@azure/identity - npm Package Compare versions

23

CHANGELOG.md

		@@ -1,8 +0,9 @@
		# Release History
		# Changelog

		## 1.0.3 (Unreleased)
		## 1.0.3 - 2020-04-28

		- Fix tracing to set correct span attributes ([PR #6565](https://github.com/Azure/azure-sdk-for-js/pull/6565)).
		- Made IMDS parse tokens using expires_on at a higher precedence over expires_in, if both are present. This should help in cases where expires_in lags is not
		updated ([Issue #6643](https://github.com/Azure/azure-sdk-for-js/issues/6643))

		## 1.0.2 (2019-12-03)
		## 1.0.2 - 2019-12-03

		@@ -13,3 +14,3 @@ - Fixed an issue where an authorization error occurs due to wrong access token being returned by the MSI endpoint when using a user-assigned managed identity with `ManagedIdentityCredential` ([PR #6134](https://github.com/Azure/azure-sdk-for-js/pull/6134))

		## 1.0.0 (2019-10-29)
		## 1.0.0 - 2019-10-29

		@@ -26,3 +27,3 @@ - This release marks the general availability of the `@azure/identity` package.

		## 1.0.0-preview.6 (2019-10-22)
		## 1.0.0-preview.6 - 2019-10-22

		@@ -35,7 +36,7 @@ - Renamed `DeviceCodeDetails` to `DeviceCodeInfo` and improved casing of the fields in the `ErrorResponse` type ([PR #5662](https://github.com/Azure/azure-sdk-for-js/pull/5662))

		## 1.0.0-preview.5 (2019-10-08)
		## 1.0.0-preview.5 - 2019-10-08

		- Update `@azure/core-tracing` dependency to resolve an issue when running in Internet Explorer 11 ([PR #5472](https://github.com/Azure/azure-sdk-for-js/pull/5472))

		## 1.0.0-preview.4 (2019-10-07)
		## 1.0.0-preview.4 - 2019-10-07

		@@ -47,3 +48,3 @@ - Introduced the [`AuthorizationCodeCredential`](https://azure.github.io/azure-sdk-for-js/identity/classes/authorizationcodecredential.html) for performing the [authorization code flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow) with AAD ([PR #5356](https://github.com/Azure/azure-sdk-for-js/pull/5356))

		## 1.0.0-preview.3 (2019-09-09)
		## 1.0.0-preview.3 - 2019-09-09

		@@ -53,3 +54,3 @@ - Fixed a ping timeout issue. The timeout is now configurable. ([PR #4941](https://github.com/Azure/azure-sdk-for-js/pull/4941))

		## 1.0.0-preview.2 (2019-08-05)
		## 1.0.0-preview.2 - 2019-08-05

		@@ -65,3 +66,3 @@ - Introduced the following credential types:

		## 1.0.0-preview.1 (2019-06-27)
		## 1.0.0-preview.1 - 2019-06-27

		@@ -68,0 +69,0 @@ For release notes and more information please visit https://aka.ms/azure-sdk-preview1-js

3

dist-esm/src/credentials/defaultAzureCredential.js

		@@ -6,3 +6,2 @@ // Copyright (c) Microsoft Corporation.
		import { ManagedIdentityCredential } from "./managedIdentityCredential";
		import { AzureCliCredential } from "./azureCliCredential";
		/**
		@@ -26,5 +25,5 @@ * Provides a default {@link ChainedTokenCredential} configuration for
		constructor(tokenCredentialOptions) {
		super(new EnvironmentCredential(tokenCredentialOptions), new ManagedIdentityCredential(tokenCredentialOptions), new AzureCliCredential());
		super(new EnvironmentCredential(tokenCredentialOptions), new ManagedIdentityCredential(tokenCredentialOptions));
		}
		}
		//# sourceMappingURL=defaultAzureCredential.js.map

14

dist-esm/src/credentials/managedIdentityCredential.js

		@@ -185,2 +185,16 @@ // Copyright (c) Microsoft Corporation.
		else {
		expiresInParser = (requestBody) => {
		if (requestBody.expires_on) {
		// Use the expires_on timestamp if it's available
		const expires = +requestBody.expires_on * 1000;
		logger.info(`ManagedIdentityCredential: IMDS using expires_on: ${expires} (original value: ${requestBody.expires_on})`);
		return expires;
		}
		else {
		// If these aren't possible, use expires_in and calculate a timestamp
		const expires = Date.now() + requestBody.expires_in * 1000;
		logger.info(`ManagedIdentityCredential: IMDS using expires_in: ${expires} (original value: ${requestBody.expires_in})`);
		return expires;
		}
		};
		// Ping the IMDS endpoint to see if it's available
		@@ -187,0 +201,0 @@ if (!checkIfImdsEndpointAvailable \|\|

1

dist-esm/src/index.js

		@@ -6,3 +6,2 @@ // Copyright (c) Microsoft Corporation.
		export { EnvironmentCredential } from "./credentials/environmentCredential";
		export { AzureCliCredential } from "./credentials/azureCliCredential";
		export { ClientSecretCredential } from "./credentials/clientSecretCredential";
		@@ -9,0 +8,0 @@ export { ClientCertificateCredential } from "./credentials/clientCertificateCredential";

8

dist-esm/src/util/tracing.js

		@@ -13,8 +13,8 @@ // Copyright (c) Microsoft Corporation.
		const tracingOptions = Object.assign({ spanOptions: {} }, options.tracingOptions);
		const spanOptions = Object.assign(Object.assign({}, tracingOptions.spanOptions), { kind: SpanKind.INTERNAL });
		const span = tracer.startSpan(`Azure.Identity.${operationName}`, spanOptions);
		span.setAttribute("az.namespace", "Microsoft.AAD");
		tracingOptions.spanOptions = Object.assign(Object.assign({}, tracingOptions.spanOptions), { kind: SpanKind.CLIENT });
		const span = tracer.startSpan(`Azure.Identity.${operationName}`, tracingOptions.spanOptions);
		span.setAttribute("component", "identity");
		let newOptions = options;
		if (span.isRecording()) {
		newOptions = Object.assign(Object.assign({}, options), { tracingOptions: Object.assign(Object.assign({}, tracingOptions), { spanOptions: Object.assign(Object.assign({}, tracingOptions.spanOptions), { parent: span, attributes: Object.assign(Object.assign({}, spanOptions.attributes), { "az.namespace": "Microsoft.AAD" }) }) }) });
		newOptions = Object.assign(Object.assign({}, options), { tracingOptions: Object.assign(Object.assign({}, tracingOptions), { spanOptions: Object.assign(Object.assign({}, tracingOptions.spanOptions), { parent: span }) }) });
		}
		@@ -21,0 +21,0 @@ return {

111

dist/index.js

		@@ -17,3 +17,2 @@ 'use strict';
		var crypto = require('crypto');
		var child_process = require('child_process');

		@@ -116,8 +115,8 @@ // Copyright (c) Microsoft Corporation.
		const tracingOptions = Object.assign({ spanOptions: {} }, options.tracingOptions);
		const spanOptions = Object.assign(Object.assign({}, tracingOptions.spanOptions), { kind: types.SpanKind.INTERNAL });
		const span = tracer.startSpan(`Azure.Identity.${operationName}`, spanOptions);
		span.setAttribute("az.namespace", "Microsoft.AAD");
		tracingOptions.spanOptions = Object.assign(Object.assign({}, tracingOptions.spanOptions), { kind: types.SpanKind.CLIENT });
		const span = tracer.startSpan(`Azure.Identity.${operationName}`, tracingOptions.spanOptions);
		span.setAttribute("component", "identity");
		let newOptions = options;
		if (span.isRecording()) {
		newOptions = Object.assign(Object.assign({}, options), { tracingOptions: Object.assign(Object.assign({}, tracingOptions), { spanOptions: Object.assign(Object.assign({}, tracingOptions.spanOptions), { parent: span, attributes: Object.assign(Object.assign({}, spanOptions.attributes), { "az.namespace": "Microsoft.AAD" }) }) }) });
		newOptions = Object.assign(Object.assign({}, options), { tracingOptions: Object.assign(Object.assign({}, tracingOptions), { spanOptions: Object.assign(Object.assign({}, tracingOptions.spanOptions), { parent: span }) }) });
		}
		@@ -867,2 +866,16 @@ return {
		else {
		expiresInParser = (requestBody) => {
		if (requestBody.expires_on) {
		// Use the expires_on timestamp if it's available
		const expires = +requestBody.expires_on * 1000;
		logger.info(`ManagedIdentityCredential: IMDS using expires_on: ${expires} (original value: ${requestBody.expires_on})`);
		return expires;
		}
		else {
		// If these aren't possible, use expires_in and calculate a timestamp
		const expires = Date.now() + requestBody.expires_in * 1000;
		logger.info(`ManagedIdentityCredential: IMDS using expires_in: ${expires} (original value: ${requestBody.expires_in})`);
		return expires;
		}
		};
		// Ping the IMDS endpoint to see if it's available
		@@ -942,87 +955,2 @@ if (!checkIfImdsEndpointAvailable \|\|
		/**
		* Provides the user access token and expire time
		* with Azure CLI command "az account get-access-token".
		*/
		class AzureCliCredential {
		/**
		* Creates an instance of the AzureCliCredential class.
		*/
		constructor() { }
		/**
		* Gets the access token from Azure CLI
		* @param resource The resource to use when getting the token
		*/
		getAzureCliAccessToken(resource) {
		return tslib.__awaiter(this, void 0, void 0, function* () {
		return new Promise((resolve, reject) => {
		try {
		child_process.exec(`az account get-access-token --output json --resource ${resource}`, (error, stdout, stderr) => {
		resolve({ stdout: stdout, stderr: stderr });
		});
		}
		catch (err) {
		reject(err);
		}
		});
		});
		}
		/**
		* Authenticates with Azure Active Directory and returns an access token if
		* successful. If authentication cannot be performed at this time, this method may
		* return null. If an error occurs during authentication, an {@link AuthenticationError}
		* containing failure details will be thrown.
		*
		* @param scopes The list of scopes for which the token will have access.
		* @param options The options used to configure any requests this
		* TokenCredential implementation might make.
		*/
		getToken(scopes, options) {
		return tslib.__awaiter(this, void 0, void 0, function* () {
		return new Promise((resolve, reject) => {
		let scope;
		scope = typeof scopes === "string" ? scopes : scopes[0];
		logger.info(`use the scope ${scope}`);
		const resource = scope.replace(/\/.default$/, "");
		let responseData = "";
		const { span } = createSpan("AzureCliCredential-getToken", options);
		this.getAzureCliAccessToken(resource)
		.then((obj) => {
		if (obj.stderr) {
		let isLoginError = obj.stderr.match("(.)az login(.)");
		let isNotInstallError = obj.stderr.match("az:(.*)not found") \|\|
		obj.stderr.startsWith("'az' is not recognized");
		if (isNotInstallError) {
		throw new Error("Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.");
		}
		else if (isLoginError) {
		throw new Error("Please run 'az login' from a command prompt to authenticate before using this credential.");
		}
		throw new Error(obj.stderr);
		}
		else {
		responseData = obj.stdout;
		const response = JSON.parse(responseData);
		resolve({
		token: response.accessToken,
		expiresOnTimestamp: new Date(response.expiresOn).getTime()
		});
		}
		})
		.catch((err) => {
		const code = err.name === AuthenticationErrorName
		? types.CanonicalCode.UNAUTHENTICATED
		: types.CanonicalCode.UNKNOWN;
		span.setStatus({
		code,
		message: err.message
		});
		reject(err);
		});
		});
		});
		}
		}

		// Copyright (c) Microsoft Corporation.
		/**
		* Provides a default {@link ChainedTokenCredential} configuration for
		@@ -1045,3 +973,3 @@ * applications that will be deployed to Azure. The following credential
		constructor(tokenCredentialOptions) {
		super(new EnvironmentCredential(tokenCredentialOptions), new ManagedIdentityCredential(tokenCredentialOptions), new AzureCliCredential());
		super(new EnvironmentCredential(tokenCredentialOptions), new ManagedIdentityCredential(tokenCredentialOptions));
		}
		@@ -1394,3 +1322,2 @@ }
		exports.AuthorizationCodeCredential = AuthorizationCodeCredential;
		exports.AzureCliCredential = AzureCliCredential;
		exports.ChainedTokenCredential = ChainedTokenCredential;
		@@ -1397,0 +1324,0 @@ exports.ClientCertificateCredential = ClientCertificateCredential;

25

package.json

		{
		"name": "@azure/identity",
		"sdk-type": "client",
		"version": "1.0.3-dev.20200305.1",
		"version": "1.0.3",
		"description": "Provides credential implementations for Azure SDK libraries that can authenticate with Azure Active Directory",
		@@ -11,3 +11,2 @@ "main": "dist/index.js",
		"stream": "./node_modules/stream-browserify/index.js",
		"./dist-esm/src/credentials/azureCliCredential.js": "./dist-esm/src/credentials/azureCliCredential.browser.js",
		"./dist-esm/src/credentials/environmentCredential.js": "./dist-esm/src/credentials/environmentCredential.browser.js",
		@@ -30,3 +29,3 @@ "./dist-esm/src/credentials/managedIdentityCredential.js": "./dist-esm/src/credentials/managedIdentityCredential.browser.js",
		"check-format": "prettier --list-different --config ../../.prettierrc.json \"src/*/.ts\" \"test/*/.ts\" \"*.{js,json}\"",
		"clean": "rimraf dist dist-esm dist-browser test-dist test-browser typings .tgz .log",
		"clean": "rimraf dist dist-esm browser test-dist test-browser typings .tgz .log",
		"execute:samples": "echo skipped",
		@@ -38,4 +37,4 @@ "extract-api": "tsc -p . && api-extractor run --local",
		"integration-test": "npm run integration-test:node && npm run integration-test:browser",
		"lint:fix": "eslint package.json tsconfig.json src test samples --ext .ts --fix --fix-type [problem,suggestion]",
		"lint": "eslint package.json tsconfig.json src test samples --ext .ts -f html -o identity-lintReport.html \|\| exit 0",
		"lint:fix": "eslint \"src/*/.ts\" \"test/*/.ts\" -c ../../.eslintrc.json --fix --fix-type [problem,suggestion]",
		"lint": "eslint \"src/*/.ts\" \"test/*/.ts\" -c ../../.eslintrc.json",
		"pack": "npm pack 2>&1",
		@@ -79,3 +78,3 @@ "prebuild": "npm run clean",
		"@azure/core-http": "^1.0.0",
		"@azure/core-tracing": "^1.0.0-dev",
		"@azure/core-tracing": "1.0.0-preview.7",
		"@azure/logger": "^1.0.0",
		@@ -87,3 +86,3 @@ "@opentelemetry/types": "^0.2.0",
		"qs": "^6.7.0",
		"tslib": "^1.10.0",
		"tslib": "^1.9.3",
		"uuid": "^3.3.2"
		@@ -94,6 +93,3 @@ },
		"@microsoft/api-extractor": "^7.5.4",
		"@rollup/plugin-commonjs": "^11.0.1",
		"@rollup/plugin-json": "^4.0.0",
		"@rollup/plugin-multi-entry": "^3.0.0",
		"@rollup/plugin-node-resolve": "^7.0.0",
		"@rollup/plugin-replace": "^2.2.0",
		@@ -117,6 +113,8 @@ "@types/express": "^4.16.0",
		"karma-env-preprocessor": "^0.1.1",
		"karma-json-preprocessor": "^0.3.3",
		"karma-json-to-file-reporter": "^1.0.1",
		"karma-junit-reporter": "^2.0.1",
		"karma-mocha": "^1.3.0",
		"karma-mocha-reporter": "^2.2.5",
		"karma-remap-istanbul": "^0.6.0",
		"karma-remap-coverage": "^0.1.5",
		"mocha": "^6.2.2",
		@@ -130,8 +128,11 @@ "mocha-junit-reporter": "^1.18.0",
		"rollup": "^1.16.3",
		"rollup-plugin-commonjs": "^10.0.0",
		"rollup-plugin-multi-entry": "^2.1.0",
		"rollup-plugin-node-resolve": "^5.0.2",
		"rollup-plugin-sourcemaps": "^0.4.2",
		"rollup-plugin-terser": "^5.1.1",
		"rollup-plugin-visualizer": "^3.1.1",
		"typescript": "~3.7.5",
		"typescript": "~3.6.4",
		"util": "^0.12.1"
		}
		}

6

README.md

		@@ -1,2 +0,2 @@
		## Azure Identity client library for JavaScript
		## Azure Identity client library for JS

		@@ -104,3 +104,3 @@ This library simplifies authentication against Azure Active Directory for Azure SDK libraries.

		The `AuthorizationCodeCredential` takes more up-front work to use than the other credential types at this time. A full sample demonstrating how to use this credential can be found in [`samples/authorizationCodeSample.ts`](https://github.com/Azure/azure-sdk-for-js/tree/c5dcaee11c2c31cdb69722c2b0c1d46b2205d516/sdk/identity/identity/samples/authorizationCodeSample.ts).
		The `AuthorizationCodeCredential` takes more up-front work to use than the other credential types at this time. A full sample demonstrating how to use this credential can be found in [`samples/authorizationCodeSample.ts`](https://github.com/Azure/azure-sdk-for-js/tree/3b652f3e677d34892e94b160690b0ec8a78e1bc9/sdk/identity/identity/samples/authorizationCodeSample.ts).

		@@ -149,3 +149,3 @@ ### Chaining credentials

		If you'd like to contribute to this library, please read the [contributing guide](https://github.com/Azure/azure-sdk-for-js/tree/c5dcaee11c2c31cdb69722c2b0c1d46b2205d516/CONTRIBUTING.md) to learn more about how to build and test the code.
		If you'd like to contribute to this library, please read the [contributing guide](https://github.com/Azure/azure-sdk-for-js/tree/3b652f3e677d34892e94b160690b0ec8a78e1bc9/CONTRIBUTING.md) to learn more about how to build and test the code.

		@@ -152,0 +152,0 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).

4

src/credentials/defaultAzureCredential.ts

		@@ -8,3 +8,2 @@ // Copyright (c) Microsoft Corporation.
		import { ManagedIdentityCredential } from "./managedIdentityCredential";
		import { AzureCliCredential } from "./azureCliCredential";

		@@ -31,6 +30,5 @@ /**
		new EnvironmentCredential(tokenCredentialOptions),
		new ManagedIdentityCredential(tokenCredentialOptions),
		new AzureCliCredential()
		new ManagedIdentityCredential(tokenCredentialOptions)
		);
		}
		}

13

src/credentials/managedIdentityCredential.ts

		@@ -248,2 +248,15 @@ // Copyright (c) Microsoft Corporation.
		} else {
		expiresInParser = (requestBody: any) => {
		if (requestBody.expires_on) {
		// Use the expires_on timestamp if it's available
		const expires = +requestBody.expires_on * 1000;
		logger.info(`ManagedIdentityCredential: IMDS using expires_on: ${expires} (original value: ${requestBody.expires_on})`);
		return expires;
		} else {
		// If these aren't possible, use expires_in and calculate a timestamp
		const expires = Date.now() + requestBody.expires_in * 1000;
		logger.info(`ManagedIdentityCredential: IMDS using expires_in: ${expires} (original value: ${requestBody.expires_in})`);
		return expires;
		}
		};
		// Ping the IMDS endpoint to see if it's available
		@@ -250,0 +263,0 @@ if (

1

src/index.ts

		@@ -10,3 +10,2 @@ // Copyright (c) Microsoft Corporation.
		export { EnvironmentCredential } from "./credentials/environmentCredential";
		export { AzureCliCredential } from "./credentials/azureCliCredential";
		export { ClientSecretCredential } from "./credentials/clientSecretCredential";
		@@ -13,0 +12,0 @@ export { ClientCertificateCredential } from "./credentials/clientCertificateCredential";

25

src/util/tracing.ts

		@@ -6,11 +6,4 @@ // Copyright (c) Microsoft Corporation.
		import { getTracer } from "@azure/core-tracing";
		import { Span, SpanKind, SpanOptions } from "@opentelemetry/types";
		import { Span, SpanKind } from "@opentelemetry/types";

		interface OperationTracingOptions {
		/**
		* OpenTelemetry SpanOptions used to create a span when tracing is enabled.
		*/
		spanOptions?: SpanOptions;
		}

		/**
		@@ -27,3 +20,3 @@ * Creates a span using the global tracer.

		const tracingOptions: OperationTracingOptions = {
		const tracingOptions = {
		spanOptions: {},
		@@ -33,9 +26,9 @@ ...options.tracingOptions

		const spanOptions: SpanOptions = {
		tracingOptions.spanOptions = {
		...tracingOptions.spanOptions,
		kind: SpanKind.INTERNAL
		kind: SpanKind.CLIENT
		};

		const span = tracer.startSpan(`Azure.Identity.${operationName}`, spanOptions);
		span.setAttribute("az.namespace", "Microsoft.AAD");
		const span = tracer.startSpan(`Azure.Identity.${operationName}`, tracingOptions.spanOptions);
		span.setAttribute("component", "identity");

		@@ -50,7 +43,3 @@ let newOptions = options;
		...tracingOptions.spanOptions,
		parent: span,
		attributes: {
		...spanOptions.attributes,
		"az.namespace": "Microsoft.AAD"
		}
		parent: span
		}
		@@ -57,0 +46,0 @@ }

27

types/identity.d.ts

		@@ -121,29 +121,2 @@ import { AccessToken } from '@azure/core-http';
		/**
		* Provides the user access token and expire time
		* with Azure CLI command "az account get-access-token".
		*/
		export declare class AzureCliCredential implements TokenCredential {
		/**
		* Creates an instance of the AzureCliCredential class.
		*/
		constructor();
		/**
		* Gets the access token from Azure CLI
		* @param resource The resource to use when getting the token
		*/
		protected getAzureCliAccessToken(resource: string): Promise<unknown>;
		/**
		* Authenticates with Azure Active Directory and returns an access token if
		* successful. If authentication cannot be performed at this time, this method may
		* return null. If an error occurs during authentication, an {@link AuthenticationError}
		* containing failure details will be thrown.
		*
		* @param scopes The list of scopes for which the token will have access.
		* @param options The options used to configure any requests this
		* TokenCredential implementation might make.
		*/
		getToken(scopes: string \| string[], options?: GetTokenOptions): Promise<AccessToken \| null>;
		}

		/**
		* The "login style" to use in the authentication flow:
		@@ -150,0 +123,0 @@ * - "redirect" redirects the user to the authentication page and then

dist-esm/src/credentials/azureCliCredential.browser.js

dist-esm/src/credentials/azureCliCredential.browser.js.map

dist-esm/src/credentials/azureCliCredential.js

dist-esm/src/credentials/azureCliCredential.js.map

src/credentials/azureCliCredential.browser.ts

src/credentials/azureCliCredential.ts

dist-esm/src/credentials/defaultAzureCredential.js.map