Edison/powerpoint-toolbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Heiko Joerg Schick
2025-03-07 19:22:02 +01:00
commit 4a98255d83
55743 changed files with 5280367 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
node_modules/@azure/identity/dist/commonjs/client/identityClient.d.ts
Generated Vendored
+65
View File
@@ -0,0 +1,65 @@
import type { INetworkModule, NetworkRequestOptions, NetworkResponse } from "@azure/msal-node";
import type { AccessToken, GetTokenOptions } from "@azure/core-auth";
import { ServiceClient } from "@azure/core-client";
import type { PipelineRequest } from "@azure/core-rest-pipeline";
import type { AbortSignalLike } from "@azure/abort-controller";
import type { TokenCredentialOptions } from "../tokenCredentialOptions.js";
/**
* An internal type used to communicate details of a token request's
* response that should not be sent back as part of the access token.
*/
export interface TokenResponse {
/**
* The AccessToken to be returned from getToken.
*/
accessToken: AccessToken;
/**
* The refresh token if the 'offline_access' scope was used.
*/
refreshToken?: string;
}
/**
* @internal
*/
export declare function getIdentityClientAuthorityHost(options?: TokenCredentialOptions): string;
/**
* The network module used by the Identity credentials.
*
* It allows for credentials to abort any pending request independently of the MSAL flow,
* by calling to the `abortRequests()` method.
*
*/
export declare class IdentityClient extends ServiceClient implements INetworkModule {
authorityHost: string;
private allowLoggingAccountIdentifiers?;
private abortControllers;
private allowInsecureConnection;
private tokenCredentialOptions;
constructor(options?: TokenCredentialOptions);
sendTokenRequest(request: PipelineRequest): Promise<TokenResponse | null>;
refreshAccessToken(tenantId: string, clientId: string, scopes: string, refreshToken: string | undefined, clientSecret: string | undefined, options?: GetTokenOptions): Promise<TokenResponse | null>;
generateAbortSignal(correlationId: string): AbortSignalLike;
abortRequests(correlationId?: string): void;
getCorrelationId(options?: NetworkRequestOptions): string;
sendGetRequestAsync<T>(url: string, options?: NetworkRequestOptions): Promise<NetworkResponse<T>>;
sendPostRequestAsync<T>(url: string, options?: NetworkRequestOptions): Promise<NetworkResponse<T>>;
/**
*
* @internal
*/
getTokenCredentialOptions(): TokenCredentialOptions;
/**
* If allowLoggingAccountIdentifiers was set on the constructor options
* we try to log the account identifiers by parsing the received access token.
*
* The account identifiers we try to log are:
* - `appid`: The application or Client Identifier.
* - `upn`: User Principal Name.
* - It might not be available in some authentication scenarios.
* - If it's not available, we put a placeholder: "No User Principal Name available".
* - `tid`: Tenant Identifier.
* - `oid`: Object Identifier of the authenticated user.
*/
private logIdentifiers;
}
//# sourceMappingURL=identityClient.d.ts.map
node_modules/@azure/identity/dist/commonjs/client/identityClient.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"identityClient.d.ts","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAC/F,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,KAAK,EAAE,eAAe,EAAoB,MAAM,2BAA2B,CAAC;AAEnF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAM/D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAS3E;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,WAAW,EAAE,WAAW,CAAC;IACzB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,wBAAgB,8BAA8B,CAAC,OAAO,CAAC,EAAE,sBAAsB,GAAG,MAAM,CAWvF;AAED;;;;;;GAMG;AACH,qBAAa,cAAe,SAAQ,aAAc,YAAW,cAAc;IAClE,aAAa,EAAE,MAAM,CAAC;IAC7B,OAAO,CAAC,8BAA8B,CAAC,CAAU;IACjD,OAAO,CAAC,gBAAgB,CAA6C;IACrE,OAAO,CAAC,uBAAuB,CAAkB;IAEjD,OAAO,CAAC,sBAAsB,CAAyB;gBAE3C,OAAO,CAAC,EAAE,sBAAsB;IAmCtC,gBAAgB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAmCzE,kBAAkB,CACtB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GAAG,SAAS,EAChC,YAAY,EAAE,MAAM,GAAG,SAAS,EAChC,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAkEhC,mBAAmB,CAAC,aAAa,EAAE,MAAM,GAAG,eAAe;IAe3D,aAAa,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI;IAgB3C,gBAAgB,CAAC,OAAO,CAAC,EAAE,qBAAqB,GAAG,MAAM;IAUnD,mBAAmB,CAAC,CAAC,EACzB,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAqBxB,oBAAoB,CAAC,CAAC,EAC1B,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAsB9B;;;OAGG;IACH,yBAAyB,IAAI,sBAAsB;IAGnD;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,cAAc;CA6BvB"}
node_modules/@azure/identity/dist/commonjs/client/identityClient.js
Generated Vendored
+253
View File
@@ -0,0 +1,253 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
exports.IdentityClient = void 0;
exports.getIdentityClientAuthorityHost = getIdentityClientAuthorityHost;
const core_client_1 = require("@azure/core-client");
const core_util_1 = require("@azure/core-util");
const core_rest_pipeline_1 = require("@azure/core-rest-pipeline");
const errors_js_1 = require("../errors.js");
const identityTokenEndpoint_js_1 = require("../util/identityTokenEndpoint.js");
const constants_js_1 = require("../constants.js");
const tracing_js_1 = require("../util/tracing.js");
const logging_js_1 = require("../util/logging.js");
const utils_js_1 = require("../credentials/managedIdentityCredential/utils.js");
const noCorrelationId = "noCorrelationId";
/**
* @internal
*/
function getIdentityClientAuthorityHost(options) {
// The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.
let authorityHost = options === null || options === void 0 ? void 0 : options.authorityHost;
// The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.
if (core_util_1.isNode) {
authorityHost = authorityHost !== null && authorityHost !== void 0 ? authorityHost : process.env.AZURE_AUTHORITY_HOST;
}
// If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com
return authorityHost !== null && authorityHost !== void 0 ? authorityHost : constants_js_1.DefaultAuthorityHost;
}
/**
* The network module used by the Identity credentials.
*
* It allows for credentials to abort any pending request independently of the MSAL flow,
* by calling to the `abortRequests()` method.
*
*/
class IdentityClient extends core_client_1.ServiceClient {
constructor(options) {
var _a, _b;
const packageDetails = `azsdk-js-identity/${constants_js_1.SDK_VERSION}`;
const userAgentPrefix = ((_a = options === null || options === void 0 ? void 0 : options.userAgentOptions) === null || _a === void 0 ? void 0 : _a.userAgentPrefix)
? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
: `${packageDetails}`;
const baseUri = getIdentityClientAuthorityHost(options);
if (!baseUri.startsWith("https:")) {
throw new Error("The authorityHost address must use the 'https' protocol.");
}
super(Object.assign(Object.assign({ requestContentType: "application/json; charset=utf-8", retryOptions: {
maxRetries: 3,
} }, options), { userAgentOptions: {
userAgentPrefix,
}, baseUri }));
this.allowInsecureConnection = false;
this.authorityHost = baseUri;
this.abortControllers = new Map();
this.allowLoggingAccountIdentifiers = (_b = options === null || options === void 0 ? void 0 : options.loggingOptions) === null || _b === void 0 ? void 0 : _b.allowLoggingAccountIdentifiers;
// used for WorkloadIdentity
this.tokenCredentialOptions = Object.assign({}, options);
// used for ManagedIdentity
if (options === null || options === void 0 ? void 0 : options.allowInsecureConnection) {
this.allowInsecureConnection = options.allowInsecureConnection;
}
}
async sendTokenRequest(request) {
logging_js_1.logger.info(`IdentityClient: sending token request to [${request.url}]`);
const response = await this.sendRequest(request);
if (response.bodyAsText && (response.status === 200 || response.status === 201)) {
const parsedBody = JSON.parse(response.bodyAsText);
if (!parsedBody.access_token) {
return null;
}
this.logIdentifiers(response);
const token = {
accessToken: {
token: parsedBody.access_token,
expiresOnTimestamp: (0, utils_js_1.parseExpirationTimestamp)(parsedBody),
refreshAfterTimestamp: (0, utils_js_1.parseRefreshTimestamp)(parsedBody),
tokenType: "Bearer",
},
refreshToken: parsedBody.refresh_token,
};
logging_js_1.logger.info(`IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`);
return token;
}
else {
const error = new errors_js_1.AuthenticationError(response.status, response.bodyAsText);
logging_js_1.logger.warning(`IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`);
throw error;
}
}
async refreshAccessToken(tenantId, clientId, scopes, refreshToken, clientSecret, options = {}) {
if (refreshToken === undefined) {
return null;
}
logging_js_1.logger.info(`IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`);
const refreshParams = {
grant_type: "refresh_token",
client_id: clientId,
refresh_token: refreshToken,
scope: scopes,
};
if (clientSecret !== undefined) {
refreshParams.client_secret = clientSecret;
}
const query = new URLSearchParams(refreshParams);
return tracing_js_1.tracingClient.withSpan("IdentityClient.refreshAccessToken", options, async (updatedOptions) => {
try {
const urlSuffix = (0, identityTokenEndpoint_js_1.getIdentityTokenEndpointSuffix)(tenantId);
const request = (0, core_rest_pipeline_1.createPipelineRequest)({
url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,
method: "POST",
body: query.toString(),
abortSignal: options.abortSignal,
headers: (0, core_rest_pipeline_1.createHttpHeaders)({
Accept: "application/json",
"Content-Type": "application/x-www-form-urlencoded",
}),
tracingOptions: updatedOptions.tracingOptions,
});
const response = await this.sendTokenRequest(request);
logging_js_1.logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);
return response;
}
catch (err) {
if (err.name === errors_js_1.AuthenticationErrorName &&
err.errorResponse.error === "interaction_required") {
// It's likely that the refresh token has expired, so
// return null so that the credential implementation will
// initiate the authentication flow again.
logging_js_1.logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);
return null;
}
else {
logging_js_1.logger.warning(`IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`);
throw err;
}
}
});
}
// Here is a custom layer that allows us to abort requests that go through MSAL,
// since MSAL doesn't allow us to pass options all the way through.
generateAbortSignal(correlationId) {
const controller = new AbortController();
const controllers = this.abortControllers.get(correlationId) || [];
controllers.push(controller);
this.abortControllers.set(correlationId, controllers);
const existingOnAbort = controller.signal.onabort;
controller.signal.onabort = (...params) => {
this.abortControllers.set(correlationId, undefined);
if (existingOnAbort) {
existingOnAbort.apply(controller.signal, params);
}
};
return controller.signal;
}
abortRequests(correlationId) {
const key = correlationId || noCorrelationId;
const controllers = [
...(this.abortControllers.get(key) || []),
// MSAL passes no correlation ID to the get requests...
...(this.abortControllers.get(noCorrelationId) || []),
];
if (!controllers.length) {
return;
}
for (const controller of controllers) {
controller.abort();
}
this.abortControllers.set(key, undefined);
}
getCorrelationId(options) {
var _a;
const parameter = (_a = options === null || options === void 0 ? void 0 : options.body) === null || _a === void 0 ? void 0 : _a.split("&").map((part) => part.split("=")).find(([key]) => key === "client-request-id");
return parameter && parameter.length ? parameter[1] || noCorrelationId : noCorrelationId;
}
// The MSAL network module methods follow
async sendGetRequestAsync(url, options) {
const request = (0, core_rest_pipeline_1.createPipelineRequest)({
url,
method: "GET",
body: options === null || options === void 0 ? void 0 : options.body,
allowInsecureConnection: this.allowInsecureConnection,
headers: (0, core_rest_pipeline_1.createHttpHeaders)(options === null || options === void 0 ? void 0 : options.headers),
abortSignal: this.generateAbortSignal(noCorrelationId),
});
const response = await this.sendRequest(request);
this.logIdentifiers(response);
return {
body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,
headers: response.headers.toJSON(),
status: response.status,
};
}
async sendPostRequestAsync(url, options) {
const request = (0, core_rest_pipeline_1.createPipelineRequest)({
url,
method: "POST",
body: options === null || options === void 0 ? void 0 : options.body,
headers: (0, core_rest_pipeline_1.createHttpHeaders)(options === null || options === void 0 ? void 0 : options.headers),
allowInsecureConnection: this.allowInsecureConnection,
// MSAL doesn't send the correlation ID on the get requests.
abortSignal: this.generateAbortSignal(this.getCorrelationId(options)),
});
const response = await this.sendRequest(request);
this.logIdentifiers(response);
return {
body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,
headers: response.headers.toJSON(),
status: response.status,
};
}
/**
*
* @internal
*/
getTokenCredentialOptions() {
return this.tokenCredentialOptions;
}
/**
* If allowLoggingAccountIdentifiers was set on the constructor options
* we try to log the account identifiers by parsing the received access token.
*
* The account identifiers we try to log are:
* - `appid`: The application or Client Identifier.
* - `upn`: User Principal Name.
* - It might not be available in some authentication scenarios.
* - If it's not available, we put a placeholder: "No User Principal Name available".
* - `tid`: Tenant Identifier.
* - `oid`: Object Identifier of the authenticated user.
*/
logIdentifiers(response) {
if (!this.allowLoggingAccountIdentifiers || !response.bodyAsText) {
return;
}
const unavailableUpn = "No User Principal Name available";
try {
const parsed = response.parsedBody || JSON.parse(response.bodyAsText);
const accessToken = parsed.access_token;
if (!accessToken) {
// Without an access token allowLoggingAccountIdentifiers isn't useful.
return;
}
const base64Metadata = accessToken.split(".")[1];
const { appid, upn, tid, oid } = JSON.parse(Buffer.from(base64Metadata, "base64").toString("utf8"));
logging_js_1.logger.info(`[Authenticated account] Client ID: ${appid}. Tenant ID: ${tid}. User Principal Name: ${upn || unavailableUpn}. Object ID (user): ${oid}`);
}
catch (e) {
logging_js_1.logger.warning("allowLoggingAccountIdentifiers was set, but we couldn't log the account information. Error:", e.message);
}
}
}
exports.IdentityClient = IdentityClient;
//# sourceMappingURL=identityClient.js.map
node_modules/@azure/identity/dist/commonjs/client/identityClient.js.map
Generated Vendored
+1
View File
File diff suppressed because one or more lines are too long
node_modules/@azure/identity/dist/commonjs/constants.d.ts
Generated Vendored
+69
View File
@@ -0,0 +1,69 @@
/**
* Current version of the `@azure/identity` package.
*/
export declare const SDK_VERSION = "4.7.0";
/**
* The default client ID for authentication
* @internal
*/
export declare const DeveloperSignOnClientId = "04b07795-8ddb-461a-bbee-02f9e1bf7b46";
/**
* The default tenant for authentication
* @internal
*/
export declare const DefaultTenantId = "common";
/**
* A list of known Azure authority hosts
*/
export declare enum AzureAuthorityHosts {
/**
* China-based Azure Authority Host
*/
AzureChina = "https://login.chinacloudapi.cn",
/**
* Germany-based Azure Authority Host
*
* @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.
*
* */
AzureGermany = "https://login.microsoftonline.de",
/**
* US Government Azure Authority Host
*/
AzureGovernment = "https://login.microsoftonline.us",
/**
* Public Cloud Azure Authority Host
*/
AzurePublicCloud = "https://login.microsoftonline.com"
}
/**
* @internal
* The default authority host.
*/
export declare const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;
/**
* @internal
* The default environment host for Azure Public Cloud
*/
export declare const DefaultAuthority = "login.microsoftonline.com";
/**
* @internal
* Allow acquiring tokens for any tenant for multi-tentant auth.
*/
export declare const ALL_TENANTS: string[];
/**
* @internal
*/
export declare const CACHE_CAE_SUFFIX = "cae";
/**
* @internal
*/
export declare const CACHE_NON_CAE_SUFFIX = "nocae";
/**
* @internal
*
* The default name for the cache persistence plugin.
* Matches the constant defined in the cache persistence package.
*/
export declare const DEFAULT_TOKEN_CACHE_NAME = "msal.cache";
//# sourceMappingURL=constants.d.ts.map
node_modules/@azure/identity/dist/commonjs/constants.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,eAAO,MAAM,WAAW,UAAU,CAAC;AAEnC;;;GAGG;AAIH,eAAO,MAAM,uBAAuB,yCAAyC,CAAC;AAE9E;;;GAGG;AACH,eAAO,MAAM,eAAe,WAAW,CAAC;AAExC;;GAEG;AACH,oBAAY,mBAAmB;IAC7B;;OAEG;IACH,UAAU,mCAAmC;IAC7C;;;;;SAKK;IACL,YAAY,qCAAqC;IACjD;;OAEG;IACH,eAAe,qCAAqC;IACpD;;OAEG;IACH,gBAAgB,sCAAsC;CACvD;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB,uCAAuC,CAAC;AAEzE;;;GAGG;AACH,eAAO,MAAM,gBAAgB,8BAA8B,CAAC;AAE5D;;;GAGG;AACH,eAAO,MAAM,WAAW,EAAE,MAAM,EAAU,CAAC;AAE3C;;GAEG;AACH,eAAO,MAAM,gBAAgB,QAAQ,CAAC;AAEtC;;GAEG;AACH,eAAO,MAAM,oBAAoB,UAAU,CAAC;AAE5C;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,eAAe,CAAC"}
node_modules/@azure/identity/dist/commonjs/constants.js
Generated Vendored
+78
View File
@@ -0,0 +1,78 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
exports.DEFAULT_TOKEN_CACHE_NAME = exports.CACHE_NON_CAE_SUFFIX = exports.CACHE_CAE_SUFFIX = exports.ALL_TENANTS = exports.DefaultAuthority = exports.DefaultAuthorityHost = exports.AzureAuthorityHosts = exports.DefaultTenantId = exports.DeveloperSignOnClientId = exports.SDK_VERSION = void 0;
/**
* Current version of the `@azure/identity` package.
*/
exports.SDK_VERSION = `4.7.0`;
/**
* The default client ID for authentication
* @internal
*/
// TODO: temporary - this is the Azure CLI clientID - we'll replace it when
// Developer Sign On application is available
// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9
exports.DeveloperSignOnClientId = "04b07795-8ddb-461a-bbee-02f9e1bf7b46";
/**
* The default tenant for authentication
* @internal
*/
exports.DefaultTenantId = "common";
/**
* A list of known Azure authority hosts
*/
var AzureAuthorityHosts;
(function (AzureAuthorityHosts) {
/**
* China-based Azure Authority Host
*/
AzureAuthorityHosts["AzureChina"] = "https://login.chinacloudapi.cn";
/**
* Germany-based Azure Authority Host
*
* @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.
*
* */
AzureAuthorityHosts["AzureGermany"] = "https://login.microsoftonline.de";
/**
* US Government Azure Authority Host
*/
AzureAuthorityHosts["AzureGovernment"] = "https://login.microsoftonline.us";
/**
* Public Cloud Azure Authority Host
*/
AzureAuthorityHosts["AzurePublicCloud"] = "https://login.microsoftonline.com";
})(AzureAuthorityHosts || (exports.AzureAuthorityHosts = AzureAuthorityHosts = {}));
/**
* @internal
* The default authority host.
*/
exports.DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;
/**
* @internal
* The default environment host for Azure Public Cloud
*/
exports.DefaultAuthority = "login.microsoftonline.com";
/**
* @internal
* Allow acquiring tokens for any tenant for multi-tentant auth.
*/
exports.ALL_TENANTS = ["*"];
/**
* @internal
*/
exports.CACHE_CAE_SUFFIX = "cae";
/**
* @internal
*/
exports.CACHE_NON_CAE_SUFFIX = "nocae";
/**
* @internal
*
* The default name for the cache persistence plugin.
* Matches the constant defined in the cache persistence package.
*/
exports.DEFAULT_TOKEN_CACHE_NAME = "msal.cache";
//# sourceMappingURL=constants.js.map
node_modules/@azure/identity/dist/commonjs/constants.js.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAElC;;GAEG;AACU,QAAA,WAAW,GAAG,OAAO,CAAC;AAEnC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AAC1F,QAAA,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACU,QAAA,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,mCAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACU,QAAA,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACU,QAAA,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACU,QAAA,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACU,QAAA,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACU,QAAA,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACU,QAAA,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `4.7.0`;\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n /**\n * China-based Azure Authority Host\n */\n AzureChina = \"https://login.chinacloudapi.cn\",\n /**\n * Germany-based Azure Authority Host\n *\n * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n *\n * */\n AzureGermany = \"https://login.microsoftonline.de\",\n /**\n * US Government Azure Authority Host\n */\n AzureGovernment = \"https://login.microsoftonline.us\",\n /**\n * Public Cloud Azure Authority Host\n */\n AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/**\n * @internal\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/**\n * @internal\n * The default environment host for Azure Public Cloud\n */\nexport const DefaultAuthority = \"login.microsoftonline.com\";\n\n/**\n * @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n */\nexport const ALL_TENANTS: string[] = [\"*\"];\n\n/**\n * @internal\n */\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/**\n * @internal\n */\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/**\n * @internal\n *\n * The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}
node_modules/@azure/identity/dist/commonjs/credentials/authorityValidationOptions.d.ts
Generated Vendored
+16
View File
@@ -0,0 +1,16 @@
/**
* Provides options to configure how the Identity library
* does authority validation during authentication requests
* to Microsoft Entra ID.
*/
export interface AuthorityValidationOptions {
/**
* The field determines whether instance discovery is performed when attempting to authenticate.
* Setting this to `true` will completely disable both instance discovery and authority validation.
* As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.
* This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.
* The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.
*/
disableInstanceDiscovery?: boolean;
}
//# sourceMappingURL=authorityValidationOptions.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/authorityValidationOptions.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"authorityValidationOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorityValidationOptions.ts"],"names":[],"mappings":"AAGA;;;;GAIG;AACH,MAAM,WAAW,0BAA0B;IACzC;;;;;;OAMG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;CACpC"}
node_modules/@azure/identity/dist/commonjs/credentials/authorityValidationOptions.js
Generated Vendored
+5
View File
@@ -0,0 +1,5 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
//# sourceMappingURL=authorityValidationOptions.js.map
node_modules/@azure/identity/dist/commonjs/credentials/authorityValidationOptions.js.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"authorityValidationOptions.js","sourceRoot":"","sources":["../../../src/credentials/authorityValidationOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Provides options to configure how the Identity library\n * does authority validation during authentication requests\n * to Microsoft Entra ID.\n */\nexport interface AuthorityValidationOptions {\n /**\n * The field determines whether instance discovery is performed when attempting to authenticate.\n * Setting this to `true` will completely disable both instance discovery and authority validation.\n * As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.\n * This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.\n * The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.\n */\n disableInstanceDiscovery?: boolean;\n}\n"]}
node_modules/@azure/identity/dist/commonjs/credentials/authorizationCodeCredential.d.ts
Generated Vendored
+73
View File
@@ -0,0 +1,73 @@
import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
import type { AuthorizationCodeCredentialOptions } from "./authorizationCodeCredentialOptions.js";
/**
* Enables authentication to Microsoft Entra ID using an authorization code
* that was obtained through the authorization code flow, described in more detail
* in the Microsoft Entra ID documentation:
*
* https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow
*/
export declare class AuthorizationCodeCredential implements TokenCredential {
private msalClient;
private disableAutomaticAuthentication?;
private authorizationCode;
private redirectUri;
private tenantId?;
private additionallyAllowedTenantIds;
private clientSecret?;
/**
* Creates an instance of AuthorizationCodeCredential with the details needed
* to request an access token using an authentication that was obtained
* from Microsoft Entra ID.
*
* It is currently necessary for the user of this credential to initiate
* the authorization code flow to obtain an authorization code to be used
* with this credential. A full example of this flow is provided here:
*
* https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts
*
* @param tenantId - The Microsoft Entra tenant (directory) ID or name.
* 'common' may be used when dealing with multi-tenant scenarios.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param clientSecret - A client secret that was generated for the App Registration
* @param authorizationCode - An authorization code that was received from following the
authorization code flow. This authorization code must not
have already been used to obtain an access token.
* @param redirectUri - The redirect URI that was used to request the authorization code.
Must be the same URI that is configured for the App Registration.
* @param options - Options for configuring the client which makes the access token request.
*/
constructor(tenantId: string | "common", clientId: string, clientSecret: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
/**
* Creates an instance of AuthorizationCodeCredential with the details needed
* to request an access token using an authentication that was obtained
* from Microsoft Entra ID.
*
* It is currently necessary for the user of this credential to initiate
* the authorization code flow to obtain an authorization code to be used
* with this credential. A full example of this flow is provided here:
*
* https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts
*
* @param tenantId - The Microsoft Entra tenant (directory) ID or name.
* 'common' may be used when dealing with multi-tenant scenarios.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param authorizationCode - An authorization code that was received from following the
authorization code flow. This authorization code must not
have already been used to obtain an access token.
* @param redirectUri - The redirect URI that was used to request the authorization code.
Must be the same URI that is configured for the App Registration.
* @param options - Options for configuring the client which makes the access token request.
*/
constructor(tenantId: string | "common", clientId: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
/**
* Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* TokenCredential implementation might make.
*/
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
}
//# sourceMappingURL=authorizationCodeCredential.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/authorizationCodeCredential.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"authorizationCodeCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAKtF,OAAO,KAAK,EAAE,kCAAkC,EAAE,MAAM,yCAAyC,CAAC;AAUlG;;;;;;GAMG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,8BAA8B,CAAC,CAAU;IACjD,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,YAAY,CAAC,CAAS;IAE9B;;;;;;;;;;;;;;;;;;;;;OAqBG;gBAED,QAAQ,EAAE,MAAM,GAAG,QAAQ,EAC3B,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,iBAAiB,EAAE,MAAM,EACzB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,kCAAkC;IAE9C;;;;;;;;;;;;;;;;;;;;OAoBG;gBAED,QAAQ,EAAE,MAAM,GAAG,QAAQ,EAC3B,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EACzB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,kCAAkC;IA2C9C;;;;;;;OAOG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;CA0B/F"}
node_modules/@azure/identity/dist/commonjs/credentials/authorizationCodeCredential.js
Generated Vendored
+64
View File
@@ -0,0 +1,64 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
exports.AuthorizationCodeCredential = void 0;
const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
const tenantIdUtils_js_2 = require("../util/tenantIdUtils.js");
const logging_js_1 = require("../util/logging.js");
const scopeUtils_js_1 = require("../util/scopeUtils.js");
const tracing_js_1 = require("../util/tracing.js");
const msalClient_js_1 = require("../msal/nodeFlows/msalClient.js");
const logger = (0, logging_js_1.credentialLogger)("AuthorizationCodeCredential");
/**
* Enables authentication to Microsoft Entra ID using an authorization code
* that was obtained through the authorization code flow, described in more detail
* in the Microsoft Entra ID documentation:
*
* https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow
*/
class AuthorizationCodeCredential {
/**
* @hidden
* @internal
*/
constructor(tenantId, clientId, clientSecretOrAuthorizationCode, authorizationCodeOrRedirectUri, redirectUriOrOptions, options) {
(0, tenantIdUtils_js_2.checkTenantId)(logger, tenantId);
this.clientSecret = clientSecretOrAuthorizationCode;
if (typeof redirectUriOrOptions === "string") {
// the clientId+clientSecret constructor
this.authorizationCode = authorizationCodeOrRedirectUri;
this.redirectUri = redirectUriOrOptions;
// in this case, options are good as they come
}
else {
// clientId only
this.authorizationCode = clientSecretOrAuthorizationCode;
this.redirectUri = authorizationCodeOrRedirectUri;
this.clientSecret = undefined;
options = redirectUriOrOptions;
}
// TODO: Validate tenant if provided
this.tenantId = tenantId;
this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
this.msalClient = (0, msalClient_js_1.createMsalClient)(clientId, tenantId, Object.assign(Object.assign({}, options), { logger, tokenCredentialOptions: options !== null && options !== void 0 ? options : {} }));
}
/**
* Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* TokenCredential implementation might make.
*/
async getToken(scopes, options = {}) {
return tracing_js_1.tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
const tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, newOptions, this.additionallyAllowedTenantIds);
newOptions.tenantId = tenantId;
const arrayScopes = (0, scopeUtils_js_1.ensureScopes)(scopes);
return this.msalClient.getTokenByAuthorizationCode(arrayScopes, this.redirectUri, this.authorizationCode, this.clientSecret, Object.assign(Object.assign({}, newOptions), { disableAutomaticAuthentication: this.disableAutomaticAuthentication }));
});
}
}
exports.AuthorizationCodeCredential = AuthorizationCodeCredential;
//# sourceMappingURL=authorizationCodeCredential.js.map
node_modules/@azure/identity/dist/commonjs/credentials/authorizationCodeCredential.js.map
Generated Vendored
+1
View File
File diff suppressed because one or more lines are too long
node_modules/@azure/identity/dist/commonjs/credentials/authorizationCodeCredentialOptions.d.ts
Generated Vendored
+8
View File
@@ -0,0 +1,8 @@
import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
/**
* Options for the {@link AuthorizationCodeCredential}
*/
export interface AuthorizationCodeCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
}
//# sourceMappingURL=authorizationCodeCredentialOptions.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/authorizationCodeCredentialOptions.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"authorizationCodeCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,kCACf,SAAQ,iCAAiC,EACvC,0BAA0B;CAAG"}
node_modules/@azure/identity/dist/commonjs/credentials/authorizationCodeCredentialOptions.js
Generated Vendored
+5
View File
@@ -0,0 +1,5 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
//# sourceMappingURL=authorizationCodeCredentialOptions.js.map
node_modules/@azure/identity/dist/commonjs/credentials/authorizationCodeCredentialOptions.js.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"authorizationCodeCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link AuthorizationCodeCredential}\n */\nexport interface AuthorizationCodeCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n AuthorityValidationOptions {}\n"]}
node_modules/@azure/identity/dist/commonjs/credentials/azureApplicationCredential.d.ts
Generated Vendored
+24
View File
@@ -0,0 +1,24 @@
import type { AzureApplicationCredentialOptions } from "./azureApplicationCredentialOptions.js";
import { ChainedTokenCredential } from "./chainedTokenCredential.js";
/**
* Provides a default {@link ChainedTokenCredential} configuration that should
* work for most applications that use the Azure SDK.
*/
export declare class AzureApplicationCredential extends ChainedTokenCredential {
/**
* Creates an instance of the AzureApplicationCredential class.
*
* The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration that should
* work for most applications deployed on Azure. The following credential types will be tried, in order:
*
* - {@link EnvironmentCredential}
* - {@link ManagedIdentityCredential}
*
* Consult the documentation of these credential types for more information
* on how they attempt authentication.
*
* @param options - Optional parameters. See {@link AzureApplicationCredentialOptions}.
*/
constructor(options?: AzureApplicationCredentialOptions);
}
//# sourceMappingURL=azureApplicationCredential.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/azureApplicationCredential.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"azureApplicationCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredential.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAChG,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE;;;GAGG;AACH,qBAAa,0BAA2B,SAAQ,sBAAsB;IACpE;;;;;;;;;;;;;OAaG;gBACS,OAAO,CAAC,EAAE,iCAAiC;CAOxD"}
node_modules/@azure/identity/dist/commonjs/credentials/azureApplicationCredential.js
Generated Vendored
+36
View File
@@ -0,0 +1,36 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
exports.AzureApplicationCredential = void 0;
const defaultAzureCredential_js_1 = require("./defaultAzureCredential.js");
const chainedTokenCredential_js_1 = require("./chainedTokenCredential.js");
/**
* Provides a default {@link ChainedTokenCredential} configuration that should
* work for most applications that use the Azure SDK.
*/
class AzureApplicationCredential extends chainedTokenCredential_js_1.ChainedTokenCredential {
/**
* Creates an instance of the AzureApplicationCredential class.
*
* The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration that should
* work for most applications deployed on Azure. The following credential types will be tried, in order:
*
* - {@link EnvironmentCredential}
* - {@link ManagedIdentityCredential}
*
* Consult the documentation of these credential types for more information
* on how they attempt authentication.
*
* @param options - Optional parameters. See {@link AzureApplicationCredentialOptions}.
*/
constructor(options) {
const credentialFunctions = [
defaultAzureCredential_js_1.createEnvironmentCredential,
defaultAzureCredential_js_1.createDefaultManagedIdentityCredential,
];
super(...credentialFunctions.map((createCredentialFn) => createCredentialFn(options)));
}
}
exports.AzureApplicationCredential = AzureApplicationCredential;
//# sourceMappingURL=azureApplicationCredential.js.map
node_modules/@azure/identity/dist/commonjs/credentials/azureApplicationCredential.js.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"azureApplicationCredential.js","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAElC,2EAGqC;AAGrC,2EAAqE;AAErE;;;GAGG;AACH,MAAa,0BAA2B,SAAQ,kDAAsB;IACpE;;;;;;;;;;;;;OAaG;IACH,YAAY,OAA2C;QACrD,MAAM,mBAAmB,GAAG;YAC1B,uDAA2B;YAC3B,kEAAsC;SACvC,CAAC;QACF,KAAK,CAAC,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IACzF,CAAC;CACF;AAtBD,gEAsBC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport {\n createDefaultManagedIdentityCredential,\n createEnvironmentCredential,\n} from \"./defaultAzureCredential.js\";\n\nimport type { AzureApplicationCredentialOptions } from \"./azureApplicationCredentialOptions.js\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential.js\";\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications that use the Azure SDK.\n */\nexport class AzureApplicationCredential extends ChainedTokenCredential {\n /**\n * Creates an instance of the AzureApplicationCredential class.\n *\n * The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications deployed on Azure. The following credential types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link ManagedIdentityCredential}\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n *\n * @param options - Optional parameters. See {@link AzureApplicationCredentialOptions}.\n */\n constructor(options?: AzureApplicationCredentialOptions) {\n const credentialFunctions = [\n createEnvironmentCredential,\n createDefaultManagedIdentityCredential,\n ];\n super(...credentialFunctions.map((createCredentialFn) => createCredentialFn(options)));\n }\n}\n"]}
node_modules/@azure/identity/dist/commonjs/credentials/azureApplicationCredentialOptions.d.ts
Generated Vendored
+13
View File
@@ -0,0 +1,13 @@
import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
/**
* Provides options to configure the {@link AzureApplicationCredential} class.
*/
export interface AzureApplicationCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions {
/**
* Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.
* This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.
*/
managedIdentityClientId?: string;
}
//# sourceMappingURL=azureApplicationCredentialOptions.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/azureApplicationCredentialOptions.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"azureApplicationCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,iCACf,SAAQ,iCAAiC,EACvC,4BAA4B;IAC9B;;;OAGG;IACH,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC"}
node_modules/@azure/identity/dist/commonjs/credentials/azureApplicationCredentialOptions.js
Generated Vendored
+5
View File
@@ -0,0 +1,5 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
//# sourceMappingURL=azureApplicationCredentialOptions.js.map
node_modules/@azure/identity/dist/commonjs/credentials/azureApplicationCredentialOptions.js.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"azureApplicationCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Provides options to configure the {@link AzureApplicationCredential} class.\n */\nexport interface AzureApplicationCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions {\n /**\n * Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.\n * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.\n */\n managedIdentityClientId?: string;\n}\n"]}
node_modules/@azure/identity/dist/commonjs/credentials/azureCliCredential.d.ts
Generated Vendored
+64
View File
@@ -0,0 +1,64 @@
import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
import type { AzureCliCredentialOptions } from "./azureCliCredentialOptions.js";
/**
* Mockable reference to the CLI credential cliCredentialFunctions
* @internal
*/
export declare const cliCredentialInternals: {
/**
* @internal
*/
getSafeWorkingDir(): string;
/**
* Gets the access token from Azure CLI
* @param resource - The resource to use when getting the token
* @internal
*/
getAzureCliAccessToken(resource: string, tenantId?: string, subscription?: string, timeout?: number): Promise<{
stdout: string;
stderr: string;
error: Error | null;
}>;
};
/**
* This credential will use the currently logged-in user login information
* via the Azure CLI ('az') commandline tool.
* To do so, it will read the user access token and expire time
* with Azure CLI command "az account get-access-token".
*/
export declare class AzureCliCredential implements TokenCredential {
private tenantId?;
private additionallyAllowedTenantIds;
private timeout?;
private subscription?;
/**
* Creates an instance of the {@link AzureCliCredential}.
*
* To use this credential, ensure that you have already logged
* in via the 'az' tool using the command "az login" from the commandline.
*
* @param options - Options, to optionally allow multi-tenant requests.
*/
constructor(options?: AzureCliCredentialOptions);
/**
* Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* TokenCredential implementation might make.
*/
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
/**
* Parses the raw JSON response from the Azure CLI into a usable AccessToken object
*
* @param rawResponse - The raw JSON response from the Azure CLI
* @returns An access token with the expiry time parsed from the raw response
*
* The expiryTime of the credential's access token, in milliseconds, is calculated as follows:
*
* When available, expires_on (introduced in Azure CLI v2.54.0) will be preferred. Otherwise falls back to expiresOn.
*/
private parseRawResponse;
}
//# sourceMappingURL=azureCliCredential.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/azureCliCredential.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"azureCliCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureCliCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAStF,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAMhF;;;GAGG;AACH,eAAO,MAAM,sBAAsB;IACjC;;OAEG;yBACkB,MAAM;IAW3B;;;;OAIG;qCAES,MAAM,aACL,MAAM,iBACF,MAAM,YACX,MAAM,GACf,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;KAAE,CAAC;CAkCpE,CAAC;AAIF;;;;;GAKG;AACH,qBAAa,kBAAmB,YAAW,eAAe;IACxD,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,OAAO,CAAC,CAAS;IACzB,OAAO,CAAC,YAAY,CAAC,CAAS;IAE9B;;;;;;;OAOG;gBACS,OAAO,CAAC,EAAE,yBAAyB;IAe/C;;;;;;;OAOG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,WAAW,CAAC;IAoEvB;;;;;;;;;OASG;IACH,OAAO,CAAC,gBAAgB;CA+BzB"}
node_modules/@azure/identity/dist/commonjs/credentials/azureCliCredential.js
Generated Vendored
+194
View File
@@ -0,0 +1,194 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
exports.AzureCliCredential = exports.cliCredentialInternals = void 0;
const tslib_1 = require("tslib");
const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
const logging_js_1 = require("../util/logging.js");
const scopeUtils_js_1 = require("../util/scopeUtils.js");
const errors_js_1 = require("../errors.js");
const child_process_1 = tslib_1.__importDefault(require("child_process"));
const tracing_js_1 = require("../util/tracing.js");
const subscriptionUtils_js_1 = require("../util/subscriptionUtils.js");
/**
* Mockable reference to the CLI credential cliCredentialFunctions
* @internal
*/
exports.cliCredentialInternals = {
/**
* @internal
*/
getSafeWorkingDir() {
if (process.platform === "win32") {
if (!process.env["SYSTEMROOT"]) {
throw new Error("Azure CLI credential expects a 'SYSTEMROOT' environment variable");
}
return process.env["SYSTEMROOT"];
}
else {
return "/bin";
}
},
/**
* Gets the access token from Azure CLI
* @param resource - The resource to use when getting the token
* @internal
*/
async getAzureCliAccessToken(resource, tenantId, subscription, timeout) {
let tenantSection = [];
let subscriptionSection = [];
if (tenantId) {
tenantSection = ["--tenant", tenantId];
}
if (subscription) {
// Add quotes around the subscription to handle subscriptions with spaces
subscriptionSection = ["--subscription", `"${subscription}"`];
}
return new Promise((resolve, reject) => {
try {
child_process_1.default.execFile("az", [
"account",
"get-access-token",
"--output",
"json",
"--resource",
resource,
...tenantSection,
...subscriptionSection,
], { cwd: exports.cliCredentialInternals.getSafeWorkingDir(), shell: true, timeout }, (error, stdout, stderr) => {
resolve({ stdout: stdout, stderr: stderr, error });
});
}
catch (err) {
reject(err);
}
});
},
};
const logger = (0, logging_js_1.credentialLogger)("AzureCliCredential");
/**
* This credential will use the currently logged-in user login information
* via the Azure CLI ('az') commandline tool.
* To do so, it will read the user access token and expire time
* with Azure CLI command "az account get-access-token".
*/
class AzureCliCredential {
/**
* Creates an instance of the {@link AzureCliCredential}.
*
* To use this credential, ensure that you have already logged
* in via the 'az' tool using the command "az login" from the commandline.
*
* @param options - Options, to optionally allow multi-tenant requests.
*/
constructor(options) {
if (options === null || options === void 0 ? void 0 : options.tenantId) {
(0, tenantIdUtils_js_1.checkTenantId)(logger, options === null || options === void 0 ? void 0 : options.tenantId);
this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
}
if (options === null || options === void 0 ? void 0 : options.subscription) {
(0, subscriptionUtils_js_1.checkSubscription)(logger, options === null || options === void 0 ? void 0 : options.subscription);
this.subscription = options === null || options === void 0 ? void 0 : options.subscription;
}
this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
this.timeout = options === null || options === void 0 ? void 0 : options.processTimeoutInMs;
}
/**
* Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* TokenCredential implementation might make.
*/
async getToken(scopes, options = {}) {
const tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, options, this.additionallyAllowedTenantIds);
if (tenantId) {
(0, tenantIdUtils_js_1.checkTenantId)(logger, tenantId);
}
if (this.subscription) {
(0, subscriptionUtils_js_1.checkSubscription)(logger, this.subscription);
}
const scope = typeof scopes === "string" ? scopes : scopes[0];
logger.getToken.info(`Using the scope ${scope}`);
return tracing_js_1.tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
var _a, _b, _c, _d;
try {
(0, scopeUtils_js_1.ensureValidScopeForDevTimeCreds)(scope, logger);
const resource = (0, scopeUtils_js_1.getScopeResource)(scope);
const obj = await exports.cliCredentialInternals.getAzureCliAccessToken(resource, tenantId, this.subscription, this.timeout);
const specificScope = (_a = obj.stderr) === null || _a === void 0 ? void 0 : _a.match("(.*)az login --scope(.*)");
const isLoginError = ((_b = obj.stderr) === null || _b === void 0 ? void 0 : _b.match("(.*)az login(.*)")) && !specificScope;
const isNotInstallError = ((_c = obj.stderr) === null || _c === void 0 ? void 0 : _c.match("az:(.*)not found")) || ((_d = obj.stderr) === null || _d === void 0 ? void 0 : _d.startsWith("'az' is not recognized"));
if (isNotInstallError) {
const error = new errors_js_1.CredentialUnavailableError("Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.");
logger.getToken.info((0, logging_js_1.formatError)(scopes, error));
throw error;
}
if (isLoginError) {
const error = new errors_js_1.CredentialUnavailableError("Please run 'az login' from a command prompt to authenticate before using this credential.");
logger.getToken.info((0, logging_js_1.formatError)(scopes, error));
throw error;
}
try {
const responseData = obj.stdout;
const response = this.parseRawResponse(responseData);
logger.getToken.info((0, logging_js_1.formatSuccess)(scopes));
return response;
}
catch (e) {
if (obj.stderr) {
throw new errors_js_1.CredentialUnavailableError(obj.stderr);
}
throw e;
}
}
catch (err) {
const error = err.name === "CredentialUnavailableError"
? err
: new errors_js_1.CredentialUnavailableError(err.message || "Unknown error while trying to retrieve the access token");
logger.getToken.info((0, logging_js_1.formatError)(scopes, error));
throw error;
}
});
}
/**
* Parses the raw JSON response from the Azure CLI into a usable AccessToken object
*
* @param rawResponse - The raw JSON response from the Azure CLI
* @returns An access token with the expiry time parsed from the raw response
*
* The expiryTime of the credential's access token, in milliseconds, is calculated as follows:
*
* When available, expires_on (introduced in Azure CLI v2.54.0) will be preferred. Otherwise falls back to expiresOn.
*/
parseRawResponse(rawResponse) {
const response = JSON.parse(rawResponse);
const token = response.accessToken;
// if available, expires_on will be a number representing seconds since epoch.
// ensure it's a number or NaN
let expiresOnTimestamp = Number.parseInt(response.expires_on, 10) * 1000;
if (!isNaN(expiresOnTimestamp)) {
logger.getToken.info("expires_on is available and is valid, using it");
return {
token,
expiresOnTimestamp,
tokenType: "Bearer",
};
}
// fallback to the older expiresOn - an RFC3339 date string
expiresOnTimestamp = new Date(response.expiresOn).getTime();
// ensure expiresOn is well-formatted
if (isNaN(expiresOnTimestamp)) {
throw new errors_js_1.CredentialUnavailableError(`Unexpected response from Azure CLI when getting token. Expected "expiresOn" to be a RFC3339 date string. Got: "${response.expiresOn}"`);
}
return {
token,
expiresOnTimestamp,
tokenType: "Bearer",
};
}
}
exports.AzureCliCredential = AzureCliCredential;
//# sourceMappingURL=azureCliCredential.js.map
node_modules/@azure/identity/dist/commonjs/credentials/azureCliCredential.js.map
Generated Vendored
+1
View File
File diff suppressed because one or more lines are too long
node_modules/@azure/identity/dist/commonjs/credentials/azureCliCredentialOptions.d.ts
Generated Vendored
+20
View File
@@ -0,0 +1,20 @@
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
/**
* Options for the {@link AzureCliCredential}
*/
export interface AzureCliCredentialOptions extends MultiTenantTokenCredentialOptions {
/**
* Allows specifying a tenant ID
*/
tenantId?: string;
/**
* Process timeout configurable for making token requests, provided in milliseconds
*/
processTimeoutInMs?: number;
/**
* Subscription is the name or ID of a subscription. Set this to acquire tokens for an account other
* than the Azure CLI's current account.
*/
subscription?: string;
}
//# sourceMappingURL=azureCliCredentialOptions.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/azureCliCredentialOptions.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"azureCliCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureCliCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,yBAA0B,SAAQ,iCAAiC;IAClF;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB"}
node_modules/@azure/identity/dist/commonjs/credentials/azureCliCredentialOptions.js
Generated Vendored
+5
View File
@@ -0,0 +1,5 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
//# sourceMappingURL=azureCliCredentialOptions.js.map
node_modules/@azure/identity/dist/commonjs/credentials/azureCliCredentialOptions.js.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"azureCliCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azureCliCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link AzureCliCredential}\n */\nexport interface AzureCliCredentialOptions extends MultiTenantTokenCredentialOptions {\n /**\n * Allows specifying a tenant ID\n */\n tenantId?: string;\n /**\n * Process timeout configurable for making token requests, provided in milliseconds\n */\n processTimeoutInMs?: number;\n /**\n * Subscription is the name or ID of a subscription. Set this to acquire tokens for an account other\n * than the Azure CLI's current account.\n */\n subscription?: string;\n}\n"]}
node_modules/@azure/identity/dist/commonjs/credentials/azureDeveloperCliCredential.d.ts
Generated Vendored
+71
View File
@@ -0,0 +1,71 @@
import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
import type { AzureDeveloperCliCredentialOptions } from "./azureDeveloperCliCredentialOptions.js";
/**
* Mockable reference to the Developer CLI credential cliCredentialFunctions
* @internal
*/
export declare const developerCliCredentialInternals: {
/**
* @internal
*/
getSafeWorkingDir(): string;
/**
* Gets the access token from Azure Developer CLI
* @param scopes - The scopes to use when getting the token
* @internal
*/
getAzdAccessToken(scopes: string[], tenantId?: string, timeout?: number): Promise<{
stdout: string;
stderr: string;
error: Error | null;
}>;
};
/**
* Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy
* resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific
* to Azure developers. It allows users to authenticate as a user and/or a service principal against
* <a href="https://learn.microsoft.com/entra/fundamentals/">Microsoft Entra ID</a>. The
* AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of
* the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or
* service principal and executes an Azure CLI command underneath to authenticate the application against
* Microsoft Entra ID.
*
* <h2> Configure AzureDeveloperCliCredential </h2>
*
* To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the
* commands below:
*
* <ol>
* <li>Run "azd auth login" in Azure Developer CLI to authenticate interactively as a user.</li>
* <li>Run "azd auth login --client-id clientID --client-secret clientSecret
* --tenant-id tenantID" to authenticate as a service principal.</li>
* </ol>
*
* You may need to repeat this process after a certain time period, depending on the refresh token validity in your
* organization. Generally, the refresh token validity period is a few weeks to a few months.
* AzureDeveloperCliCredential will prompt you to sign in again.
*/
export declare class AzureDeveloperCliCredential implements TokenCredential {
private tenantId?;
private additionallyAllowedTenantIds;
private timeout?;
/**
* Creates an instance of the {@link AzureDeveloperCliCredential}.
*
* To use this credential, ensure that you have already logged
* in via the 'azd' tool using the command "azd auth login" from the commandline.
*
* @param options - Options, to optionally allow multi-tenant requests.
*/
constructor(options?: AzureDeveloperCliCredentialOptions);
/**
* Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* TokenCredential implementation might make.
*/
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
}
//# sourceMappingURL=azureDeveloperCliCredential.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/azureDeveloperCliCredential.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"azureDeveloperCliCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAEtF,OAAO,KAAK,EAAE,kCAAkC,EAAE,MAAM,yCAAyC,CAAC;AAWlG;;;GAGG;AACH,eAAO,MAAM,+BAA+B;IAC1C;;OAEG;yBACkB,MAAM;IAa3B;;;;OAIG;8BAEO,MAAM,EAAE,aACL,MAAM,YACP,MAAM,GACf,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;KAAE,CAAC;CAiCpE,CAAC;AAIF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,OAAO,CAAC,CAAS;IAEzB;;;;;;;OAOG;gBACS,OAAO,CAAC,EAAE,kCAAkC;IAWxD;;;;;;;OAOG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,WAAW,CAAC;CA4ExB"}
node_modules/@azure/identity/dist/commonjs/credentials/azureDeveloperCliCredential.js
Generated Vendored
+176
View File
@@ -0,0 +1,176 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
exports.AzureDeveloperCliCredential = exports.developerCliCredentialInternals = void 0;
const tslib_1 = require("tslib");
const logging_js_1 = require("../util/logging.js");
const errors_js_1 = require("../errors.js");
const child_process_1 = tslib_1.__importDefault(require("child_process"));
const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
const tracing_js_1 = require("../util/tracing.js");
const scopeUtils_js_1 = require("../util/scopeUtils.js");
/**
* Mockable reference to the Developer CLI credential cliCredentialFunctions
* @internal
*/
exports.developerCliCredentialInternals = {
/**
* @internal
*/
getSafeWorkingDir() {
if (process.platform === "win32") {
if (!process.env["SYSTEMROOT"]) {
throw new Error("Azure Developer CLI credential expects a 'SYSTEMROOT' environment variable");
}
return process.env["SYSTEMROOT"];
}
else {
return "/bin";
}
},
/**
* Gets the access token from Azure Developer CLI
* @param scopes - The scopes to use when getting the token
* @internal
*/
async getAzdAccessToken(scopes, tenantId, timeout) {
let tenantSection = [];
if (tenantId) {
tenantSection = ["--tenant-id", tenantId];
}
return new Promise((resolve, reject) => {
try {
child_process_1.default.execFile("azd", [
"auth",
"token",
"--output",
"json",
...scopes.reduce((previous, current) => previous.concat("--scope", current), []),
...tenantSection,
], {
cwd: exports.developerCliCredentialInternals.getSafeWorkingDir(),
timeout,
}, (error, stdout, stderr) => {
resolve({ stdout, stderr, error });
});
}
catch (err) {
reject(err);
}
});
},
};
const logger = (0, logging_js_1.credentialLogger)("AzureDeveloperCliCredential");
/**
* Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy
* resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific
* to Azure developers. It allows users to authenticate as a user and/or a service principal against
* <a href="https://learn.microsoft.com/entra/fundamentals/">Microsoft Entra ID</a>. The
* AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of
* the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or
* service principal and executes an Azure CLI command underneath to authenticate the application against
* Microsoft Entra ID.
*
* <h2> Configure AzureDeveloperCliCredential </h2>
*
* To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the
* commands below:
*
* <ol>
* <li>Run "azd auth login" in Azure Developer CLI to authenticate interactively as a user.</li>
* <li>Run "azd auth login --client-id clientID --client-secret clientSecret
* --tenant-id tenantID" to authenticate as a service principal.</li>
* </ol>
*
* You may need to repeat this process after a certain time period, depending on the refresh token validity in your
* organization. Generally, the refresh token validity period is a few weeks to a few months.
* AzureDeveloperCliCredential will prompt you to sign in again.
*/
class AzureDeveloperCliCredential {
/**
* Creates an instance of the {@link AzureDeveloperCliCredential}.
*
* To use this credential, ensure that you have already logged
* in via the 'azd' tool using the command "azd auth login" from the commandline.
*
* @param options - Options, to optionally allow multi-tenant requests.
*/
constructor(options) {
if (options === null || options === void 0 ? void 0 : options.tenantId) {
(0, tenantIdUtils_js_1.checkTenantId)(logger, options === null || options === void 0 ? void 0 : options.tenantId);
this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
}
this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
this.timeout = options === null || options === void 0 ? void 0 : options.processTimeoutInMs;
}
/**
* Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* TokenCredential implementation might make.
*/
async getToken(scopes, options = {}) {
const tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, options, this.additionallyAllowedTenantIds);
if (tenantId) {
(0, tenantIdUtils_js_1.checkTenantId)(logger, tenantId);
}
let scopeList;
if (typeof scopes === "string") {
scopeList = [scopes];
}
else {
scopeList = scopes;
}
logger.getToken.info(`Using the scopes ${scopes}`);
return tracing_js_1.tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
var _a, _b, _c, _d;
try {
scopeList.forEach((scope) => {
(0, scopeUtils_js_1.ensureValidScopeForDevTimeCreds)(scope, logger);
});
const obj = await exports.developerCliCredentialInternals.getAzdAccessToken(scopeList, tenantId, this.timeout);
const isNotLoggedInError = ((_a = obj.stderr) === null || _a === void 0 ? void 0 : _a.match("not logged in, run `azd login` to login")) ||
((_b = obj.stderr) === null || _b === void 0 ? void 0 : _b.match("not logged in, run `azd auth login` to login"));
const isNotInstallError = ((_c = obj.stderr) === null || _c === void 0 ? void 0 : _c.match("azd:(.*)not found")) ||
((_d = obj.stderr) === null || _d === void 0 ? void 0 : _d.startsWith("'azd' is not recognized"));
if (isNotInstallError || (obj.error && obj.error.code === "ENOENT")) {
const error = new errors_js_1.CredentialUnavailableError("Azure Developer CLI couldn't be found. To mitigate this issue, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.");
logger.getToken.info((0, logging_js_1.formatError)(scopes, error));
throw error;
}
if (isNotLoggedInError) {
const error = new errors_js_1.CredentialUnavailableError("Please run 'azd auth login' from a command prompt to authenticate before using this credential. For more information, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.");
logger.getToken.info((0, logging_js_1.formatError)(scopes, error));
throw error;
}
try {
const resp = JSON.parse(obj.stdout);
logger.getToken.info((0, logging_js_1.formatSuccess)(scopes));
return {
token: resp.token,
expiresOnTimestamp: new Date(resp.expiresOn).getTime(),
tokenType: "Bearer",
};
}
catch (e) {
if (obj.stderr) {
throw new errors_js_1.CredentialUnavailableError(obj.stderr);
}
throw e;
}
}
catch (err) {
const error = err.name === "CredentialUnavailableError"
? err
: new errors_js_1.CredentialUnavailableError(err.message || "Unknown error while trying to retrieve the access token");
logger.getToken.info((0, logging_js_1.formatError)(scopes, error));
throw error;
}
});
}
}
exports.AzureDeveloperCliCredential = AzureDeveloperCliCredential;
//# sourceMappingURL=azureDeveloperCliCredential.js.map
node_modules/@azure/identity/dist/commonjs/credentials/azureDeveloperCliCredential.js.map
Generated Vendored
+1
View File
File diff suppressed because one or more lines are too long
node_modules/@azure/identity/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.d.ts
Generated Vendored
+15
View File
@@ -0,0 +1,15 @@
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
/**
* Options for the {@link AzureDeveloperCliCredential}
*/
export interface AzureDeveloperCliCredentialOptions extends MultiTenantTokenCredentialOptions {
/**
* Allows specifying a tenant ID
*/
tenantId?: string;
/**
* Process timeout configurable for making token requests, provided in milliseconds
*/
processTimeoutInMs?: number;
}
//# sourceMappingURL=azureDeveloperCliCredentialOptions.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"azureDeveloperCliCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,kCAAmC,SAAQ,iCAAiC;IAC3F;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B"}
node_modules/@azure/identity/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.js
Generated Vendored
+5
View File
@@ -0,0 +1,5 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
//# sourceMappingURL=azureDeveloperCliCredentialOptions.js.map
node_modules/@azure/identity/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.js.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"azureDeveloperCliCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link AzureDeveloperCliCredential}\n */\nexport interface AzureDeveloperCliCredentialOptions extends MultiTenantTokenCredentialOptions {\n /**\n * Allows specifying a tenant ID\n */\n tenantId?: string;\n /**\n * Process timeout configurable for making token requests, provided in milliseconds\n */\n processTimeoutInMs?: number;\n}\n"]}
node_modules/@azure/identity/dist/commonjs/credentials/azurePipelinesCredential.d.ts
Generated Vendored
+38
View File
@@ -0,0 +1,38 @@
import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
import type { AzurePipelinesCredentialOptions } from "./azurePipelinesCredentialOptions.js";
import type { PipelineResponse } from "@azure/core-rest-pipeline";
/**
* This credential is designed to be used in Azure Pipelines with service connections
* as a setup for workload identity federation.
*/
export declare class AzurePipelinesCredential implements TokenCredential {
private clientAssertionCredential;
private identityClient;
/**
* AzurePipelinesCredential supports Federated Identity on Azure Pipelines through Service Connections.
* @param tenantId - tenantId associated with the service connection
* @param clientId - clientId associated with the service connection
* @param serviceConnectionId - Unique ID for the service connection, as found in the querystring's resourceId key
* @param systemAccessToken - The pipeline's <see href="https://learn.microsoft.com/azure/devops/pipelines/build/variables?view=azure-devops%26tabs=yaml#systemaccesstoken">System.AccessToken</see> value.
* @param options - The identity client options to use for authentication.
*/
constructor(tenantId: string, clientId: string, serviceConnectionId: string, systemAccessToken: string, options?: AzurePipelinesCredentialOptions);
/**
* Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} or {@link AuthenticationError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* TokenCredential implementation might make.
*/
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
/**
*
* @param oidcRequestUrl - oidc request url
* @param systemAccessToken - system access token
* @returns OIDC token from Azure Pipelines
*/
private requestOidcToken;
}
export declare function handleOidcResponse(response: PipelineResponse): string;
//# sourceMappingURL=azurePipelinesCredential.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/azurePipelinesCredential.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"azurePipelinesCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/azurePipelinesCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAItF,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,sCAAsC,CAAC;AAG5F,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAQlE;;;GAGG;AACH,qBAAa,wBAAyB,YAAW,eAAe;IAC9D,OAAO,CAAC,yBAAyB,CAAwC;IACzE,OAAO,CAAC,cAAc,CAAiB;IAEvC;;;;;;;OAOG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,mBAAmB,EAAE,MAAM,EAC3B,iBAAiB,EAAE,MAAM,EACzB,OAAO,GAAE,+BAAoC;IAwD/C;;;;;;;OAOG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC;IAgBvB;;;;;OAKG;YACW,gBAAgB;CAmB/B;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,gBAAgB,GAAG,MAAM,CA6CrE"}
node_modules/@azure/identity/dist/commonjs/credentials/azurePipelinesCredential.js
Generated Vendored
+146
View File
@@ -0,0 +1,146 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
exports.AzurePipelinesCredential = void 0;
exports.handleOidcResponse = handleOidcResponse;
const errors_js_1 = require("../errors.js");
const core_rest_pipeline_1 = require("@azure/core-rest-pipeline");
const clientAssertionCredential_js_1 = require("./clientAssertionCredential.js");
const identityClient_js_1 = require("../client/identityClient.js");
const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
const logging_js_1 = require("../util/logging.js");
const credentialName = "AzurePipelinesCredential";
const logger = (0, logging_js_1.credentialLogger)(credentialName);
const OIDC_API_VERSION = "7.1";
/**
* This credential is designed to be used in Azure Pipelines with service connections
* as a setup for workload identity federation.
*/
class AzurePipelinesCredential {
/**
* AzurePipelinesCredential supports Federated Identity on Azure Pipelines through Service Connections.
* @param tenantId - tenantId associated with the service connection
* @param clientId - clientId associated with the service connection
* @param serviceConnectionId - Unique ID for the service connection, as found in the querystring's resourceId key
* @param systemAccessToken - The pipeline's <see href="https://learn.microsoft.com/azure/devops/pipelines/build/variables?view=azure-devops%26tabs=yaml#systemaccesstoken">System.AccessToken</see> value.
* @param options - The identity client options to use for authentication.
*/
constructor(tenantId, clientId, serviceConnectionId, systemAccessToken, options = {}) {
var _a, _b;
if (!clientId) {
throw new errors_js_1.CredentialUnavailableError(`${credentialName}: is unavailable. clientId is a required parameter.`);
}
if (!tenantId) {
throw new errors_js_1.CredentialUnavailableError(`${credentialName}: is unavailable. tenantId is a required parameter.`);
}
if (!serviceConnectionId) {
throw new errors_js_1.CredentialUnavailableError(`${credentialName}: is unavailable. serviceConnectionId is a required parameter.`);
}
if (!systemAccessToken) {
throw new errors_js_1.CredentialUnavailableError(`${credentialName}: is unavailable. systemAccessToken is a required parameter.`);
}
// Allow these headers to be logged for troubleshooting by AzurePipelines.
options.loggingOptions = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.loggingOptions), { additionalAllowedHeaderNames: [
...((_b = (_a = options.loggingOptions) === null || _a === void 0 ? void 0 : _a.additionalAllowedHeaderNames) !== null && _b !== void 0 ? _b : []),
"x-vss-e2eid",
"x-msedge-ref",
] });
this.identityClient = new identityClient_js_1.IdentityClient(options);
(0, tenantIdUtils_js_1.checkTenantId)(logger, tenantId);
logger.info(`Invoking AzurePipelinesCredential with tenant ID: ${tenantId}, client ID: ${clientId}, and service connection ID: ${serviceConnectionId}`);
if (!process.env.SYSTEM_OIDCREQUESTURI) {
throw new errors_js_1.CredentialUnavailableError(`${credentialName}: is unavailable. Ensure that you're running this task in an Azure Pipeline, so that following missing system variable(s) can be defined- "SYSTEM_OIDCREQUESTURI"`);
}
const oidcRequestUrl = `${process.env.SYSTEM_OIDCREQUESTURI}?api-version=${OIDC_API_VERSION}&serviceConnectionId=${serviceConnectionId}`;
logger.info(`Invoking ClientAssertionCredential with tenant ID: ${tenantId}, client ID: ${clientId} and service connection ID: ${serviceConnectionId}`);
this.clientAssertionCredential = new clientAssertionCredential_js_1.ClientAssertionCredential(tenantId, clientId, this.requestOidcToken.bind(this, oidcRequestUrl, systemAccessToken), options);
}
/**
* Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} or {@link AuthenticationError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* TokenCredential implementation might make.
*/
async getToken(scopes, options) {
if (!this.clientAssertionCredential) {
const errorMessage = `${credentialName}: is unavailable. To use Federation Identity in Azure Pipelines, the following parameters are required -
tenantId,
clientId,
serviceConnectionId,
systemAccessToken,
"SYSTEM_OIDCREQUESTURI".
See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`;
logger.error(errorMessage);
throw new errors_js_1.CredentialUnavailableError(errorMessage);
}
logger.info("Invoking getToken() of Client Assertion Credential");
return this.clientAssertionCredential.getToken(scopes, options);
}
/**
*
* @param oidcRequestUrl - oidc request url
* @param systemAccessToken - system access token
* @returns OIDC token from Azure Pipelines
*/
async requestOidcToken(oidcRequestUrl, systemAccessToken) {
logger.info("Requesting OIDC token from Azure Pipelines...");
logger.info(oidcRequestUrl);
const request = (0, core_rest_pipeline_1.createPipelineRequest)({
url: oidcRequestUrl,
method: "POST",
headers: (0, core_rest_pipeline_1.createHttpHeaders)({
"Content-Type": "application/json",
Authorization: `Bearer ${systemAccessToken}`,
// Prevents the service from responding with a redirect HTTP status code (useful for automation).
"X-TFS-FedAuthRedirect": "Suppress",
}),
});
const response = await this.identityClient.sendRequest(request);
return handleOidcResponse(response);
}
}
exports.AzurePipelinesCredential = AzurePipelinesCredential;
function handleOidcResponse(response) {
// OIDC token is present in `bodyAsText` field
const text = response.bodyAsText;
if (!text) {
logger.error(`${credentialName}: Authentication Failed. Received null token from OIDC request. Response status- ${response.status}. Complete response - ${JSON.stringify(response)}`);
throw new errors_js_1.AuthenticationError(response.status, {
error: `${credentialName}: Authentication Failed. Received null token from OIDC request.`,
error_description: `${JSON.stringify(response)}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`,
});
}
try {
const result = JSON.parse(text);
if (result === null || result === void 0 ? void 0 : result.oidcToken) {
return result.oidcToken;
}
else {
const errorMessage = `${credentialName}: Authentication Failed. oidcToken field not detected in the response.`;
let errorDescription = ``;
if (response.status !== 200) {
errorDescription = `Response body = ${text}. Response Headers ["x-vss-e2eid"] = ${response.headers.get("x-vss-e2eid")} and ["x-msedge-ref"] = ${response.headers.get("x-msedge-ref")}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`;
}
logger.error(errorMessage);
logger.error(errorDescription);
throw new errors_js_1.AuthenticationError(response.status, {
error: errorMessage,
error_description: errorDescription,
});
}
}
catch (e) {
const errorDetails = `${credentialName}: Authentication Failed. oidcToken field not detected in the response.`;
logger.error(`Response from service = ${text}, Response Headers ["x-vss-e2eid"] = ${response.headers.get("x-vss-e2eid")}
and ["x-msedge-ref"] = ${response.headers.get("x-msedge-ref")}, error message = ${e.message}`);
logger.error(errorDetails);
throw new errors_js_1.AuthenticationError(response.status, {
error: errorDetails,
error_description: `Response = ${text}. Response headers ["x-vss-e2eid"] = ${response.headers.get("x-vss-e2eid")} and ["x-msedge-ref"] = ${response.headers.get("x-msedge-ref")}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`,
});
}
}
//# sourceMappingURL=azurePipelinesCredential.js.map
node_modules/@azure/identity/dist/commonjs/credentials/azurePipelinesCredential.js.map
Generated Vendored
+1
View File
File diff suppressed because one or more lines are too long
node_modules/@azure/identity/dist/commonjs/credentials/azurePipelinesCredentialOptions.d.ts
Generated Vendored
+9
View File
@@ -0,0 +1,9 @@
import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
/**
* Optional parameters for the {@link AzurePipelinesCredential} class.
*/
export interface AzurePipelinesCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
}
//# sourceMappingURL=azurePipelinesCredentialOptions.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/azurePipelinesCredentialOptions.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"azurePipelinesCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/azurePipelinesCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,+BACf,SAAQ,iCAAiC,EACvC,4BAA4B,EAC5B,0BAA0B;CAAG"}
node_modules/@azure/identity/dist/commonjs/credentials/azurePipelinesCredentialOptions.js
Generated Vendored
+5
View File
@@ -0,0 +1,5 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
//# sourceMappingURL=azurePipelinesCredentialOptions.js.map
node_modules/@azure/identity/dist/commonjs/credentials/azurePipelinesCredentialOptions.js.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"azurePipelinesCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azurePipelinesCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Optional parameters for the {@link AzurePipelinesCredential} class.\n */\nexport interface AzurePipelinesCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions,\n AuthorityValidationOptions {}\n"]}
node_modules/@azure/identity/dist/commonjs/credentials/azurePowerShellCredential.d.ts
Generated Vendored
+75
View File
@@ -0,0 +1,75 @@
import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
import type { AzurePowerShellCredentialOptions } from "./azurePowerShellCredentialOptions.js";
/**
* Returns a platform-appropriate command name by appending ".exe" on Windows.
*
* @internal
*/
export declare function formatCommand(commandName: string): string;
/**
* Known PowerShell errors
* @internal
*/
export declare const powerShellErrors: {
login: string;
installed: string;
};
/**
* Messages to use when throwing in this credential.
* @internal
*/
export declare const powerShellPublicErrorMessages: {
login: string;
installed: string;
troubleshoot: string;
};
/**
* The PowerShell commands to be tried, in order.
*
* @internal
*/
export declare const commandStack: string[];
/**
* This credential will use the currently logged-in user information from the
* Azure PowerShell module. To do so, it will read the user access token and
* expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`
*/
export declare class AzurePowerShellCredential implements TokenCredential {
private tenantId?;
private additionallyAllowedTenantIds;
private timeout?;
/**
* Creates an instance of the {@link AzurePowerShellCredential}.
*
* To use this credential:
* - Install the Azure Az PowerShell module with:
* `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.
* - You have already logged in to Azure PowerShell using the command
* `Connect-AzAccount` from the command line.
*
* @param options - Options, to optionally allow multi-tenant requests.
*/
constructor(options?: AzurePowerShellCredentialOptions);
/**
* Gets the access token from Azure PowerShell
* @param resource - The resource to use when getting the token
*/
private getAzurePowerShellAccessToken;
/**
* Authenticates with Microsoft Entra ID and returns an access token if successful.
* If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this TokenCredential implementation might make.
*/
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
}
/**
*
* @internal
*/
export declare function parseJsonToken(result: string): Promise<{
Token: string;
ExpiresOn: string;
}>;
//# sourceMappingURL=azurePowerShellCredential.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/azurePowerShellCredential.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"azurePowerShellCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAStF,OAAO,KAAK,EAAE,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AAS9F;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAMzD;AAuBD;;;GAGG;AACH,eAAO,MAAM,gBAAgB;;;CAI5B,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,6BAA6B;;;;CAKzC,CAAC;AAUF;;;;GAIG;AACH,eAAO,MAAM,YAAY,UAA0B,CAAC;AAMpD;;;;GAIG;AACH,qBAAa,yBAA0B,YAAW,eAAe;IAC/D,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,OAAO,CAAC,CAAS;IAEzB;;;;;;;;;;OAUG;gBACS,OAAO,CAAC,EAAE,gCAAgC;IAWtD;;;OAGG;YACW,6BAA6B;IA2D3C;;;;;;OAMG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,WAAW,CAAC;CAwCxB;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAyB/C"}
node_modules/@azure/identity/dist/commonjs/credentials/azurePowerShellCredential.js
Generated Vendored
+235
View File
@@ -0,0 +1,235 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
exports.AzurePowerShellCredential = exports.commandStack = exports.powerShellPublicErrorMessages = exports.powerShellErrors = void 0;
exports.formatCommand = formatCommand;
exports.parseJsonToken = parseJsonToken;
const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
const logging_js_1 = require("../util/logging.js");
const scopeUtils_js_1 = require("../util/scopeUtils.js");
const errors_js_1 = require("../errors.js");
const processUtils_js_1 = require("../util/processUtils.js");
const tracing_js_1 = require("../util/tracing.js");
const logger = (0, logging_js_1.credentialLogger)("AzurePowerShellCredential");
const isWindows = process.platform === "win32";
/**
* Returns a platform-appropriate command name by appending ".exe" on Windows.
*
* @internal
*/
function formatCommand(commandName) {
if (isWindows) {
return `${commandName}.exe`;
}
else {
return commandName;
}
}
/**
* Receives a list of commands to run, executes them, then returns the outputs.
* If anything fails, an error is thrown.
* @internal
*/
async function runCommands(commands, timeout) {
const results = [];
for (const command of commands) {
const [file, ...parameters] = command;
const result = (await processUtils_js_1.processUtils.execFile(file, parameters, {
encoding: "utf8",
timeout,
}));
results.push(result);
}
return results;
}
/**
* Known PowerShell errors
* @internal
*/
exports.powerShellErrors = {
login: "Run Connect-AzAccount to login",
installed: "The specified module 'Az.Accounts' with version '2.2.0' was not loaded because no valid module file was found in any module directory",
};
/**
* Messages to use when throwing in this credential.
* @internal
*/
exports.powerShellPublicErrorMessages = {
login: "Please run 'Connect-AzAccount' from PowerShell to authenticate before using this credential.",
installed: `The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: "Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force".`,
troubleshoot: `To troubleshoot, visit https://aka.ms/azsdk/js/identity/powershellcredential/troubleshoot.`,
};
// PowerShell Azure User not logged in error check.
const isLoginError = (err) => err.message.match(`(.*)${exports.powerShellErrors.login}(.*)`);
// Az Module not Installed in Azure PowerShell check.
const isNotInstalledError = (err) => err.message.match(exports.powerShellErrors.installed);
/**
* The PowerShell commands to be tried, in order.
*
* @internal
*/
exports.commandStack = [formatCommand("pwsh")];
if (isWindows) {
exports.commandStack.push(formatCommand("powershell"));
}
/**
* This credential will use the currently logged-in user information from the
* Azure PowerShell module. To do so, it will read the user access token and
* expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`
*/
class AzurePowerShellCredential {
/**
* Creates an instance of the {@link AzurePowerShellCredential}.
*
* To use this credential:
* - Install the Azure Az PowerShell module with:
* `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.
* - You have already logged in to Azure PowerShell using the command
* `Connect-AzAccount` from the command line.
*
* @param options - Options, to optionally allow multi-tenant requests.
*/
constructor(options) {
if (options === null || options === void 0 ? void 0 : options.tenantId) {
(0, tenantIdUtils_js_1.checkTenantId)(logger, options === null || options === void 0 ? void 0 : options.tenantId);
this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
}
this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
this.timeout = options === null || options === void 0 ? void 0 : options.processTimeoutInMs;
}
/**
* Gets the access token from Azure PowerShell
* @param resource - The resource to use when getting the token
*/
async getAzurePowerShellAccessToken(resource, tenantId, timeout) {
// Clone the stack to avoid mutating it while iterating
for (const powerShellCommand of [...exports.commandStack]) {
try {
await runCommands([[powerShellCommand, "/?"]], timeout);
}
catch (e) {
// Remove this credential from the original stack so that we don't try it again.
exports.commandStack.shift();
continue;
}
const results = await runCommands([
[
powerShellCommand,
"-NoProfile",
"-NonInteractive",
"-Command",
`
$tenantId = "${tenantId !== null && tenantId !== void 0 ? tenantId : ""}"
$m = Import-Module Az.Accounts -MinimumVersion 2.2.0 -PassThru
$useSecureString = $m.Version -ge [version]'2.17.0'
$params = @{
ResourceUrl = "${resource}"
}
if ($tenantId.Length -gt 0) {
$params["TenantId"] = $tenantId
}
if ($useSecureString) {
$params["AsSecureString"] = $true
}
$token = Get-AzAccessToken @params
$result = New-Object -TypeName PSObject
$result | Add-Member -MemberType NoteProperty -Name ExpiresOn -Value $token.ExpiresOn
if ($useSecureString) {
$result | Add-Member -MemberType NoteProperty -Name Token -Value (ConvertFrom-SecureString -AsPlainText $token.Token)
} else {
$result | Add-Member -MemberType NoteProperty -Name Token -Value $token.Token
}
Write-Output (ConvertTo-Json $result)
`,
],
]);
const result = results[0];
return parseJsonToken(result);
}
throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system`);
}
/**
* Authenticates with Microsoft Entra ID and returns an access token if successful.
* If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this TokenCredential implementation might make.
*/
async getToken(scopes, options = {}) {
return tracing_js_1.tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
const tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, options, this.additionallyAllowedTenantIds);
const scope = typeof scopes === "string" ? scopes : scopes[0];
if (tenantId) {
(0, tenantIdUtils_js_1.checkTenantId)(logger, tenantId);
}
try {
(0, scopeUtils_js_1.ensureValidScopeForDevTimeCreds)(scope, logger);
logger.getToken.info(`Using the scope ${scope}`);
const resource = (0, scopeUtils_js_1.getScopeResource)(scope);
const response = await this.getAzurePowerShellAccessToken(resource, tenantId, this.timeout);
logger.getToken.info((0, logging_js_1.formatSuccess)(scopes));
return {
token: response.Token,
expiresOnTimestamp: new Date(response.ExpiresOn).getTime(),
tokenType: "Bearer",
};
}
catch (err) {
if (isNotInstalledError(err)) {
const error = new errors_js_1.CredentialUnavailableError(exports.powerShellPublicErrorMessages.installed);
logger.getToken.info((0, logging_js_1.formatError)(scope, error));
throw error;
}
else if (isLoginError(err)) {
const error = new errors_js_1.CredentialUnavailableError(exports.powerShellPublicErrorMessages.login);
logger.getToken.info((0, logging_js_1.formatError)(scope, error));
throw error;
}
const error = new errors_js_1.CredentialUnavailableError(`${err}. ${exports.powerShellPublicErrorMessages.troubleshoot}`);
logger.getToken.info((0, logging_js_1.formatError)(scope, error));
throw error;
}
});
}
}
exports.AzurePowerShellCredential = AzurePowerShellCredential;
/**
*
* @internal
*/
async function parseJsonToken(result) {
const jsonRegex = /{[^{}]*}/g;
const matches = result.match(jsonRegex);
let resultWithoutToken = result;
if (matches) {
try {
for (const item of matches) {
try {
const jsonContent = JSON.parse(item);
if (jsonContent === null || jsonContent === void 0 ? void 0 : jsonContent.Token) {
resultWithoutToken = resultWithoutToken.replace(item, "");
if (resultWithoutToken) {
logger.getToken.warning(resultWithoutToken);
}
return jsonContent;
}
}
catch (e) {
continue;
}
}
}
catch (e) {
throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`);
}
}
throw new Error(`No access token found in the output. Received output: ${result}`);
}
//# sourceMappingURL=azurePowerShellCredential.js.map
node_modules/@azure/identity/dist/commonjs/credentials/azurePowerShellCredential.js.map
Generated Vendored
+1
View File
File diff suppressed because one or more lines are too long
node_modules/@azure/identity/dist/commonjs/credentials/azurePowerShellCredentialOptions.d.ts
Generated Vendored
+15
View File
@@ -0,0 +1,15 @@
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
/**
* Options for the {@link AzurePowerShellCredential}
*/
export interface AzurePowerShellCredentialOptions extends MultiTenantTokenCredentialOptions {
/**
* Allows specifying a tenant ID
*/
tenantId?: string;
/**
* Process timeout configurable for making token requests, provided in milliseconds
*/
processTimeoutInMs?: number;
}
//# sourceMappingURL=azurePowerShellCredentialOptions.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/azurePowerShellCredentialOptions.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"azurePowerShellCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,gCAAiC,SAAQ,iCAAiC;IACzF;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B"}
node_modules/@azure/identity/dist/commonjs/credentials/azurePowerShellCredentialOptions.js
Generated Vendored
+5
View File
@@ -0,0 +1,5 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
//# sourceMappingURL=azurePowerShellCredentialOptions.js.map
node_modules/@azure/identity/dist/commonjs/credentials/azurePowerShellCredentialOptions.js.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"azurePowerShellCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link AzurePowerShellCredential}\n */\nexport interface AzurePowerShellCredentialOptions extends MultiTenantTokenCredentialOptions {\n /**\n * Allows specifying a tenant ID\n */\n tenantId?: string;\n /**\n * Process timeout configurable for making token requests, provided in milliseconds\n */\n processTimeoutInMs?: number;\n}\n"]}
node_modules/@azure/identity/dist/commonjs/credentials/brokerAuthOptions.d.ts
Generated Vendored
+13
View File
@@ -0,0 +1,13 @@
import type { BrokerOptions } from "../msal/nodeFlows/brokerOptions.js";
/**
* Configuration options for InteractiveBrowserCredential
* to support WAM Broker Authentication.
*/
export interface BrokerAuthOptions {
/**
* Options to allow broker authentication when using InteractiveBrowserCredential
*
*/
brokerOptions?: BrokerOptions;
}
//# sourceMappingURL=brokerAuthOptions.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/brokerAuthOptions.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"brokerAuthOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/brokerAuthOptions.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oCAAoC,CAAC;AAExE;;;GAGG;AAEH,MAAM,WAAW,iBAAiB;IAChC;;;OAGG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;CAC/B"}
node_modules/@azure/identity/dist/commonjs/credentials/brokerAuthOptions.js
Generated Vendored
+3
View File
@@ -0,0 +1,3 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
//# sourceMappingURL=brokerAuthOptions.js.map
node_modules/@azure/identity/dist/commonjs/credentials/brokerAuthOptions.js.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"brokerAuthOptions.js","sourceRoot":"","sources":["../../../src/credentials/brokerAuthOptions.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\nimport type { BrokerOptions } from \"../msal/nodeFlows/brokerOptions.js\";\n\n/**\n * Configuration options for InteractiveBrowserCredential\n * to support WAM Broker Authentication.\n */\n\nexport interface BrokerAuthOptions {\n /**\n * Options to allow broker authentication when using InteractiveBrowserCredential\n *\n */\n brokerOptions?: BrokerOptions;\n}\n"]}
node_modules/@azure/identity/dist/commonjs/credentials/browserCustomizationOptions.d.ts
Generated Vendored
+19
View File
@@ -0,0 +1,19 @@
/**
* Shared configuration options for browser customization
*/
export interface BrowserCustomizationOptions {
/**
* Shared configuration options for browser customization
*/
browserCustomizationOptions?: {
/**
* Format for error messages for display in browser
*/
errorMessage?: string;
/**
* Format for success messages for display in browser
*/
successMessage?: string;
};
}
//# sourceMappingURL=browserCustomizationOptions.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/browserCustomizationOptions.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"browserCustomizationOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/browserCustomizationOptions.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C;;OAEG;IACH,2BAA2B,CAAC,EAAE;QAC5B;;WAEG;QACH,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB;;WAEG;QACH,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB,CAAC;CACH"}
node_modules/@azure/identity/dist/commonjs/credentials/browserCustomizationOptions.js
Generated Vendored
+5
View File
@@ -0,0 +1,5 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
//# sourceMappingURL=browserCustomizationOptions.js.map
node_modules/@azure/identity/dist/commonjs/credentials/browserCustomizationOptions.js.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"browserCustomizationOptions.js","sourceRoot":"","sources":["../../../src/credentials/browserCustomizationOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Shared configuration options for browser customization\n */\nexport interface BrowserCustomizationOptions {\n /**\n * Shared configuration options for browser customization\n */\n browserCustomizationOptions?: {\n /**\n * Format for error messages for display in browser\n */\n errorMessage?: string;\n /**\n * Format for success messages for display in browser\n */\n successMessage?: string;\n };\n}\n"]}
node_modules/@azure/identity/dist/commonjs/credentials/chainedTokenCredential.d.ts
Generated Vendored
+51
View File
@@ -0,0 +1,51 @@
import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
/**
* @internal
*/
export declare const logger: import("../util/logging.js").CredentialLogger;
/**
* Enables multiple `TokenCredential` implementations to be tried in order until
* one of the getToken methods returns an access token. For more information, see
* [ChainedTokenCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-chainedtokencredential-for-granularity).
*/
export declare class ChainedTokenCredential implements TokenCredential {
private _sources;
/**
* Creates an instance of ChainedTokenCredential using the given credentials.
*
* @param sources - `TokenCredential` implementations to be tried in order.
*
* Example usage:
* ```ts snippet:chained_token_credential_example
* import { ClientSecretCredential, ChainedTokenCredential } from "@azure/identity";
*
* const tenantId = "<tenant-id>";
* const clientId = "<client-id>";
* const clientSecret = "<client-secret>";
* const anotherClientId = "<another-client-id>";
* const anotherSecret = "<another-client-secret>";
*
* const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
* const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);
*
* const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);
* ```
*/
constructor(...sources: TokenCredential[]);
/**
* Returns the first access token returned by one of the chained
* `TokenCredential` implementations. Throws an {@link AggregateAuthenticationError}
* when one or more credentials throws an {@link AuthenticationError} and
* no credentials have returned an access token.
*
* This method is called automatically by Azure SDK client libraries. You may call this method
* directly, but you must also handle token caching and token refreshing.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* `TokenCredential` implementation might make.
*/
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
private getTokenInternal;
}
//# sourceMappingURL=chainedTokenCredential.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/chainedTokenCredential.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"chainedTokenCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/chainedTokenCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAKtF;;GAEG;AACH,eAAO,MAAM,MAAM,+CAA6C,CAAC;AAEjE;;;;GAIG;AACH,qBAAa,sBAAuB,YAAW,eAAe;IAC5D,OAAO,CAAC,QAAQ,CAAyB;IAEzC;;;;;;;;;;;;;;;;;;;;OAoBG;gBACS,GAAG,OAAO,EAAE,eAAe,EAAE;IAIzC;;;;;;;;;;;;OAYG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;YAKhF,gBAAgB;CAiD/B"}
node_modules/@azure/identity/dist/commonjs/credentials/chainedTokenCredential.js
Generated Vendored
+96
View File
@@ -0,0 +1,96 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
exports.ChainedTokenCredential = exports.logger = void 0;
const errors_js_1 = require("../errors.js");
const logging_js_1 = require("../util/logging.js");
const tracing_js_1 = require("../util/tracing.js");
/**
* @internal
*/
exports.logger = (0, logging_js_1.credentialLogger)("ChainedTokenCredential");
/**
* Enables multiple `TokenCredential` implementations to be tried in order until
* one of the getToken methods returns an access token. For more information, see
* [ChainedTokenCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-chainedtokencredential-for-granularity).
*/
class ChainedTokenCredential {
/**
* Creates an instance of ChainedTokenCredential using the given credentials.
*
* @param sources - `TokenCredential` implementations to be tried in order.
*
* Example usage:
* ```ts snippet:chained_token_credential_example
* import { ClientSecretCredential, ChainedTokenCredential } from "@azure/identity";
*
* const tenantId = "<tenant-id>";
* const clientId = "<client-id>";
* const clientSecret = "<client-secret>";
* const anotherClientId = "<another-client-id>";
* const anotherSecret = "<another-client-secret>";
*
* const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
* const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);
*
* const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);
* ```
*/
constructor(...sources) {
this._sources = [];
this._sources = sources;
}
/**
* Returns the first access token returned by one of the chained
* `TokenCredential` implementations. Throws an {@link AggregateAuthenticationError}
* when one or more credentials throws an {@link AuthenticationError} and
* no credentials have returned an access token.
*
* This method is called automatically by Azure SDK client libraries. You may call this method
* directly, but you must also handle token caching and token refreshing.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* `TokenCredential` implementation might make.
*/
async getToken(scopes, options = {}) {
const { token } = await this.getTokenInternal(scopes, options);
return token;
}
async getTokenInternal(scopes, options = {}) {
let token = null;
let successfulCredential;
const errors = [];
return tracing_js_1.tracingClient.withSpan("ChainedTokenCredential.getToken", options, async (updatedOptions) => {
for (let i = 0; i < this._sources.length && token === null; i++) {
try {
token = await this._sources[i].getToken(scopes, updatedOptions);
successfulCredential = this._sources[i];
}
catch (err) {
if (err.name === "CredentialUnavailableError" ||
err.name === "AuthenticationRequiredError") {
errors.push(err);
}
else {
exports.logger.getToken.info((0, logging_js_1.formatError)(scopes, err));
throw err;
}
}
}
if (!token && errors.length > 0) {
const err = new errors_js_1.AggregateAuthenticationError(errors, "ChainedTokenCredential authentication failed.");
exports.logger.getToken.info((0, logging_js_1.formatError)(scopes, err));
throw err;
}
exports.logger.getToken.info(`Result for ${successfulCredential.constructor.name}: ${(0, logging_js_1.formatSuccess)(scopes)}`);
if (token === null) {
throw new errors_js_1.CredentialUnavailableError("Failed to retrieve a valid token");
}
return { token, successfulCredential };
});
}
}
exports.ChainedTokenCredential = ChainedTokenCredential;
//# sourceMappingURL=chainedTokenCredential.js.map
node_modules/@azure/identity/dist/commonjs/credentials/chainedTokenCredential.js.map
Generated Vendored
+1
View File
File diff suppressed because one or more lines are too long
node_modules/@azure/identity/dist/commonjs/credentials/clientAssertionCredential.d.ts
Generated Vendored
+33
View File
@@ -0,0 +1,33 @@
import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
import type { ClientAssertionCredentialOptions } from "./clientAssertionCredentialOptions.js";
/**
* Authenticates a service principal with a JWT assertion.
*/
export declare class ClientAssertionCredential implements TokenCredential {
private msalClient;
private tenantId;
private additionallyAllowedTenantIds;
private getAssertion;
private options;
/**
* Creates an instance of the ClientAssertionCredential with the details
* needed to authenticate against Microsoft Entra ID with a client
* assertion provided by the developer through the `getAssertion` function parameter.
*
* @param tenantId - The Microsoft Entra tenant (directory) ID.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param getAssertion - A function that retrieves the assertion for the credential to use.
* @param options - Options for configuring the client which makes the authentication request.
*/
constructor(tenantId: string, clientId: string, getAssertion: () => Promise<string>, options?: ClientAssertionCredentialOptions);
/**
* Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* TokenCredential implementation might make.
*/
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
}
//# sourceMappingURL=clientAssertionCredential.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/clientAssertionCredential.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"clientAssertionCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAQtF,OAAO,KAAK,EAAE,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AAO9F;;GAEG;AACH,qBAAa,yBAA0B,YAAW,eAAe;IAC/D,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,YAAY,CAAwB;IAC5C,OAAO,CAAC,OAAO,CAAmC;IAElD;;;;;;;;;OASG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,EACnC,OAAO,GAAE,gCAAqC;IAiChD;;;;;;;OAOG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;CAqB/F"}
node_modules/@azure/identity/dist/commonjs/credentials/clientAssertionCredential.js
Generated Vendored
+59
View File
@@ -0,0 +1,59 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
exports.ClientAssertionCredential = void 0;
const msalClient_js_1 = require("../msal/nodeFlows/msalClient.js");
const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
const errors_js_1 = require("../errors.js");
const logging_js_1 = require("../util/logging.js");
const tracing_js_1 = require("../util/tracing.js");
const logger = (0, logging_js_1.credentialLogger)("ClientAssertionCredential");
/**
* Authenticates a service principal with a JWT assertion.
*/
class ClientAssertionCredential {
/**
* Creates an instance of the ClientAssertionCredential with the details
* needed to authenticate against Microsoft Entra ID with a client
* assertion provided by the developer through the `getAssertion` function parameter.
*
* @param tenantId - The Microsoft Entra tenant (directory) ID.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param getAssertion - A function that retrieves the assertion for the credential to use.
* @param options - Options for configuring the client which makes the authentication request.
*/
constructor(tenantId, clientId, getAssertion, options = {}) {
if (!tenantId) {
throw new errors_js_1.CredentialUnavailableError("ClientAssertionCredential: tenantId is a required parameter.");
}
if (!clientId) {
throw new errors_js_1.CredentialUnavailableError("ClientAssertionCredential: clientId is a required parameter.");
}
if (!getAssertion) {
throw new errors_js_1.CredentialUnavailableError("ClientAssertionCredential: clientAssertion is a required parameter.");
}
this.tenantId = tenantId;
this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
this.options = options;
this.getAssertion = getAssertion;
this.msalClient = (0, msalClient_js_1.createMsalClient)(clientId, tenantId, Object.assign(Object.assign({}, options), { logger, tokenCredentialOptions: this.options }));
}
/**
* Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* TokenCredential implementation might make.
*/
async getToken(scopes, options = {}) {
return tracing_js_1.tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
newOptions.tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger);
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
return this.msalClient.getTokenByClientAssertion(arrayScopes, this.getAssertion, newOptions);
});
}
}
exports.ClientAssertionCredential = ClientAssertionCredential;
//# sourceMappingURL=clientAssertionCredential.js.map
node_modules/@azure/identity/dist/commonjs/credentials/clientAssertionCredential.js.map
Generated Vendored
+1
View File
File diff suppressed because one or more lines are too long
node_modules/@azure/identity/dist/commonjs/credentials/clientAssertionCredentialOptions.d.ts
Generated Vendored
+9
View File
@@ -0,0 +1,9 @@
import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
/**
* Options for the {@link ClientAssertionCredential}
*/
export interface ClientAssertionCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
}
//# sourceMappingURL=clientAssertionCredentialOptions.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/clientAssertionCredentialOptions.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"clientAssertionCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,gCACf,SAAQ,iCAAiC,EACvC,4BAA4B,EAC5B,0BAA0B;CAAG"}
node_modules/@azure/identity/dist/commonjs/credentials/clientAssertionCredentialOptions.js
Generated Vendored
+5
View File
@@ -0,0 +1,5 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
//# sourceMappingURL=clientAssertionCredentialOptions.js.map
node_modules/@azure/identity/dist/commonjs/credentials/clientAssertionCredentialOptions.js.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"clientAssertionCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link ClientAssertionCredential}\n */\nexport interface ClientAssertionCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions,\n AuthorityValidationOptions {}\n"]}
node_modules/@azure/identity/dist/commonjs/credentials/clientCertificateCredential.d.ts
Generated Vendored
+72
View File
@@ -0,0 +1,72 @@
import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
import type { CertificateParts } from "../msal/types.js";
import type { ClientCertificateCredentialOptions } from "./clientCertificateCredentialOptions.js";
import type { ClientCertificateCredentialPEMConfiguration, ClientCertificatePEMCertificate, ClientCertificatePEMCertificatePath } from "./clientCertificateCredentialModels.js";
/**
* Enables authentication to Microsoft Entra ID using a PEM-encoded
* certificate that is assigned to an App Registration. More information
* on how to configure certificate authentication can be found here:
*
* https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad
*
*/
export declare class ClientCertificateCredential implements TokenCredential {
private tenantId;
private additionallyAllowedTenantIds;
private certificateConfiguration;
private sendCertificateChain?;
private msalClient;
/**
* Creates an instance of the ClientCertificateCredential with the details
* needed to authenticate against Microsoft Entra ID with a certificate.
*
* @param tenantId - The Microsoft Entra tenant (directory) ID.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.
* @param options - Options for configuring the client which makes the authentication request.
*/
constructor(tenantId: string, clientId: string, certificatePath: string, options?: ClientCertificateCredentialOptions);
/**
* Creates an instance of the ClientCertificateCredential with the details
* needed to authenticate against Microsoft Entra ID with a certificate.
*
* @param tenantId - The Microsoft Entra tenant (directory) ID.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param configuration - Other parameters required, including the path of the certificate on the filesystem.
* If the type is ignored, we will throw the value of the path to a PEM certificate.
* @param options - Options for configuring the client which makes the authentication request.
*/
constructor(tenantId: string, clientId: string, configuration: ClientCertificatePEMCertificatePath, options?: ClientCertificateCredentialOptions);
/**
* Creates an instance of the ClientCertificateCredential with the details
* needed to authenticate against Microsoft Entra ID with a certificate.
*
* @param tenantId - The Microsoft Entra tenant (directory) ID.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param configuration - Other parameters required, including the PEM-encoded certificate as a string.
* If the type is ignored, we will throw the value of the PEM-encoded certificate.
* @param options - Options for configuring the client which makes the authentication request.
*/
constructor(tenantId: string, clientId: string, configuration: ClientCertificatePEMCertificate, options?: ClientCertificateCredentialOptions);
/**
* Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* TokenCredential implementation might make.
*/
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
private buildClientCertificate;
}
/**
* Parses a certificate into its relevant parts
*
* @param certificateConfiguration - The certificate contents or path to the certificate
* @param sendCertificateChain - true if the entire certificate chain should be sent for SNI, false otherwise
* @returns The parsed certificate parts and the certificate contents
*/
export declare function parseCertificate(certificateConfiguration: ClientCertificateCredentialPEMConfiguration, sendCertificateChain: boolean): Promise<Omit<CertificateParts, "privateKey"> & {
certificateContents: string;
}>;
//# sourceMappingURL=clientCertificateCredential.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/clientCertificateCredential.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"clientCertificateCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAStF,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,KAAK,EAAE,kCAAkC,EAAE,MAAM,yCAAyC,CAAC;AAIlG,OAAO,KAAK,EACV,2CAA2C,EAC3C,+BAA+B,EAC/B,mCAAmC,EACpC,MAAM,wCAAwC,CAAC;AAKhD;;;;;;;GAOG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,wBAAwB,CAA8C;IAC9E,OAAO,CAAC,oBAAoB,CAAC,CAAU;IACvC,OAAO,CAAC,UAAU,CAAa;IAE/B;;;;;;;;OAQG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,eAAe,EAAE,MAAM,EACvB,OAAO,CAAC,EAAE,kCAAkC;IAE9C;;;;;;;;;OASG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,mCAAmC,EAClD,OAAO,CAAC,EAAE,kCAAkC;IAE9C;;;;;;;;;OASG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,+BAA+B,EAC9C,OAAO,CAAC,EAAE,kCAAkC;IA+C9C;;;;;;;OAOG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;YAehF,sBAAsB;CA4BrC;AAED;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CACpC,wBAAwB,EAAE,2CAA2C,EACrE,oBAAoB,EAAE,OAAO,GAC5B,OAAO,CAAC,IAAI,CAAC,gBAAgB,EAAE,YAAY,CAAC,GAAG;IAAE,mBAAmB,EAAE,MAAM,CAAA;CAAE,CAAC,CAkCjF"}
node_modules/@azure/identity/dist/commonjs/credentials/clientCertificateCredential.js
Generated Vendored
+127
View File
@@ -0,0 +1,127 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
exports.ClientCertificateCredential = void 0;
exports.parseCertificate = parseCertificate;
const msalClient_js_1 = require("../msal/nodeFlows/msalClient.js");
const node_crypto_1 = require("node:crypto");
const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
const logging_js_1 = require("../util/logging.js");
const promises_1 = require("node:fs/promises");
const tracing_js_1 = require("../util/tracing.js");
const credentialName = "ClientCertificateCredential";
const logger = (0, logging_js_1.credentialLogger)(credentialName);
/**
* Enables authentication to Microsoft Entra ID using a PEM-encoded
* certificate that is assigned to an App Registration. More information
* on how to configure certificate authentication can be found here:
*
* https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad
*
*/
class ClientCertificateCredential {
constructor(tenantId, clientId, certificatePathOrConfiguration, options = {}) {
if (!tenantId || !clientId) {
throw new Error(`${credentialName}: tenantId and clientId are required parameters.`);
}
this.tenantId = tenantId;
this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
this.sendCertificateChain = options.sendCertificateChain;
this.certificateConfiguration = Object.assign({}, (typeof certificatePathOrConfiguration === "string"
? {
certificatePath: certificatePathOrConfiguration,
}
: certificatePathOrConfiguration));
const certificate = this.certificateConfiguration
.certificate;
const certificatePath = this.certificateConfiguration
.certificatePath;
if (!this.certificateConfiguration || !(certificate || certificatePath)) {
throw new Error(`${credentialName}: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
}
if (certificate && certificatePath) {
throw new Error(`${credentialName}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
}
this.msalClient = (0, msalClient_js_1.createMsalClient)(clientId, tenantId, Object.assign(Object.assign({}, options), { logger, tokenCredentialOptions: options }));
}
/**
* Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* TokenCredential implementation might make.
*/
async getToken(scopes, options = {}) {
return tracing_js_1.tracingClient.withSpan(`${credentialName}.getToken`, options, async (newOptions) => {
newOptions.tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger);
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
const certificate = await this.buildClientCertificate();
return this.msalClient.getTokenByClientCertificate(arrayScopes, certificate, newOptions);
});
}
async buildClientCertificate() {
var _a;
const parts = await parseCertificate(this.certificateConfiguration, (_a = this.sendCertificateChain) !== null && _a !== void 0 ? _a : false);
let privateKey;
if (this.certificateConfiguration.certificatePassword !== undefined) {
privateKey = (0, node_crypto_1.createPrivateKey)({
key: parts.certificateContents,
passphrase: this.certificateConfiguration.certificatePassword,
format: "pem",
})
.export({
format: "pem",
type: "pkcs8",
})
.toString();
}
else {
privateKey = parts.certificateContents;
}
return {
thumbprint: parts.thumbprint,
privateKey,
x5c: parts.x5c,
};
}
}
exports.ClientCertificateCredential = ClientCertificateCredential;
/**
* Parses a certificate into its relevant parts
*
* @param certificateConfiguration - The certificate contents or path to the certificate
* @param sendCertificateChain - true if the entire certificate chain should be sent for SNI, false otherwise
* @returns The parsed certificate parts and the certificate contents
*/
async function parseCertificate(certificateConfiguration, sendCertificateChain) {
const certificate = certificateConfiguration.certificate;
const certificatePath = certificateConfiguration
.certificatePath;
const certificateContents = certificate || (await (0, promises_1.readFile)(certificatePath, "utf8"));
const x5c = sendCertificateChain ? certificateContents : undefined;
const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\n\r?|\r\n?)([A-Za-z0-9+/\n\r]+=*)(\n\r?|\r\n?)(-+END CERTIFICATE-+)/g;
const publicKeys = [];
// Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c
let match;
do {
match = certificatePattern.exec(certificateContents);
if (match) {
publicKeys.push(match[3]);
}
} while (match);
if (publicKeys.length === 0) {
throw new Error("The file at the specified path does not contain a PEM-encoded certificate.");
}
const thumbprint = (0, node_crypto_1.createHash)("sha1")
.update(Buffer.from(publicKeys[0], "base64"))
.digest("hex")
.toUpperCase();
return {
certificateContents,
thumbprint,
x5c,
};
}
//# sourceMappingURL=clientCertificateCredential.js.map
node_modules/@azure/identity/dist/commonjs/credentials/clientCertificateCredential.js.map
Generated Vendored
+1
View File
File diff suppressed because one or more lines are too long
node_modules/@azure/identity/dist/commonjs/credentials/clientCertificateCredentialModels.d.ts
Generated Vendored
+31
View File
@@ -0,0 +1,31 @@
/**
* Required configuration options for the {@link ClientCertificateCredential}, with the string contents of a PEM certificate
*/
export interface ClientCertificatePEMCertificate {
/**
* The PEM-encoded public/private key certificate on the filesystem.
*/
certificate: string;
/**
* The password for the certificate file.
*/
certificatePassword?: string;
}
/**
* Required configuration options for the {@link ClientCertificateCredential}, with the path to a PEM certificate.
*/
export interface ClientCertificatePEMCertificatePath {
/**
* The path to the PEM-encoded public/private key certificate on the filesystem.
*/
certificatePath: string;
/**
* The password for the certificate file.
*/
certificatePassword?: string;
}
/**
* Required configuration options for the {@link ClientCertificateCredential}, with either the string contents of a PEM certificate, or the path to a PEM certificate.
*/
export type ClientCertificateCredentialPEMConfiguration = ClientCertificatePEMCertificate | ClientCertificatePEMCertificatePath;
//# sourceMappingURL=clientCertificateCredentialModels.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/clientCertificateCredentialModels.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"clientCertificateCredentialModels.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredentialModels.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,WAAW,+BAA+B;IAC9C;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AACD;;GAEG;AACH,MAAM,WAAW,mCAAmC;IAClD;;OAEG;IACH,eAAe,EAAE,MAAM,CAAC;IAExB;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AACD;;GAEG;AACH,MAAM,MAAM,2CAA2C,GACnD,+BAA+B,GAC/B,mCAAmC,CAAC"}
node_modules/@azure/identity/dist/commonjs/credentials/clientCertificateCredentialModels.js
Generated Vendored
+5
View File
@@ -0,0 +1,5 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
//# sourceMappingURL=clientCertificateCredentialModels.js.map
node_modules/@azure/identity/dist/commonjs/credentials/clientCertificateCredentialModels.js.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"clientCertificateCredentialModels.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredentialModels.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Required configuration options for the {@link ClientCertificateCredential}, with the string contents of a PEM certificate\n */\nexport interface ClientCertificatePEMCertificate {\n /**\n * The PEM-encoded public/private key certificate on the filesystem.\n */\n certificate: string;\n\n /**\n * The password for the certificate file.\n */\n certificatePassword?: string;\n}\n/**\n * Required configuration options for the {@link ClientCertificateCredential}, with the path to a PEM certificate.\n */\nexport interface ClientCertificatePEMCertificatePath {\n /**\n * The path to the PEM-encoded public/private key certificate on the filesystem.\n */\n certificatePath: string;\n\n /**\n * The password for the certificate file.\n */\n certificatePassword?: string;\n}\n/**\n * Required configuration options for the {@link ClientCertificateCredential}, with either the string contents of a PEM certificate, or the path to a PEM certificate.\n */\nexport type ClientCertificateCredentialPEMConfiguration =\n | ClientCertificatePEMCertificate\n | ClientCertificatePEMCertificatePath;\n"]}
node_modules/@azure/identity/dist/commonjs/credentials/clientCertificateCredentialOptions.d.ts
Generated Vendored
+14
View File
@@ -0,0 +1,14 @@
import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
/**
* Optional parameters for the {@link ClientCertificateCredential} class.
*/
export interface ClientCertificateCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
/**
* Option to include x5c header for SubjectName and Issuer name authorization.
* Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim
*/
sendCertificateChain?: boolean;
}
//# sourceMappingURL=clientCertificateCredentialOptions.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/clientCertificateCredentialOptions.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"clientCertificateCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,kCACf,SAAQ,iCAAiC,EACvC,4BAA4B,EAC5B,0BAA0B;IAC5B;;;OAGG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAQhC"}
node_modules/@azure/identity/dist/commonjs/credentials/clientCertificateCredentialOptions.js
Generated Vendored
+5
View File
@@ -0,0 +1,5 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
//# sourceMappingURL=clientCertificateCredentialOptions.js.map
node_modules/@azure/identity/dist/commonjs/credentials/clientCertificateCredentialOptions.js.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"clientCertificateCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Optional parameters for the {@link ClientCertificateCredential} class.\n */\nexport interface ClientCertificateCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions,\n AuthorityValidationOptions {\n /**\n * Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n */\n sendCertificateChain?: boolean;\n // TODO: Export again once we're ready to release this feature.\n // /**\n // * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n // * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n // * If the property is not specified, the credential uses the global authority endpoint.\n // */\n // regionalAuthority?: string;\n}\n"]}
node_modules/@azure/identity/dist/commonjs/credentials/clientSecretCredential.d.ts
Generated Vendored
+37
View File
@@ -0,0 +1,37 @@
import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
import type { ClientSecretCredentialOptions } from "./clientSecretCredentialOptions.js";
/**
* Enables authentication to Microsoft Entra ID using a client secret
* that was generated for an App Registration. More information on how
* to configure a client secret can be found here:
*
* https://learn.microsoft.com/entra/identity-platform/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application
*
*/
export declare class ClientSecretCredential implements TokenCredential {
private tenantId;
private additionallyAllowedTenantIds;
private msalClient;
private clientSecret;
/**
* Creates an instance of the ClientSecretCredential with the details
* needed to authenticate against Microsoft Entra ID with a client
* secret.
*
* @param tenantId - The Microsoft Entra tenant (directory) ID.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param clientSecret - A client secret that was generated for the App Registration.
* @param options - Options for configuring the client which makes the authentication request.
*/
constructor(tenantId: string, clientId: string, clientSecret: string, options?: ClientSecretCredentialOptions);
/**
* Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* TokenCredential implementation might make.
*/
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
}
//# sourceMappingURL=clientSecretCredential.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/clientSecretCredential.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"clientSecretCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAQtF,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,oCAAoC,CAAC;AAQxF;;;;;;;GAOG;AACH,qBAAa,sBAAuB,YAAW,eAAe;IAC5D,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAS;IAE7B;;;;;;;;;OASG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,GAAE,6BAAkC;IAiC7C;;;;;;;OAOG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;CAiB/F"}
node_modules/@azure/identity/dist/commonjs/credentials/clientSecretCredential.js
Generated Vendored
+64
View File
@@ -0,0 +1,64 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
exports.ClientSecretCredential = void 0;
const msalClient_js_1 = require("../msal/nodeFlows/msalClient.js");
const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
const errors_js_1 = require("../errors.js");
const logging_js_1 = require("../util/logging.js");
const scopeUtils_js_1 = require("../util/scopeUtils.js");
const tracing_js_1 = require("../util/tracing.js");
const logger = (0, logging_js_1.credentialLogger)("ClientSecretCredential");
/**
* Enables authentication to Microsoft Entra ID using a client secret
* that was generated for an App Registration. More information on how
* to configure a client secret can be found here:
*
* https://learn.microsoft.com/entra/identity-platform/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application
*
*/
class ClientSecretCredential {
/**
* Creates an instance of the ClientSecretCredential with the details
* needed to authenticate against Microsoft Entra ID with a client
* secret.
*
* @param tenantId - The Microsoft Entra tenant (directory) ID.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param clientSecret - A client secret that was generated for the App Registration.
* @param options - Options for configuring the client which makes the authentication request.
*/
constructor(tenantId, clientId, clientSecret, options = {}) {
if (!tenantId) {
throw new errors_js_1.CredentialUnavailableError("ClientSecretCredential: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.");
}
if (!clientId) {
throw new errors_js_1.CredentialUnavailableError("ClientSecretCredential: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.");
}
if (!clientSecret) {
throw new errors_js_1.CredentialUnavailableError("ClientSecretCredential: clientSecret is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.");
}
this.clientSecret = clientSecret;
this.tenantId = tenantId;
this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
this.msalClient = (0, msalClient_js_1.createMsalClient)(clientId, tenantId, Object.assign(Object.assign({}, options), { logger, tokenCredentialOptions: options }));
}
/**
* Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - The options used to configure any requests this
* TokenCredential implementation might make.
*/
async getToken(scopes, options = {}) {
return tracing_js_1.tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
newOptions.tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger);
const arrayScopes = (0, scopeUtils_js_1.ensureScopes)(scopes);
return this.msalClient.getTokenByClientSecret(arrayScopes, this.clientSecret, newOptions);
});
}
}
exports.ClientSecretCredential = ClientSecretCredential;
//# sourceMappingURL=clientSecretCredential.js.map
node_modules/@azure/identity/dist/commonjs/credentials/clientSecretCredential.js.map
Generated Vendored
+1
View File
File diff suppressed because one or more lines are too long
node_modules/@azure/identity/dist/commonjs/credentials/clientSecretCredentialOptions.d.ts
Generated Vendored
+9
View File
@@ -0,0 +1,9 @@
import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
/**
* Optional parameters for the {@link ClientSecretCredential} class.
*/
export interface ClientSecretCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
}
//# sourceMappingURL=clientSecretCredentialOptions.d.ts.map
node_modules/@azure/identity/dist/commonjs/credentials/clientSecretCredentialOptions.d.ts.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"clientSecretCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,6BACf,SAAQ,iCAAiC,EACvC,4BAA4B,EAC5B,0BAA0B;CAQ7B"}
node_modules/@azure/identity/dist/commonjs/credentials/clientSecretCredentialOptions.js
Generated Vendored
+5
View File
@@ -0,0 +1,5 @@
"use strict";
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
//# sourceMappingURL=clientSecretCredentialOptions.js.map
node_modules/@azure/identity/dist/commonjs/credentials/clientSecretCredentialOptions.js.map
Generated Vendored
+1
View File
@@ -0,0 +1 @@
{"version":3,"file":"clientSecretCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Optional parameters for the {@link ClientSecretCredential} class.\n */\nexport interface ClientSecretCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions,\n AuthorityValidationOptions {\n // TODO: Export again once we're ready to release this feature.\n // /**\n // * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n // * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n // * If the property is not specified, the credential uses the global authority endpoint.\n // */\n // regionalAuthority?: string;\n}\n"]}

Some files were not shown because too many files have changed in this diff Show More