCredential implements TokenCredential {
/**
* Only available in Node.js
*/
constructor();
getToken(): Promise<AccessToken | null>;
}
//# sourceMappingURL=azurePipelinesCredential-browser.d.mts.map

View File

@@ -0,0 +1,23 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
import { credentialLogger, formatError } from "../util/logging.js";
const BrowserNotSupportedError = new Error("AzurePipelinesCredential is not supported in the browser.");
const logger = credentialLogger("AzurePipelinesCredential");
/**
* Enables authentication to Microsoft Entra ID using a PEM-encoded
* certificate that is assigned to an App Registration.
*/
export class AzurePipelinesCredential {
/**
* Only available in Node.js
*/
constructor() {
logger.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
}
getToken() {
logger.getToken.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
}
}
//# sourceMappingURL=azurePipelinesCredential-browser.mjs.map

View File

@@ -0,0 +1,9 @@
import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
/**
* Optional parameters for the {@link AzurePipelinesCredential} class.
*/
export interface AzurePipelinesCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
}
//# sourceMappingURL=azurePipelinesCredentialOptions.d.ts.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"azurePipelinesCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/azurePipelinesCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,+BACf,SAAQ,iCAAiC,EACvC,4BAA4B,EAC5B,0BAA0B;CAAG"}

View File

@@ -0,0 +1,4 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
export {};
//# sourceMappingURL=azurePipelinesCredentialOptions.js.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"azurePipelinesCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azurePipelinesCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Optional parameters for the {@link AzurePipelinesCredential} class.\n */\nexport interface AzurePipelinesCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions,\n AuthorityValidationOptions {}\n"]}

View File

@@ -0,0 +1 @@
{"version":3,"file":"azurePowerShellCredential-browser.d.mts","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredential-browser.mts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAQrE;;GAEG;AACH,qBAAa,yBAA0B,YAAW,eAAe;IAC/D;;OAEG;;IAMH,QAAQ,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;CAIxC"}

View File

@@ -0,0 +1 @@
{"version":3,"file":"azurePowerShellCredential-browser.mjs","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredential-browser.mts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEnE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,4DAA4D,CAC7D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D;;GAEG;AACH,MAAM,OAAO,yBAAyB;IACpC;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging.js\";\n\nconst BrowserNotSupportedError = new Error(\n \"AzurePowerShellCredential is not supported in the browser.\",\n);\nconst logger = credentialLogger(\"AzurePowerShellCredential\");\n\n/**\n * This credential will use the currently-logged-in user's login information via the Azure Power Shell command line tool.\n */\nexport class AzurePowerShellCredential implements TokenCredential {\n /**\n * Only available in Node.js\n */\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}

View File

@@ -0,0 +1,12 @@
import type { AccessToken, TokenCredential } from "@azure/core-auth";
/**
* This credential will use the currently-logged-in user's login information via the Azure Power Shell command line tool.
*/
export declare class AzurePowerShellCredential implements TokenCredential {
/**
* Only available in Node.js
*/
constructor();
getToken(): Promise<AccessToken | null>;
}
//# sourceMappingURL=azurePowerShellCredential-browser.d.mts.map

View File

@@ -0,0 +1,22 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
import { credentialLogger, formatError } from "../util/logging.js";
const BrowserNotSupportedError = new Error("AzurePowerShellCredential is not supported in the browser.");
const logger = credentialLogger("AzurePowerShellCredential");
/**
* This credential will use the currently-logged-in user's login information via the Azure Power Shell command line tool.
*/
export class AzurePowerShellCredential {
/**
* Only available in Node.js
*/
constructor() {
logger.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
}
getToken() {
logger.getToken.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
}
}
//# sourceMappingURL=azurePowerShellCredential-browser.mjs.map

View File

@@ -0,0 +1,15 @@
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
/**
* Options for the {@link AzurePowerShellCredential}
*/
export interface AzurePowerShellCredentialOptions extends MultiTenantTokenCredentialOptions {
/**
* Allows specifying a tenant ID
*/
tenantId?: string;
/**
* Process timeout configurable for making token requests, provided in milliseconds
*/
processTimeoutInMs?: number;
}
//# sourceMappingURL=azurePowerShellCredentialOptions.d.ts.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"azurePowerShellCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,gCAAiC,SAAQ,iCAAiC;IACzF;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B"}

View File

@@ -0,0 +1,4 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
export {};
//# sourceMappingURL=azurePowerShellCredentialOptions.js.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"azurePowerShellCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link AzurePowerShellCredential}\n */\nexport interface AzurePowerShellCredentialOptions extends MultiTenantTokenCredentialOptions {\n /**\n * Allows specifying a tenant ID\n */\n tenantId?: string;\n /**\n * Process timeout configurable for making token requests, provided in milliseconds\n */\n processTimeoutInMs?: number;\n}\n"]}

View File

@@ -0,0 +1,13 @@
import type { BrokerOptions } from "../msal/nodeFlows/brokerOptions.js";
/**
* Configuration options for InteractiveBrowserCredential
* to support WAM Broker Authentication.
*/
export interface BrokerAuthOptions {
/**
* Options to allow broker authentication when using InteractiveBrowserCredential
*
*/
brokerOptions?: BrokerOptions;
}
//# sourceMappingURL=brokerAuthOptions.d.ts.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"brokerAuthOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/brokerAuthOptions.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oCAAoC,CAAC;AAExE;;;GAGG;AAEH,MAAM,WAAW,iBAAiB;IAChC;;;OAGG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;CAC/B"}

View File

@@ -0,0 +1,2 @@
export {};
//# sourceMappingURL=brokerAuthOptions.js.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"brokerAuthOptions.js","sourceRoot":"","sources":["../../../src/credentials/brokerAuthOptions.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\nimport type { BrokerOptions } from \"../msal/nodeFlows/brokerOptions.js\";\n\n/**\n * Configuration options for InteractiveBrowserCredential\n * to support WAM Broker Authentication.\n */\n\nexport interface BrokerAuthOptions {\n /**\n * Options to allow broker authentication when using InteractiveBrowserCredential\n *\n */\n brokerOptions?: BrokerOptions;\n}\n"]}

View File

@@ -0,0 +1,35 @@
import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
import { TokenCredentialOptions } from "../tokenCredentialOptions.js";
import { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
/**
* Enables authentication to Microsoft Entra ID using WAM (Web Account Manager) broker.
* This credential uses the default account logged into the OS via a broker.
*/
export declare class BrokerCredential implements TokenCredential {
private brokerMsalClient;
private brokerTenantId?;
private brokerAdditionallyAllowedTenantIds;
/**
* Creates an instance of BrokerCredential with the required broker options.
*
* This credential uses WAM (Web Account Manager) for authentication, which provides
* better security and user experience on Windows platforms.
*
* @param options - Options for configuring the broker credential, including required broker options.
*/
constructor(options: {
tenantId?: string;
} & TokenCredentialOptions & MultiTenantTokenCredentialOptions);
/**
* Authenticates with Microsoft Entra ID using WAM broker and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* This method extends the base getToken method to support silentAuthenticationOnly option
* when using broker authentication.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure the token request, including silentAuthenticationOnly option.
*/
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
}
//# sourceMappingURL=brokerCredential.d.ts.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"brokerCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/brokerCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAatF,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAK3F;;;GAGG;AACH,qBAAa,gBAAiB,YAAW,eAAe;IACtD,OAAO,CAAC,gBAAgB,CAAa;IACrC,OAAO,CAAC,cAAc,CAAC,CAAS;IAChC,OAAO,CAAC,kCAAkC,CAAW;IAErD;;;;;;;OAOG;gBAED,OAAO,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,sBAAsB,GAAG,iCAAiC;IAwB7F;;;;;;;;;OASG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;CA4B/F"}

View File

@@ -0,0 +1,69 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
import { processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, resolveTenantId, } from "../util/tenantIdUtils.js";
import { credentialLogger, formatError } from "../util/logging.js";
import { ensureScopes } from "../util/scopeUtils.js";
import { tracingClient } from "../util/tracing.js";
import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
import { DeveloperSignOnClientId } from "../constants.js";
import { CredentialUnavailableError } from "../errors.js";
const logger = credentialLogger("BrokerCredential");
/**
* Enables authentication to Microsoft Entra ID using WAM (Web Account Manager) broker.
* This credential uses the default account logged into the OS via a broker.
*/
export class BrokerCredential {
brokerMsalClient;
brokerTenantId;
brokerAdditionallyAllowedTenantIds;
/**
* Creates an instance of BrokerCredential with the required broker options.
*
* This credential uses WAM (Web Account Manager) for authentication, which provides
* better security and user experience on Windows platforms.
*
* @param options - Options for configuring the broker credential, including required broker options.
*/
constructor(options) {
this.brokerTenantId = resolveTenantId(logger, options.tenantId);
this.brokerAdditionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options?.additionallyAllowedTenants);
const msalClientOptions = {
...options,
tokenCredentialOptions: options,
logger,
brokerOptions: {
enabled: true,
parentWindowHandle: new Uint8Array(0),
useDefaultBrokerAccount: true,
},
};
this.brokerMsalClient = createMsalClient(DeveloperSignOnClientId, this.brokerTenantId, msalClientOptions);
}
/**
* Authenticates with Microsoft Entra ID using WAM broker and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* This method extends the base getToken method to support silentAuthenticationOnly option
* when using broker authentication.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure the token request, including silentAuthenticationOnly option.
*/
async getToken(scopes, options = {}) {
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
newOptions.tenantId = processMultiTenantRequest(this.brokerTenantId, newOptions, this.brokerAdditionallyAllowedTenantIds, logger);
const arrayScopes = ensureScopes(scopes);
try {
return this.brokerMsalClient.getBrokeredToken(arrayScopes, true, {
...newOptions,
disableAutomaticAuthentication: true,
});
}
catch (e) {
logger.getToken.info(formatError(arrayScopes, e));
throw new CredentialUnavailableError("Failed to acquire token using broker authentication", { cause: e });
}
});
}
}
//# sourceMappingURL=brokerCredential.js.map

View File

@@ -0,0 +1,19 @@
/**
* Shared configuration options for browser customization
*/
export interface BrowserCustomizationOptions {
/**
* Shared configuration options for browser customization
*/
browserCustomizationOptions?: {
/**
* Format for error messages for display in browser
*/
errorMessage?: string;
/**
* Format for success messages for display in browser
*/
successMessage?: string;
};
}
//# sourceMappingURL=browserCustomizationOptions.d.ts.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"browserCustomizationOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/browserCustomizationOptions.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C;;OAEG;IACH,2BAA2B,CAAC,EAAE;QAC5B;;WAEG;QACH,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB;;WAEG;QACH,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB,CAAC;CACH"}

View File

@@ -0,0 +1,4 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
export {};
//# sourceMappingURL=browserCustomizationOptions.js.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"browserCustomizationOptions.js","sourceRoot":"","sources":["../../../src/credentials/browserCustomizationOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Shared configuration options for browser customization\n */\nexport interface BrowserCustomizationOptions {\n /**\n * Shared configuration options for browser customization\n */\n browserCustomizationOptions?: {\n /**\n * Format for error messages for display in browser\n */\n errorMessage?: string;\n /**\n * Format for success messages for display in browser\n */\n successMessage?: string;\n };\n}\n"]}

View File

@@ -0,0 +1,51 @@
import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
/**
* @internal
*/
export declare const logger: import("../util/logging.js").CredentialLogger;
/**
* Enables multiple `TokenCredential` implementations to be tried in order until
* one of the getToken methods returns an access token. For more information, see
* [ChainedTokenCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-chainedtokencredential-for-granularity).
*/
export declare class ChainedTokenCredential implements TokenCredential {
private _sources;
/**
* Creates an instance of ChainedTokenCredential using the given credentials.
*
* @param sources - `TokenCredential` implementations to be tried in order.
*
* Example usage:
* ```ts snippet:chained_token_credential_example
* import { ClientSecretCredential, ChainedTokenCredential } from "@azure/identity";
*
* const tenantId = "<tenant-id>";
* const clientId = "<client-id>";
* const clientSecret = "<client-secret>";
* const anotherClientId = "<another-client-id>";
* const anotherSecret = "<another-client-secret>";
*
* const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
* const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);
*
* const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);
* ```
*/
constructor(...sources: TokenCredential[]);
/**
* Returns the first access token returned by one of the chained
* `TokenCredential` implementations. Throws an {@link AggregateAuthenticationError}
* when one or more credentials throws an {@link AuthenticationError} and
* no credentials have returned an access token.
*
* This method is called automatically by Azure SDK client libraries. You may call this method
* directly, but you must also handle token caching and token refreshing.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* `TokenCredential` implementation might make.
*/
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
private getTokenInternal;
}
//# sourceMappingURL=chainedTokenCredential.d.ts.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"chainedTokenCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/chainedTokenCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAKtF;;GAEG;AACH,eAAO,MAAM,MAAM,+CAA6C,CAAC;AAEjE;;;;GAIG;AACH,qBAAa,sBAAuB,YAAW,eAAe;IAC5D,OAAO,CAAC,QAAQ,CAAyB;IAEzC;;;;;;;;;;;;;;;;;;;;OAoBG;gBACS,GAAG,OAAO,EAAE,eAAe,EAAE;IAIzC;;;;;;;;;;;;OAYG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;YAKhF,gBAAgB;CAiD/B"}

View File

@@ -0,0 +1,92 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
import { AggregateAuthenticationError, CredentialUnavailableError } from "../errors.js";
import { credentialLogger, formatError, formatSuccess } from "../util/logging.js";
import { tracingClient } from "../util/tracing.js";
/**
* @internal
*/
export const logger = credentialLogger("ChainedTokenCredential");
/**
* Enables multiple `TokenCredential` implementations to be tried in order until
* one of the getToken methods returns an access token. For more information, see
* [ChainedTokenCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-chainedtokencredential-for-granularity).
*/
export class ChainedTokenCredential {
_sources = [];
/**
* Creates an instance of ChainedTokenCredential using the given credentials.
*
* @param sources - `TokenCredential` implementations to be tried in order.
*
* Example usage:
* ```ts snippet:chained_token_credential_example
* import { ClientSecretCredential, ChainedTokenCredential } from "@azure/identity";
*
* const tenantId = "<tenant-id>";
* const clientId = "<client-id>";
* const clientSecret = "<client-secret>";
* const anotherClientId = "<another-client-id>";
* const anotherSecret = "<another-client-secret>";
*
* const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
* const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);
*
* const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);
* ```
*/
constructor(...sources) {
this._sources = sources;
}
/**
* Returns the first access token returned by one of the chained
* `TokenCredential` implementations. Throws an {@link AggregateAuthenticationError}
* when one or more credentials throws an {@link AuthenticationError} and
* no credentials have returned an access token.
*
* This method is called automatically by Azure SDK client libraries. You may call this method
* directly, but you must also handle token caching and token refreshing.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* `TokenCredential` implementation might make.
*/
async getToken(scopes, options = {}) {
const { token } = await this.getTokenInternal(scopes, options);
return token;
}
async getTokenInternal(scopes, options = {}) {
let token = null;
let successfulCredential;
const errors = [];
return tracingClient.withSpan("ChainedTokenCredential.getToken", options, async (updatedOptions) => {
for (let i = 0; i < this._sources.length && token === null; i++) {
try {
token = await this._sources[i].getToken(scopes, updatedOptions);
successfulCredential = this._sources[i];
}
catch (err) {
if (err.name === "CredentialUnavailableError" ||
err.name === "AuthenticationRequiredError") {
errors.push(err);
}
else {
logger.getToken.info(formatError(scopes, err));
throw err;
}
}
}
if (!token && errors.length > 0) {
const err = new AggregateAuthenticationError(errors, "ChainedTokenCredential authentication failed.");
logger.getToken.info(formatError(scopes, err));
throw err;
}
logger.getToken.info(`Result for ${successfulCredential.constructor.name}: ${formatSuccess(scopes)}`);
if (token === null) {
throw new CredentialUnavailableError("Failed to retrieve a valid token");
}
return { token, successfulCredential };
});
}
}
//# sourceMappingURL=chainedTokenCredential.js.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"clientAssertionCredential-browser.d.mts","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredential-browser.mts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAQrE;;GAEG;AACH,qBAAa,yBAA0B,YAAW,eAAe;IAC/D;;OAEG;;IAMI,QAAQ,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;CAI/C"}

View File

@@ -0,0 +1 @@
{"version":3,"file":"clientAssertionCredential-browser.mjs","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredential-browser.mts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEnE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,4DAA4D,CAC7D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D;;GAEG;AACH,MAAM,OAAO,yBAAyB;IACpC;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging.js\";\n\nconst BrowserNotSupportedError = new Error(\n \"ClientAssertionCredential is not supported in the browser.\",\n);\nconst logger = credentialLogger(\"ClientAssertionCredential\");\n\n/**\n * Authenticates a service principal with a JWT assertion.\n */\nexport class ClientAssertionCredential implements TokenCredential {\n /**\n * Only available in Node.js\n */\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}

View File

@@ -0,0 +1,12 @@
import type { AccessToken, TokenCredential } from "@azure/core-auth";
/**
* Authenticates a service principal with a JWT assertion.
*/
export declare class ClientAssertionCredential implements TokenCredential {
/**
* Only available in Node.js
*/
constructor();
getToken(): Promise<AccessToken | null>;
}
//# sourceMappingURL=clientAssertionCredential-browser.d.mts.map

View File

@@ -0,0 +1,22 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
import { credentialLogger, formatError } from "../util/logging.js";
const BrowserNotSupportedError = new Error("ClientAssertionCredential is not supported in the browser.");
const logger = credentialLogger("ClientAssertionCredential");
/**
* Authenticates a service principal with a JWT assertion.
*/
export class ClientAssertionCredential {
/**
* Only available in Node.js
*/
constructor() {
logger.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
}
getToken() {
logger.getToken.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
}
}
//# sourceMappingURL=clientAssertionCredential-browser.mjs.map

View File

@@ -0,0 +1,9 @@
import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
/**
* Options for the {@link ClientAssertionCredential}
*/
export interface ClientAssertionCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
}
//# sourceMappingURL=clientAssertionCredentialOptions.d.ts.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"clientAssertionCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,gCACf,SAAQ,iCAAiC,EACvC,4BAA4B,EAC5B,0BAA0B;CAAG"}

View File

@@ -0,0 +1,4 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
export {};
//# sourceMappingURL=clientAssertionCredentialOptions.js.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"clientAssertionCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link ClientAssertionCredential}\n */\nexport interface ClientAssertionCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions,\n AuthorityValidationOptions {}\n"]}

View File

@@ -0,0 +1 @@
{"version":3,"file":"clientCertificateCredential-browser.d.mts","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential-browser.mts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAQrE;;;GAGG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE;;OAEG;;IAMI,QAAQ,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;CAI/C"}

View File

@@ -0,0 +1 @@
{"version":3,"file":"clientCertificateCredential-browser.mjs","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential-browser.mts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEnE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,8DAA8D,CAC/D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;GAGG;AACH,MAAM,OAAO,2BAA2B;IACtC;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging.js\";\n\nconst BrowserNotSupportedError = new Error(\n \"ClientCertificateCredential is not supported in the browser.\",\n);\nconst logger = credentialLogger(\"ClientCertificateCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID using a PEM-encoded\n * certificate that is assigned to an App Registration.\n */\nexport class ClientCertificateCredential implements TokenCredential {\n /**\n * Only available in Node.js\n */\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}

View File

@@ -0,0 +1,13 @@
import type { AccessToken, TokenCredential } from "@azure/core-auth";
/**
* Enables authentication to Microsoft Entra ID using a PEM-encoded
* certificate that is assigned to an App Registration.
*/
export declare class ClientCertificateCredential implements TokenCredential {
/**
* Only available in Node.js
*/
constructor();
getToken(): Promise<AccessToken | null>;
}
//# sourceMappingURL=clientCertificateCredential-browser.d.mts.map

View File

@@ -0,0 +1,23 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
import { credentialLogger, formatError } from "../util/logging.js";
const BrowserNotSupportedError = new Error("ClientCertificateCredential is not supported in the browser.");
const logger = credentialLogger("ClientCertificateCredential");
/**
* Enables authentication to Microsoft Entra ID using a PEM-encoded
* certificate that is assigned to an App Registration.
*/
export class ClientCertificateCredential {
/**
* Only available in Node.js
*/
constructor() {
logger.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
}
getToken() {
logger.getToken.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
}
}
//# sourceMappingURL=clientCertificateCredential-browser.mjs.map

View File

@@ -0,0 +1,32 @@
/**
* Required configuration options for the {@link ClientCertificateCredential}, with the string contents of a PEM certificate
*/
export interface ClientCertificatePEMCertificate {
/**
* The PEM-encoded public/private key certificate on the filesystem.
* Ensure that certificate is in PEM format and contains both the public and private keys.
*/
certificate: string;
/**
* The password for the certificate file.
*/
certificatePassword?: string;
}
/**
* Required configuration options for the {@link ClientCertificateCredential}, with the path to a PEM certificate.
*/
export interface ClientCertificatePEMCertificatePath {
/**
* The path to the PEM-encoded public/private key certificate on the filesystem.
*/
certificatePath: string;
/**
* The password for the certificate file.
*/
certificatePassword?: string;
}
/**
* Required configuration options for the {@link ClientCertificateCredential}, with either the string contents of a PEM certificate, or the path to a PEM certificate.
*/
export type ClientCertificateCredentialPEMConfiguration = ClientCertificatePEMCertificate | ClientCertificatePEMCertificatePath;
//# sourceMappingURL=clientCertificateCredentialModels.d.ts.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"clientCertificateCredentialModels.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredentialModels.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,WAAW,+BAA+B;IAC9C;;;OAGG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AACD;;GAEG;AACH,MAAM,WAAW,mCAAmC;IAClD;;OAEG;IACH,eAAe,EAAE,MAAM,CAAC;IAExB;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AACD;;GAEG;AACH,MAAM,MAAM,2CAA2C,GACnD,+BAA+B,GAC/B,mCAAmC,CAAC"}

View File

@@ -0,0 +1,4 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
export {};
//# sourceMappingURL=clientCertificateCredentialModels.js.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"clientCertificateCredentialModels.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredentialModels.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Required configuration options for the {@link ClientCertificateCredential}, with the string contents of a PEM certificate\n */\nexport interface ClientCertificatePEMCertificate {\n /**\n * The PEM-encoded public/private key certificate on the filesystem.\n * Ensure that certificate is in PEM format and contains both the public and private keys.\n */\n certificate: string;\n\n /**\n * The password for the certificate file.\n */\n certificatePassword?: string;\n}\n/**\n * Required configuration options for the {@link ClientCertificateCredential}, with the path to a PEM certificate.\n */\nexport interface ClientCertificatePEMCertificatePath {\n /**\n * The path to the PEM-encoded public/private key certificate on the filesystem.\n */\n certificatePath: string;\n\n /**\n * The password for the certificate file.\n */\n certificatePassword?: string;\n}\n/**\n * Required configuration options for the {@link ClientCertificateCredential}, with either the string contents of a PEM certificate, or the path to a PEM certificate.\n */\nexport type ClientCertificateCredentialPEMConfiguration =\n | ClientCertificatePEMCertificate\n | ClientCertificatePEMCertificatePath;\n"]}

View File

@@ -0,0 +1,14 @@
import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
/**
* Optional parameters for the {@link ClientCertificateCredential} class.
*/
export interface ClientCertificateCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
/**
* Option to include x5c header for SubjectName and Issuer name authorization.
* Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim
*/
sendCertificateChain?: boolean;
}
//# sourceMappingURL=clientCertificateCredentialOptions.d.ts.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"clientCertificateCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,kCACf,SAAQ,iCAAiC,EACvC,4BAA4B,EAC5B,0BAA0B;IAC5B;;;OAGG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAQhC"}

View File

@@ -0,0 +1,4 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
export {};
//# sourceMappingURL=clientCertificateCredentialOptions.js.map

View File

@@ -0,0 +1 @@
{"version":3,"file":"clientCertificateCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Optional parameters for the {@link ClientCertificateCredential} class.\n */\nexport interface ClientCertificateCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions,\n AuthorityValidationOptions {\n /**\n * Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n */\n sendCertificateChain?: boolean;\n // TODO: Export again once we're ready to release this feature.\n // /**\n // * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n // * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n // * If the property is not specified, the credential uses the global authority endpoint.\n // */\n // regionalAuthority?: string;\n}\n"]}

View File

@@ -0,0 +1 @@
{"version":3,"file":"clientSecretCredential-browser.d.mts","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential-browser.mts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAOtF,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,oCAAoC,CAAC;AAWxF;;;;;;;GAOG;AACH,qBAAa,sBAAuB,YAAW,eAAe;IAC5D,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,YAAY,CAAS;IAE7B;;;;;;;;;OASG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,6BAA6B;IAWzC;;;;;;;;;OASG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;CA2C/B"}

View File

@@ -0,0 +1,40 @@
import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
import type { ClientSecretCredentialOptions } from "./clientSecretCredentialOptions.js";
/**
* Enables authentication to Microsoft Entra ID using a client secret
* that was generated for an App Registration. More information on how
* to configure a client secret can be found here:
*
* https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application
*
*/
export declare class ClientSecretCredential implements TokenCredential {
private identityClient;
private tenantId;
private additionallyAllowedTenantIds;
private clientId;
private clientSecret;
/**
* Creates an instance of the ClientSecretCredential with the details
* needed to authenticate against Microsoft Entra ID with a client
* secret.
*
* @param tenantId - The Microsoft Entra tenant (directory) ID.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param clientSecret - A client secret that was generated for the App Registration.
* @param options - Options for configuring the client which makes the authentication request.
*/
constructor(tenantId: string, clientId: string, clientSecret: string, options?: ClientSecretCredentialOptions);
/**
* Authenticates with Microsoft Entra ID and returns an access token if
* successful. If authentication cannot be performed at this time, this method may
* return null. If an error occurs during authentication, an {@link AuthenticationError}
* containing failure details will be thrown.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* TokenCredential implementation might make.
*/
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
}
//# sourceMappingURL=clientSecretCredential-browser.d.mts.map

View File

@@ -0,0 +1,88 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
import { credentialLogger, formatError, formatSuccess } from "../util/logging.js";
import { processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, } from "../util/tenantIdUtils.js";
import { IdentityClient } from "../client/identityClient.js";
import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint.js";
import { tracingClient } from "../util/tracing.js";
const logger = credentialLogger("ClientSecretCredential");
// This credential is exported on browser bundles for development purposes.
// For this credential to work in browsers, browsers would need to have security features disabled.
// Please do not disable your browser security features.
/**
* Enables authentication to Microsoft Entra ID using a client secret
* that was generated for an App Registration. More information on how
* to configure a client secret can be found here:
*
* https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application
*
*/
export class ClientSecretCredential {
identityClient;
tenantId;
additionallyAllowedTenantIds;
clientId;
clientSecret;
/**
* Creates an instance of the ClientSecretCredential with the details
* needed to authenticate against Microsoft Entra ID with a client
* secret.
*
* @param tenantId - The Microsoft Entra tenant (directory) ID.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param clientSecret - A client secret that was generated for the App Registration.
* @param options - Options for configuring the client which makes the authentication request.
*/
constructor(tenantId, clientId, clientSecret, options) {
this.identityClient = new IdentityClient(options);
this.tenantId = tenantId;
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options?.additionallyAllowedTenants);
this.clientId = clientId;
this.clientSecret = clientSecret;
}
/**
* Authenticates with Microsoft Entra ID and returns an access token if
* successful. If authentication cannot be performed at this time, this method may
* return null. If an error occurs during authentication, an {@link AuthenticationError}
* containing failure details will be thrown.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* TokenCredential implementation might make.
*/
async getToken(scopes, options = {}) {
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
const tenantId = processMultiTenantRequest(this.tenantId, newOptions, this.additionallyAllowedTenantIds);
const query = new URLSearchParams({
response_type: "token",
grant_type: "client_credentials",
client_id: this.clientId,
client_secret: this.clientSecret,
scope: typeof scopes === "string" ? scopes : scopes.join(" "),
});
try {
const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);
const request = createPipelineRequest({
url: `${this.identityClient.authorityHost}/${tenantId}/${urlSuffix}`,
method: "POST",
body: query.toString(),
headers: createHttpHeaders({
Accept: "application/json",
"Content-Type": "application/x-www-form-urlencoded",
}),
abortSignal: options && options.abortSignal,
tracingOptions: newOptions?.tracingOptions,
});
const tokenResponse = await this.identityClient.sendTokenRequest(request);
logger.getToken.info(formatSuccess(scopes));
return (tokenResponse && tokenResponse.accessToken) || null;
}
catch (err) {
logger.getToken.info(formatError(scopes, err));
throw err;
}
});
}
}
//# sourceMappingURL=clientSecretCredential-browser.mjs.map

Some files were not shown because too many files have changed in this diff Show More