Initial commit

2025-03-07 19:22:02 +01:00
commit 4a98255d83
55743 changed files with 5280367 additions and 0 deletions
@@ -0,0 +1,2 @@
+export declare function getIdentityTokenEndpointSuffix(tenantId: string): string;
+//# sourceMappingURL=identityTokenEndpoint.d.ts.map
@@ -0,0 +1 @@
+{"version":3,"file":"identityTokenEndpoint.d.ts","sourceRoot":"","sources":["../../../src/util/identityTokenEndpoint.ts"],"names":[],"mappings":"AAGA,wBAAgB,8BAA8B,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAMvE"}
@@ -0,0 +1,14 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getIdentityTokenEndpointSuffix = getIdentityTokenEndpointSuffix;
+function getIdentityTokenEndpointSuffix(tenantId) {
+    if (tenantId === "adfs") {
+        return "oauth2/token";
+    }
+    else {
+        return "oauth2/v2.0/token";
+    }
+}
+//# sourceMappingURL=identityTokenEndpoint.js.map
@@ -0,0 +1 @@
+{"version":3,"file":"identityTokenEndpoint.js","sourceRoot":"","sources":["../../../src/util/identityTokenEndpoint.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,wEAMC;AAND,SAAgB,8BAA8B,CAAC,QAAgB;IAC7D,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,OAAO,cAAc,CAAC;IACxB,CAAC;SAAM,CAAC;QACN,OAAO,mBAAmB,CAAC;IAC7B,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport function getIdentityTokenEndpointSuffix(tenantId: string): string {\n  if (tenantId === \"adfs\") {\n    return \"oauth2/token\";\n  } else {\n    return \"oauth2/v2.0/token\";\n  }\n}\n"]}
@@ -0,0 +1,70 @@
+import type { AzureLogger } from "@azure/logger";
+/**
+ * The AzureLogger used for all clients within the identity package
+ */
+export declare const logger: AzureLogger;
+interface EnvironmentAccumulator {
+    missing: string[];
+    assigned: string[];
+}
+/**
+ * Separates a list of environment variable names into a plain object with two arrays: an array of missing environment variables and another array with assigned environment variables.
+ * @param supportedEnvVars - List of environment variable names
+ */
+export declare function processEnvVars(supportedEnvVars: string[]): EnvironmentAccumulator;
+/**
+ * Based on a given list of environment variable names,
+ * logs the environment variables currently assigned during the usage of a credential that goes by the given name.
+ * @param credentialName - Name of the credential in use
+ * @param supportedEnvVars - List of environment variables supported by that credential
+ */
+export declare function logEnvVars(credentialName: string, supportedEnvVars: string[]): void;
+/**
+ * Formatting the success event on the credentials
+ */
+export declare function formatSuccess(scope: string | string[]): string;
+/**
+ * Formatting the success event on the credentials
+ */
+export declare function formatError(scope: string | string[] | undefined, error: Error | string): string;
+/**
+ * A CredentialLoggerInstance is a logger properly formatted to work in a credential's constructor, and its methods.
+ */
+export interface CredentialLoggerInstance {
+    title: string;
+    fullTitle: string;
+    info(message: string): void;
+    warning(message: string): void;
+    verbose(message: string): void;
+    error(err: string): void;
+}
+/**
+ * Generates a CredentialLoggerInstance.
+ *
+ * It logs with the format:
+ *
+ *   `[title] => [message]`
+ *
+ */
+export declare function credentialLoggerInstance(title: string, parent?: CredentialLoggerInstance, log?: AzureLogger): CredentialLoggerInstance;
+/**
+ * A CredentialLogger is a logger declared at the credential's constructor, and used at any point in the credential.
+ * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.
+ */
+export interface CredentialLogger extends CredentialLoggerInstance {
+    parent: AzureLogger;
+    getToken: CredentialLoggerInstance;
+}
+/**
+ * Generates a CredentialLogger, which is a logger declared at the credential's constructor, and used at any point in the credential.
+ * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.
+ *
+ * It logs with the format:
+ *
+ *   `[title] => [message]`
+ *   `[title] => getToken() => [message]`
+ *
+ */
+export declare function credentialLogger(title: string, log?: AzureLogger): CredentialLogger;
+export {};
+//# sourceMappingURL=logging.d.ts.map
@@ -0,0 +1 @@
+{"version":3,"file":"logging.d.ts","sourceRoot":"","sources":["../../../src/util/logging.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAGjD;;GAEG;AACH,eAAO,MAAM,MAAM,aAAiC,CAAC;AAErD,UAAU,sBAAsB;IAC9B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,gBAAgB,EAAE,MAAM,EAAE,GAAG,sBAAsB,CAYjF;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,cAAc,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,IAAI,CAKnF;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,MAAM,CAE9D;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,EAAE,KAAK,EAAE,KAAK,GAAG,MAAM,GAAG,MAAM,CAM/F;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,KAAK,EAAE,MAAM,EACb,MAAM,CAAC,EAAE,wBAAwB,EACjC,GAAG,GAAE,WAAoB,GACxB,wBAAwB,CA2B1B;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAiB,SAAQ,wBAAwB;IAChE,MAAM,EAAE,WAAW,CAAC;IACpB,QAAQ,EAAE,wBAAwB,CAAC;CACpC;AAED;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,GAAE,WAAoB,GAAG,gBAAgB,CAO3F"}
@@ -0,0 +1,103 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.logger = void 0;
+exports.processEnvVars = processEnvVars;
+exports.logEnvVars = logEnvVars;
+exports.formatSuccess = formatSuccess;
+exports.formatError = formatError;
+exports.credentialLoggerInstance = credentialLoggerInstance;
+exports.credentialLogger = credentialLogger;
+const logger_1 = require("@azure/logger");
+/**
+ * The AzureLogger used for all clients within the identity package
+ */
+exports.logger = (0, logger_1.createClientLogger)("identity");
+/**
+ * Separates a list of environment variable names into a plain object with two arrays: an array of missing environment variables and another array with assigned environment variables.
+ * @param supportedEnvVars - List of environment variable names
+ */
+function processEnvVars(supportedEnvVars) {
+    return supportedEnvVars.reduce((acc, envVariable) => {
+        if (process.env[envVariable]) {
+            acc.assigned.push(envVariable);
+        }
+        else {
+            acc.missing.push(envVariable);
+        }
+        return acc;
+    }, { missing: [], assigned: [] });
+}
+/**
+ * Based on a given list of environment variable names,
+ * logs the environment variables currently assigned during the usage of a credential that goes by the given name.
+ * @param credentialName - Name of the credential in use
+ * @param supportedEnvVars - List of environment variables supported by that credential
+ */
+function logEnvVars(credentialName, supportedEnvVars) {
+    const { assigned } = processEnvVars(supportedEnvVars);
+    exports.logger.info(`${credentialName} => Found the following environment variables: ${assigned.join(", ")}`);
+}
+/**
+ * Formatting the success event on the credentials
+ */
+function formatSuccess(scope) {
+    return `SUCCESS. Scopes: ${Array.isArray(scope) ? scope.join(", ") : scope}.`;
+}
+/**
+ * Formatting the success event on the credentials
+ */
+function formatError(scope, error) {
+    let message = "ERROR.";
+    if (scope === null || scope === void 0 ? void 0 : scope.length) {
+        message += ` Scopes: ${Array.isArray(scope) ? scope.join(", ") : scope}.`;
+    }
+    return `${message} Error message: ${typeof error === "string" ? error : error.message}.`;
+}
+/**
+ * Generates a CredentialLoggerInstance.
+ *
+ * It logs with the format:
+ *
+ *   `[title] => [message]`
+ *
+ */
+function credentialLoggerInstance(title, parent, log = exports.logger) {
+    const fullTitle = parent ? `${parent.fullTitle} ${title}` : title;
+    function info(message) {
+        log.info(`${fullTitle} =>`, message);
+    }
+    function warning(message) {
+        log.warning(`${fullTitle} =>`, message);
+    }
+    function verbose(message) {
+        log.verbose(`${fullTitle} =>`, message);
+    }
+    function error(message) {
+        log.error(`${fullTitle} =>`, message);
+    }
+    return {
+        title,
+        fullTitle,
+        info,
+        warning,
+        verbose,
+        error,
+    };
+}
+/**
+ * Generates a CredentialLogger, which is a logger declared at the credential's constructor, and used at any point in the credential.
+ * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.
+ *
+ * It logs with the format:
+ *
+ *   `[title] => [message]`
+ *   `[title] => getToken() => [message]`
+ *
+ */
+function credentialLogger(title, log = exports.logger) {
+    const credLogger = credentialLoggerInstance(title, undefined, log);
+    return Object.assign(Object.assign({}, credLogger), { parent: log, getToken: credentialLoggerInstance("=> getToken()", credLogger, log) });
+}
+//# sourceMappingURL=logging.js.map
@@ -0,0 +1,10 @@
+import type { GetTokenOptions } from "@azure/core-auth";
+import type { CredentialLogger } from "./logging.js";
+/**
+ * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,
+ * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),
+ * or unless the original tenant Id is `adfs`.
+ * @internal
+ */
+export declare function processMultiTenantRequest(tenantId?: string, getTokenOptions?: GetTokenOptions, additionallyAllowedTenantIds?: string[], logger?: CredentialLogger): string | undefined;
+//# sourceMappingURL=processMultiTenantRequest.d.ts.map
@@ -0,0 +1 @@
+{"version":3,"file":"processMultiTenantRequest.d.ts","sourceRoot":"","sources":["../../../src/util/processMultiTenantRequest.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAExD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAMrD;;;;;GAKG;AACH,wBAAgB,yBAAyB,CACvC,QAAQ,CAAC,EAAE,MAAM,EACjB,eAAe,CAAC,EAAE,eAAe,EACjC,4BAA4B,GAAE,MAAM,EAAO,EAC3C,MAAM,CAAC,EAAE,gBAAgB,GACxB,MAAM,GAAG,SAAS,CAqBpB"}
@@ -0,0 +1,38 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.processMultiTenantRequest = processMultiTenantRequest;
+const errors_js_1 = require("../errors.js");
+function createConfigurationErrorMessage(tenantId) {
+    return `The current credential is not configured to acquire tokens for tenant ${tenantId}. To enable acquiring tokens for this tenant add it to the AdditionallyAllowedTenants on the credential options, or add "*" to AdditionallyAllowedTenants to allow acquiring tokens for any tenant.`;
+}
+/**
+ * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,
+ * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),
+ * or unless the original tenant Id is `adfs`.
+ * @internal
+ */
+function processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds = [], logger) {
+    var _a;
+    let resolvedTenantId;
+    if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {
+        resolvedTenantId = tenantId;
+    }
+    else if (tenantId === "adfs") {
+        resolvedTenantId = tenantId;
+    }
+    else {
+        resolvedTenantId = (_a = getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId) !== null && _a !== void 0 ? _a : tenantId;
+    }
+    if (tenantId &&
+        resolvedTenantId !== tenantId &&
+        !additionallyAllowedTenantIds.includes("*") &&
+        !additionallyAllowedTenantIds.some((t) => t.localeCompare(resolvedTenantId) === 0)) {
+        const message = createConfigurationErrorMessage(resolvedTenantId);
+        logger === null || logger === void 0 ? void 0 : logger.info(message);
+        throw new errors_js_1.CredentialUnavailableError(message);
+    }
+    return resolvedTenantId;
+}
+//# sourceMappingURL=processMultiTenantRequest.js.map
@@ -0,0 +1 @@
+{"version":3,"file":"processMultiTenantRequest.js","sourceRoot":"","sources":["../../../src/util/processMultiTenantRequest.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AAgBlC,8DA0BC;AAvCD,4CAA0D;AAG1D,SAAS,+BAA+B,CAAC,QAAgB;IACvD,OAAO,yEAAyE,QAAQ,qMAAqM,CAAC;AAChS,CAAC;AAED;;;;;GAKG;AACH,SAAgB,yBAAyB,CACvC,QAAiB,EACjB,eAAiC,EACjC,+BAAyC,EAAE,EAC3C,MAAyB;;IAEzB,IAAI,gBAAoC,CAAC;IACzC,IAAI,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE,CAAC;QACvD,gBAAgB,GAAG,QAAQ,CAAC;IAC9B,CAAC;SAAM,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC/B,gBAAgB,GAAG,QAAQ,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,gBAAgB,GAAG,MAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,mCAAI,QAAQ,CAAC;IAC3D,CAAC;IACD,IACE,QAAQ;QACR,gBAAgB,KAAK,QAAQ;QAC7B,CAAC,4BAA4B,CAAC,QAAQ,CAAC,GAAG,CAAC;QAC3C,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,gBAAiB,CAAC,KAAK,CAAC,CAAC,EACnF,CAAC;QACD,MAAM,OAAO,GAAG,+BAA+B,CAAC,gBAAiB,CAAC,CAAC;QACnE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACtB,MAAM,IAAI,sCAA0B,CAAC,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { CredentialLogger } from \"./logging.js\";\n\nfunction createConfigurationErrorMessage(tenantId: string): string {\n  return `The current credential is not configured to acquire tokens for tenant ${tenantId}. To enable acquiring tokens for this tenant add it to the AdditionallyAllowedTenants on the credential options, or add \"*\" to AdditionallyAllowedTenants to allow acquiring tokens for any tenant.`;\n}\n\n/**\n * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,\n * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),\n * or unless the original tenant Id is `adfs`.\n * @internal\n */\nexport function processMultiTenantRequest(\n  tenantId?: string,\n  getTokenOptions?: GetTokenOptions,\n  additionallyAllowedTenantIds: string[] = [],\n  logger?: CredentialLogger,\n): string | undefined {\n  let resolvedTenantId: string | undefined;\n  if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {\n    resolvedTenantId = tenantId;\n  } else if (tenantId === \"adfs\") {\n    resolvedTenantId = tenantId;\n  } else {\n    resolvedTenantId = getTokenOptions?.tenantId ?? tenantId;\n  }\n  if (\n    tenantId &&\n    resolvedTenantId !== tenantId &&\n    !additionallyAllowedTenantIds.includes(\"*\") &&\n    !additionallyAllowedTenantIds.some((t) => t.localeCompare(resolvedTenantId!) === 0)\n  ) {\n    const message = createConfigurationErrorMessage(resolvedTenantId!);\n    logger?.info(message);\n    throw new CredentialUnavailableError(message);\n  }\n\n  return resolvedTenantId;\n}\n"]}
@@ -0,0 +1,13 @@
+import * as childProcess from "child_process";
+/**
+ * Easy to mock childProcess utils.
+ * @internal
+ */
+export declare const processUtils: {
+    /**
+     * Promisifying childProcess.execFile
+     * @internal
+     */
+    execFile(file: string, params: string[], options?: childProcess.ExecFileOptionsWithStringEncoding): Promise<string | Buffer>;
+};
+//# sourceMappingURL=processUtils.d.ts.map
@@ -0,0 +1 @@
+{"version":3,"file":"processUtils.d.ts","sourceRoot":"","sources":["../../../src/util/processUtils.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,YAAY,MAAM,eAAe,CAAC;AAE9C;;;GAGG;AACH,eAAO,MAAM,YAAY;IACvB;;;OAGG;mBAEK,MAAM,UACJ,MAAM,EAAE,YACN,YAAY,CAAC,iCAAiC,GACvD,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;CAiB5B,CAAC"}
@@ -0,0 +1,36 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.processUtils = void 0;
+const tslib_1 = require("tslib");
+const childProcess = tslib_1.__importStar(require("child_process"));
+/**
+ * Easy to mock childProcess utils.
+ * @internal
+ */
+exports.processUtils = {
+    /**
+     * Promisifying childProcess.execFile
+     * @internal
+     */
+    execFile(file, params, options) {
+        return new Promise((resolve, reject) => {
+            childProcess.execFile(file, params, options, (error, stdout, stderr) => {
+                if (Buffer.isBuffer(stdout)) {
+                    stdout = stdout.toString("utf8");
+                }
+                if (Buffer.isBuffer(stderr)) {
+                    stderr = stderr.toString("utf8");
+                }
+                if (stderr || error) {
+                    reject(stderr ? new Error(stderr) : error);
+                }
+                else {
+                    resolve(stdout);
+                }
+            });
+        });
+    },
+};
+//# sourceMappingURL=processUtils.js.map
@@ -0,0 +1 @@
+{"version":3,"file":"processUtils.js","sourceRoot":"","sources":["../../../src/util/processUtils.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;;AAElC,oEAA8C;AAE9C;;;GAGG;AACU,QAAA,YAAY,GAAG;IAC1B;;;OAGG;IACH,QAAQ,CACN,IAAY,EACZ,MAAgB,EAChB,OAAwD;QAExD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;gBACrE,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC5B,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACnC,CAAC;gBACD,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC5B,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACnC,CAAC;gBACD,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;oBACpB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;gBAC7C,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,MAAM,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as childProcess from \"child_process\";\n\n/**\n * Easy to mock childProcess utils.\n * @internal\n */\nexport const processUtils = {\n  /**\n   * Promisifying childProcess.execFile\n   * @internal\n   */\n  execFile(\n    file: string,\n    params: string[],\n    options?: childProcess.ExecFileOptionsWithStringEncoding,\n  ): Promise<string | Buffer> {\n    return new Promise((resolve, reject) => {\n      childProcess.execFile(file, params, options, (error, stdout, stderr) => {\n        if (Buffer.isBuffer(stdout)) {\n          stdout = stdout.toString(\"utf8\");\n        }\n        if (Buffer.isBuffer(stderr)) {\n          stderr = stderr.toString(\"utf8\");\n        }\n        if (stderr || error) {\n          reject(stderr ? new Error(stderr) : error);\n        } else {\n          resolve(stdout);\n        }\n      });\n    });\n  },\n};\n"]}
@@ -0,0 +1,17 @@
+import type { CredentialLogger } from "./logging.js";
+/**
+ * Ensures the scopes value is an array.
+ * @internal
+ */
+export declare function ensureScopes(scopes: string | string[]): string[];
+/**
+ * Throws if the received scope is not valid.
+ * @internal
+ */
+export declare function ensureValidScopeForDevTimeCreds(scope: string, logger: CredentialLogger): void;
+/**
+ * Returns the resource out of a scope.
+ * @internal
+ */
+export declare function getScopeResource(scope: string): string;
+//# sourceMappingURL=scopeUtils.d.ts.map
@@ -0,0 +1 @@
+{"version":3,"file":"scopeUtils.d.ts","sourceRoot":"","sources":["../../../src/util/scopeUtils.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGrD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,MAAM,EAAE,CAEhE;AAED;;;GAGG;AACH,wBAAgB,+BAA+B,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,gBAAgB,GAAG,IAAI,CAM7F;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEtD"}
@@ -0,0 +1,34 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureScopes = ensureScopes;
+exports.ensureValidScopeForDevTimeCreds = ensureValidScopeForDevTimeCreds;
+exports.getScopeResource = getScopeResource;
+const logging_js_1 = require("./logging.js");
+/**
+ * Ensures the scopes value is an array.
+ * @internal
+ */
+function ensureScopes(scopes) {
+    return Array.isArray(scopes) ? scopes : [scopes];
+}
+/**
+ * Throws if the received scope is not valid.
+ * @internal
+ */
+function ensureValidScopeForDevTimeCreds(scope, logger) {
+    if (!scope.match(/^[0-9a-zA-Z-_.:/]+$/)) {
+        const error = new Error("Invalid scope was specified by the user or calling client");
+        logger.getToken.info((0, logging_js_1.formatError)(scope, error));
+        throw error;
+    }
+}
+/**
+ * Returns the resource out of a scope.
+ * @internal
+ */
+function getScopeResource(scope) {
+    return scope.replace(/\/.default$/, "");
+}
+//# sourceMappingURL=scopeUtils.js.map
@@ -0,0 +1 @@
+{"version":3,"file":"scopeUtils.js","sourceRoot":"","sources":["../../../src/util/scopeUtils.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AASlC,oCAEC;AAMD,0EAMC;AAMD,4CAEC;AA5BD,6CAA2C;AAE3C;;;GAGG;AACH,SAAgB,YAAY,CAAC,MAAyB;IACpD,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;AACnD,CAAC;AAED;;;GAGG;AACH,SAAgB,+BAA+B,CAAC,KAAa,EAAE,MAAwB;IACrF,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;QACrF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,wBAAW,EAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;QAChD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,gBAAgB,CAAC,KAAa;IAC5C,OAAO,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;AAC1C,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { CredentialLogger } from \"./logging.js\";\nimport { formatError } from \"./logging.js\";\n\n/**\n * Ensures the scopes value is an array.\n * @internal\n */\nexport function ensureScopes(scopes: string | string[]): string[] {\n  return Array.isArray(scopes) ? scopes : [scopes];\n}\n\n/**\n * Throws if the received scope is not valid.\n * @internal\n */\nexport function ensureValidScopeForDevTimeCreds(scope: string, logger: CredentialLogger): void {\n  if (!scope.match(/^[0-9a-zA-Z-_.:/]+$/)) {\n    const error = new Error(\"Invalid scope was specified by the user or calling client\");\n    logger.getToken.info(formatError(scope, error));\n    throw error;\n  }\n}\n\n/**\n * Returns the resource out of a scope.\n * @internal\n */\nexport function getScopeResource(scope: string): string {\n  return scope.replace(/\\/.default$/, \"\");\n}\n"]}
@@ -0,0 +1,6 @@
+import type { CredentialLogger } from "./logging.js";
+/**
+ * @internal
+ */
+export declare function checkSubscription(logger: CredentialLogger, subscription: string): void;
+//# sourceMappingURL=subscriptionUtils.d.ts.map
@@ -0,0 +1 @@
+{"version":3,"file":"subscriptionUtils.d.ts","sourceRoot":"","sources":["../../../src/util/subscriptionUtils.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGrD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI,CAQtF"}
@@ -0,0 +1,17 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkSubscription = checkSubscription;
+const logging_js_1 = require("./logging.js");
+/**
+ * @internal
+ */
+function checkSubscription(logger, subscription) {
+    if (!subscription.match(/^[0-9a-zA-Z-._ ]+$/)) {
+        const error = new Error("Invalid subscription provided. You can locate your subscription by following the instructions listed here: https://learn.microsoft.com/azure/azure-portal/get-subscription-tenant-id.");
+        logger.info((0, logging_js_1.formatError)("", error));
+        throw error;
+    }
+}
+//# sourceMappingURL=subscriptionUtils.js.map
@@ -0,0 +1 @@
+{"version":3,"file":"subscriptionUtils.js","sourceRoot":"","sources":["../../../src/util/subscriptionUtils.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AAQlC,8CAQC;AAbD,6CAA2C;AAE3C;;GAEG;AACH,SAAgB,iBAAiB,CAAC,MAAwB,EAAE,YAAoB;IAC9E,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,uLAAuL,CACxL,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,IAAA,wBAAW,EAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;QACpC,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { CredentialLogger } from \"./logging.js\";\nimport { formatError } from \"./logging.js\";\n\n/**\n * @internal\n */\nexport function checkSubscription(logger: CredentialLogger, subscription: string): void {\n  if (!subscription.match(/^[0-9a-zA-Z-._ ]+$/)) {\n    const error = new Error(\n      \"Invalid subscription provided. You can locate your subscription by following the instructions listed here: https://learn.microsoft.com/azure/azure-portal/get-subscription-tenant-id.\",\n    );\n    logger.info(formatError(\"\", error));\n    throw error;\n  }\n}\n"]}
@@ -0,0 +1,15 @@
+import type { CredentialLogger } from "./logging.js";
+export { processMultiTenantRequest } from "./processMultiTenantRequest.js";
+/**
+ * @internal
+ */
+export declare function checkTenantId(logger: CredentialLogger, tenantId: string): void;
+/**
+ * @internal
+ */
+export declare function resolveTenantId(logger: CredentialLogger, tenantId?: string, clientId?: string): string;
+/**
+ * @internal
+ */
+export declare function resolveAdditionallyAllowedTenantIds(additionallyAllowedTenants?: string[]): string[];
+//# sourceMappingURL=tenantIdUtils.d.ts.map
@@ -0,0 +1 @@
+{"version":3,"file":"tenantIdUtils.d.ts","sourceRoot":"","sources":["../../../src/util/tenantIdUtils.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAErD,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAE3E;;GAEG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAQ9E;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,gBAAgB,EACxB,QAAQ,CAAC,EAAE,MAAM,EACjB,QAAQ,CAAC,EAAE,MAAM,GAChB,MAAM,CAYR;AAED;;GAEG;AACH,wBAAgB,mCAAmC,CACjD,0BAA0B,CAAC,EAAE,MAAM,EAAE,GACpC,MAAM,EAAE,CAUV"}
@@ -0,0 +1,51 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.processMultiTenantRequest = void 0;
+exports.checkTenantId = checkTenantId;
+exports.resolveTenantId = resolveTenantId;
+exports.resolveAdditionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds;
+const constants_js_1 = require("../constants.js");
+const logging_js_1 = require("./logging.js");
+var processMultiTenantRequest_js_1 = require("./processMultiTenantRequest.js");
+Object.defineProperty(exports, "processMultiTenantRequest", { enumerable: true, get: function () { return processMultiTenantRequest_js_1.processMultiTenantRequest; } });
+/**
+ * @internal
+ */
+function checkTenantId(logger, tenantId) {
+    if (!tenantId.match(/^[0-9a-zA-Z-.]+$/)) {
+        const error = new Error("Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://learn.microsoft.com/partner-center/find-ids-and-domain-names.");
+        logger.info((0, logging_js_1.formatError)("", error));
+        throw error;
+    }
+}
+/**
+ * @internal
+ */
+function resolveTenantId(logger, tenantId, clientId) {
+    if (tenantId) {
+        checkTenantId(logger, tenantId);
+        return tenantId;
+    }
+    if (!clientId) {
+        clientId = constants_js_1.DeveloperSignOnClientId;
+    }
+    if (clientId !== constants_js_1.DeveloperSignOnClientId) {
+        return "common";
+    }
+    return "organizations";
+}
+/**
+ * @internal
+ */
+function resolveAdditionallyAllowedTenantIds(additionallyAllowedTenants) {
+    if (!additionallyAllowedTenants || additionallyAllowedTenants.length === 0) {
+        return [];
+    }
+    if (additionallyAllowedTenants.includes("*")) {
+        return constants_js_1.ALL_TENANTS;
+    }
+    return additionallyAllowedTenants;
+}
+//# sourceMappingURL=tenantIdUtils.js.map
@@ -0,0 +1 @@
+{"version":3,"file":"tenantIdUtils.js","sourceRoot":"","sources":["../../../src/util/tenantIdUtils.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAUlC,sCAQC;AAKD,0CAgBC;AAKD,kFAYC;AAtDD,kDAAuE;AAEvE,6CAA2C;AAC3C,+EAA2E;AAAlE,yIAAA,yBAAyB,OAAA;AAElC;;GAEG;AACH,SAAgB,aAAa,CAAC,MAAwB,EAAE,QAAgB;IACtE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,4KAA4K,CAC7K,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,IAAA,wBAAW,EAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;QACpC,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAC7B,MAAwB,EACxB,QAAiB,EACjB,QAAiB;IAEjB,IAAI,QAAQ,EAAE,CAAC;QACb,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChC,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,sCAAuB,CAAC;IACrC,CAAC;IACD,IAAI,QAAQ,KAAK,sCAAuB,EAAE,CAAC;QACzC,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAgB,mCAAmC,CACjD,0BAAqC;IAErC,IAAI,CAAC,0BAA0B,IAAI,0BAA0B,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3E,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,0BAA0B,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7C,OAAO,0BAAW,CAAC;IACrB,CAAC;IAED,OAAO,0BAA0B,CAAC;AACpC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { ALL_TENANTS, DeveloperSignOnClientId } from \"../constants.js\";\nimport type { CredentialLogger } from \"./logging.js\";\nimport { formatError } from \"./logging.js\";\nexport { processMultiTenantRequest } from \"./processMultiTenantRequest.js\";\n\n/**\n * @internal\n */\nexport function checkTenantId(logger: CredentialLogger, tenantId: string): void {\n  if (!tenantId.match(/^[0-9a-zA-Z-.]+$/)) {\n    const error = new Error(\n      \"Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://learn.microsoft.com/partner-center/find-ids-and-domain-names.\",\n    );\n    logger.info(formatError(\"\", error));\n    throw error;\n  }\n}\n\n/**\n * @internal\n */\nexport function resolveTenantId(\n  logger: CredentialLogger,\n  tenantId?: string,\n  clientId?: string,\n): string {\n  if (tenantId) {\n    checkTenantId(logger, tenantId);\n    return tenantId;\n  }\n  if (!clientId) {\n    clientId = DeveloperSignOnClientId;\n  }\n  if (clientId !== DeveloperSignOnClientId) {\n    return \"common\";\n  }\n  return \"organizations\";\n}\n\n/**\n * @internal\n */\nexport function resolveAdditionallyAllowedTenantIds(\n  additionallyAllowedTenants?: string[],\n): string[] {\n  if (!additionallyAllowedTenants || additionallyAllowedTenants.length === 0) {\n    return [];\n  }\n\n  if (additionallyAllowedTenants.includes(\"*\")) {\n    return ALL_TENANTS;\n  }\n\n  return additionallyAllowedTenants;\n}\n"]}
@@ -0,0 +1,6 @@
+/**
+ * Creates a span using the global tracer.
+ * @internal
+ */
+export declare const tracingClient: import("@azure/core-tracing").TracingClient;
+//# sourceMappingURL=tracing.d.ts.map
@@ -0,0 +1 @@
+{"version":3,"file":"tracing.d.ts","sourceRoot":"","sources":["../../../src/util/tracing.ts"],"names":[],"mappings":"AAMA;;;GAGG;AACH,eAAO,MAAM,aAAa,6CAIxB,CAAC"}
@@ -0,0 +1,17 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.tracingClient = void 0;
+const constants_js_1 = require("../constants.js");
+const core_tracing_1 = require("@azure/core-tracing");
+/**
+ * Creates a span using the global tracer.
+ * @internal
+ */
+exports.tracingClient = (0, core_tracing_1.createTracingClient)({
+    namespace: "Microsoft.AAD",
+    packageName: "@azure/identity",
+    packageVersion: constants_js_1.SDK_VERSION,
+});
+//# sourceMappingURL=tracing.js.map
@@ -0,0 +1 @@
+{"version":3,"file":"tracing.js","sourceRoot":"","sources":["../../../src/util/tracing.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAElC,kDAA8C;AAC9C,sDAA0D;AAE1D;;;GAGG;AACU,QAAA,aAAa,GAAG,IAAA,kCAAmB,EAAC;IAC/C,SAAS,EAAE,eAAe;IAC1B,WAAW,EAAE,iBAAiB;IAC9B,cAAc,EAAE,0BAAW;CAC5B,CAAC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { SDK_VERSION } from \"../constants.js\";\nimport { createTracingClient } from \"@azure/core-tracing\";\n\n/**\n * Creates a span using the global tracer.\n * @internal\n */\nexport const tracingClient = createTracingClient({\n  namespace: \"Microsoft.AAD\",\n  packageName: \"@azure/identity\",\n  packageVersion: SDK_VERSION,\n});\n"]}
				`@@ -0,0 +1 @@`
				`{"version":3,"file":"identityTokenEndpoint.d.ts","sourceRoot":"","sources":["../../../src/util/identityTokenEndpoint.ts"],"names":[],"mappings":"AAGA,wBAAgB,8BAA8B,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAMvE"}`
				`@@ -0,0 +1 @@`
				{"version":3,"file":"identityTokenEndpoint.js","sourceRoot":"","sources":["../../../src/util/identityTokenEndpoint.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,wEAMC;AAND,SAAgB,8BAA8B,CAAC,QAAgB;IAC7D,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,OAAO,cAAc,CAAC;IACxB,CAAC;SAAM,CAAC;QACN,OAAO,mBAAmB,CAAC;IAC7B,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport function getIdentityTokenEndpointSuffix(tenantId: string): string {\n if (tenantId === \"adfs\") {\n return \"oauth2/token\";\n } else {\n return \"oauth2/v2.0/token\";\n }\n}\n"]}
				`@@ -0,0 +1 @@`
				{"version":3,"file":"logging.d.ts","sourceRoot":"","sources":["../../../src/util/logging.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAGjD;;GAEG;AACH,eAAO,MAAM,MAAM,aAAiC,CAAC;AAErD,UAAU,sBAAsB;IAC9B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,gBAAgB,EAAE,MAAM,EAAE,GAAG,sBAAsB,CAYjF;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,cAAc,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,IAAI,CAKnF;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,MAAM,CAE9D;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,EAAE,KAAK,EAAE,KAAK,GAAG,MAAM,GAAG,MAAM,CAM/F;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,KAAK,EAAE,MAAM,EACb,MAAM,CAAC,EAAE,wBAAwB,EACjC,GAAG,GAAE,WAAoB,GACxB,wBAAwB,CA2B1B;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAiB,SAAQ,wBAAwB;IAChE,MAAM,EAAE,WAAW,CAAC;IACpB,QAAQ,EAAE,wBAAwB,CAAC;CACpC;AAED;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,GAAE,WAAoB,GAAG,gBAAgB,CAO3F"}
				`@@ -0,0 +1 @@`
				`{"version":3,"file":"processMultiTenantRequest.d.ts","sourceRoot":"","sources":["../../../src/util/processMultiTenantRequest.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAExD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAMrD;;;;;GAKG;AACH,wBAAgB,yBAAyB,CACvC,QAAQ,CAAC,EAAE,MAAM,EACjB,eAAe,CAAC,EAAE,eAAe,EACjC,4BAA4B,GAAE,MAAM,EAAO,EAC3C,MAAM,CAAC,EAAE,gBAAgB,GACxB,MAAM,GAAG,SAAS,CAqBpB"}`
				`@@ -0,0 +1 @@`
				{"version":3,"file":"processMultiTenantRequest.js","sourceRoot":"","sources":["../../../src/util/processMultiTenantRequest.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AAgBlC,8DA0BC;AAvCD,4CAA0D;AAG1D,SAAS,+BAA+B,CAAC,QAAgB;IACvD,OAAO,yEAAyE,QAAQ,qMAAqM,CAAC;AAChS,CAAC;AAED;;;;;GAKG;AACH,SAAgB,yBAAyB,CACvC,QAAiB,EACjB,eAAiC,EACjC,+BAAyC,EAAE,EAC3C,MAAyB;;IAEzB,IAAI,gBAAoC,CAAC;IACzC,IAAI,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE,CAAC;QACvD,gBAAgB,GAAG,QAAQ,CAAC;IAC9B,CAAC;SAAM,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC/B,gBAAgB,GAAG,QAAQ,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,gBAAgB,GAAG,MAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,mCAAI,QAAQ,CAAC;IAC3D,CAAC;IACD,IACE,QAAQ;QACR,gBAAgB,KAAK,QAAQ;QAC7B,CAAC,4BAA4B,CAAC,QAAQ,CAAC,GAAG,CAAC;QAC3C,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,gBAAiB,CAAC,KAAK,CAAC,CAAC,EACnF,CAAC;QACD,MAAM,OAAO,GAAG,+BAA+B,CAAC,gBAAiB,CAAC,CAAC;QACnE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACtB,MAAM,IAAI,sCAA0B,CAAC,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { CredentialLogger } from \"./logging.js\";\n\nfunction createConfigurationErrorMessage(tenantId: string): string {\n return `The current credential is not configured to acquire tokens for tenant ${tenantId}. To enable acquiring tokens for this tenant add it to the AdditionallyAllowedTenants on the credential options, or add \"\" to AdditionallyAllowedTenants to allow acquiring tokens for any tenant.`;\n}\n\n/\n Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,\n * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),\n * or unless the original tenant Id is `adfs`.\n * @internal\n /\nexport function processMultiTenantRequest(\n tenantId?: string,\n getTokenOptions?: GetTokenOptions,\n additionallyAllowedTenantIds: string[] = [],\n logger?: CredentialLogger,\n): string \| undefined {\n let resolvedTenantId: string \| undefined;\n if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {\n resolvedTenantId = tenantId;\n } else if (tenantId === \"adfs\") {\n resolvedTenantId = tenantId;\n } else {\n resolvedTenantId = getTokenOptions?.tenantId ?? tenantId;\n }\n if (\n tenantId &&\n resolvedTenantId !== tenantId &&\n !additionallyAllowedTenantIds.includes(\"\") &&\n !additionallyAllowedTenantIds.some((t) => t.localeCompare(resolvedTenantId!) === 0)\n ) {\n const message = createConfigurationErrorMessage(resolvedTenantId!);\n logger?.info(message);\n throw new CredentialUnavailableError(message);\n }\n\n return resolvedTenantId;\n}\n"]}
				`@@ -0,0 +1 @@`
				`{"version":3,"file":"processUtils.d.ts","sourceRoot":"","sources":["../../../src/util/processUtils.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,YAAY,MAAM,eAAe,CAAC;AAE9C;;;GAGG;AACH,eAAO,MAAM,YAAY;IACvB;;;OAGG;mBAEK,MAAM,UACJ,MAAM,EAAE,YACN,YAAY,CAAC,iCAAiC,GACvD,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;CAiB5B,CAAC"}`
				`@@ -0,0 +1 @@`
				{"version":3,"file":"processUtils.js","sourceRoot":"","sources":["../../../src/util/processUtils.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;;AAElC,oEAA8C;AAE9C;;;GAGG;AACU,QAAA,YAAY,GAAG;IAC1B;;;OAGG;IACH,QAAQ,CACN,IAAY,EACZ,MAAgB,EAChB,OAAwD;QAExD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;gBACrE,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC5B,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACnC,CAAC;gBACD,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC5B,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACnC,CAAC;gBACD,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;oBACpB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;gBAC7C,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,MAAM,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as childProcess from \"child_process\";\n\n/*\n Easy to mock childProcess utils.\n * @internal\n /\nexport const processUtils = {\n /\n Promisifying childProcess.execFile\n * @internal\n */\n execFile(\n file: string,\n params: string[],\n options?: childProcess.ExecFileOptionsWithStringEncoding,\n ): Promise<string \| Buffer> {\n return new Promise((resolve, reject) => {\n childProcess.execFile(file, params, options, (error, stdout, stderr) => {\n if (Buffer.isBuffer(stdout)) {\n stdout = stdout.toString(\"utf8\");\n }\n if (Buffer.isBuffer(stderr)) {\n stderr = stderr.toString(\"utf8\");\n }\n if (stderr \|\| error) {\n reject(stderr ? new Error(stderr) : error);\n } else {\n resolve(stdout);\n }\n });\n });\n },\n};\n"]}
				`@@ -0,0 +1 @@`
				`{"version":3,"file":"scopeUtils.d.ts","sourceRoot":"","sources":["../../../src/util/scopeUtils.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGrD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,MAAM,EAAE,CAEhE;AAED;;;GAGG;AACH,wBAAgB,+BAA+B,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,gBAAgB,GAAG,IAAI,CAM7F;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEtD"}`
				`@@ -0,0 +1 @@`
				{"version":3,"file":"scopeUtils.js","sourceRoot":"","sources":["../../../src/util/scopeUtils.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AASlC,oCAEC;AAMD,0EAMC;AAMD,4CAEC;AA5BD,6CAA2C;AAE3C;;;GAGG;AACH,SAAgB,YAAY,CAAC,MAAyB;IACpD,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;AACnD,CAAC;AAED;;;GAGG;AACH,SAAgB,+BAA+B,CAAC,KAAa,EAAE,MAAwB;IACrF,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;QACrF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,wBAAW,EAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;QAChD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,gBAAgB,CAAC,KAAa;IAC5C,OAAO,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;AAC1C,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { CredentialLogger } from \"./logging.js\";\nimport { formatError } from \"./logging.js\";\n\n/*\n Ensures the scopes value is an array.\n * @internal\n /\nexport function ensureScopes(scopes: string \| string[]): string[] {\n return Array.isArray(scopes) ? scopes : [scopes];\n}\n\n/\n Throws if the received scope is not valid.\n * @internal\n /\nexport function ensureValidScopeForDevTimeCreds(scope: string, logger: CredentialLogger): void {\n if (!scope.match(/^[0-9a-zA-Z-_.:/]+$/)) {\n const error = new Error(\"Invalid scope was specified by the user or calling client\");\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n}\n\n/\n Returns the resource out of a scope.\n * @internal\n */\nexport function getScopeResource(scope: string): string {\n return scope.replace(/\\/.default$/, \"\");\n}\n"]}
				`@@ -0,0 +1 @@`
				`{"version":3,"file":"subscriptionUtils.d.ts","sourceRoot":"","sources":["../../../src/util/subscriptionUtils.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGrD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI,CAQtF"}`