@azure/identity - npm Package Compare versions

dist-esm/src/credentials/managedIdentityCredential/imdsRetryPolicy.js

dist-esm/src/credentials/managedIdentityCredential/imdsRetryPolicy.js.map

dist-esm/src/credentials/managedIdentityCredential/msalMsiProvider.js

dist-esm/src/credentials/managedIdentityCredential/msalMsiProvider.js.map

7

dist-esm/src/client/identityClient.js

		@@ -50,2 +50,3 @@ // Copyright (c) Microsoft Corporation.
		}, baseUri }));
		this.allowInsecureConnection = false;
		this.authorityHost = baseUri;
		@@ -56,2 +57,6 @@ this.abortControllers = new Map();
		this.tokenCredentialOptions = Object.assign({}, options);
		// used for ManagedIdentity
		if (options === null \|\| options === void 0 ? void 0 : options.allowInsecureConnection) {
		this.allowInsecureConnection = options.allowInsecureConnection;
		}
		}
		@@ -174,2 +179,3 @@ async sendTokenRequest(request) {
		body: options === null \|\| options === void 0 ? void 0 : options.body,
		allowInsecureConnection: this.allowInsecureConnection,
		headers: createHttpHeaders(options === null \|\| options === void 0 ? void 0 : options.headers),
		@@ -192,2 +198,3 @@ abortSignal: this.generateAbortSignal(noCorrelationId),
		headers: createHttpHeaders(options === null \|\| options === void 0 ? void 0 : options.headers),
		allowInsecureConnection: this.allowInsecureConnection,
		// MSAL doesn't send the correlation ID on the get requests.
		@@ -194,0 +201,0 @@ abortSignal: this.generateAbortSignal(this.getCorrelationId(options)),

2

dist-esm/src/constants.js

		@@ -6,3 +6,3 @@ // Copyright (c) Microsoft Corporation.
		*/
		export const SDK_VERSION = `4.4.0`;
		export const SDK_VERSION = `4.4.1`;
		/**
		@@ -9,0 +9,0 @@ * The default client ID for authentication

57

dist-esm/src/credentials/azurePipelinesCredential.js

		@@ -80,28 +80,43 @@ // Copyright (c) Microsoft Corporation.
		const response = await this.identityClient.sendRequest(request);
		const text = response.bodyAsText;
		if (!text) {
		logger.error(`${credentialName}: Authenticated Failed. Received null token from OIDC request. Response status- ${response.status}. Complete response - ${JSON.stringify(response)}`);
		throw new AuthenticationError(response.status, `${credentialName}: Authenticated Failed. Received null token from OIDC request. Response status- ${response.status}. Complete response - ${JSON.stringify(response)}`);
		return handleOidcResponse(response);
		}
		}
		export function handleOidcResponse(response) {
		const text = response.bodyAsText;
		if (!text) {
		logger.error(`${credentialName}: Authentication Failed. Received null token from OIDC request. Response status- ${response.status}. Complete response - ${JSON.stringify(response)}`);
		throw new AuthenticationError(response.status, {
		error: `${credentialName}: Authentication Failed. Received null token from OIDC request.`,
		error_description: `${JSON.stringify(response)}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`,
		});
		}
		try {
		const result = JSON.parse(text);
		if (result === null \|\| result === void 0 ? void 0 : result.oidcToken) {
		return result.oidcToken;
		}
		try {
		const result = JSON.parse(text);
		if (result === null \|\| result === void 0 ? void 0 : result.oidcToken) {
		return result.oidcToken;
		else {
		const errorMessage = `${credentialName}: Authentication Failed. oidcToken field not detected in the response.`;
		let errorDescription = ``;
		if (response.status !== 200) {
		errorDescription = `Complete response - ${JSON.stringify(result)}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`;
		}
		else {
		let errorMessage = `${credentialName}: Authentication Failed. oidcToken field not detected in the response.`;
		if (response.status !== 200) {
		errorMessage += `Response = ${JSON.stringify(result)}`;
		}
		logger.error(errorMessage);
		throw new AuthenticationError(response.status, errorMessage);
		}
		logger.error(errorMessage);
		logger.error(errorDescription);
		throw new AuthenticationError(response.status, {
		error: errorMessage,
		error_description: errorDescription,
		});
		}
		catch (e) {
		logger.error(e.message);
		logger.error(`${credentialName}: Authentication Failed. oidcToken field not detected in the response. Response = ${text}`);
		throw new AuthenticationError(response.status, `${credentialName}: Authentication Failed. oidcToken field not detected in the response. Response = ${text}`);
		}
		}
		catch (e) {
		const errorDetails = `${credentialName}: Authentication Failed. oidcToken field not detected in the response.`;
		logger.error(`Response from service = ${text} and error message = ${e.message}`);
		logger.error(errorDetails);
		throw new AuthenticationError(response.status, {
		error: errorDetails,
		error_description: `Response = ${text}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`,
		});
		}
		}
		//# sourceMappingURL=azurePipelinesCredential.js.map

39

dist-esm/src/credentials/azurePowerShellCredential.js

		@@ -132,8 +132,3 @@ // Copyright (c) Microsoft Corporation.
		const result = results[1];
		try {
		return JSON.parse(result);
		}
		catch (e) {
		throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`);
		}
		return parseJsonToken(result);
		}
		@@ -185,2 +180,34 @@ throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system`);
		}
		/**
		*
		* @internal
		*/
		export async function parseJsonToken(result) {
		const jsonRegex = /{[^{}]*}/g;
		const matches = result.match(jsonRegex);
		let resultWithoutToken = result;
		if (matches) {
		try {
		for (const item of matches) {
		try {
		const jsonContent = JSON.parse(item);
		if (jsonContent === null \|\| jsonContent === void 0 ? void 0 : jsonContent.Token) {
		resultWithoutToken = resultWithoutToken.replace(item, "");
		if (resultWithoutToken) {
		logger.getToken.warning(resultWithoutToken);
		}
		return jsonContent;
		}
		}
		catch (e) {
		continue;
		}
		}
		}
		catch (e) {
		throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`);
		}
		}
		throw new Error(`No access token found in the output. Received output: ${result}`);
		}
		//# sourceMappingURL=azurePowerShellCredential.js.map

8

dist-esm/src/credentials/managedIdentityCredential/index.js

		// Copyright (c) Microsoft Corporation.
		// Licensed under the MIT license.
		import { LegacyMsiProvider } from "./legacyMsiProvider";
		import { MsalMsiProvider } from "./msalMsiProvider";
		/**
		@@ -18,3 +18,7 @@ * Attempts authentication using a managed identity available at the deployment environment.
		constructor(clientIdOrOptions, options) {
		this.implProvider = new LegacyMsiProvider(clientIdOrOptions, options);
		// https://github.com/Azure/azure-sdk-for-js/issues/30189
		// If needed, you may release a hotfix to quickly rollback to the legacy implementation by changing the following line to:
		// this.implProvider = new LegacyMsiProvider(clientIdOrOptions, options);
		// Once stabilized, you can remove the legacy implementation and inline the msalMsiProvider code here as a drop-in replacement.
		this.implProvider = new MsalMsiProvider(clientIdOrOptions, options);
		}
		@@ -21,0 +25,0 @@ /**

2

dist-esm/src/credentials/managedIdentityCredential/legacyMsiProvider.js

		@@ -79,3 +79,3 @@ // Copyright (c) Microsoft Corporation.
		cloudShellMsi,
		tokenExchangeMsi(),
		tokenExchangeMsi,
		imdsMsi,
		@@ -82,0 +82,0 @@ ];

41

dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js

		@@ -10,24 +10,21 @@ // Copyright (c) Microsoft Corporation.
		*/
		export function tokenExchangeMsi() {
		return {
		name: "tokenExchangeMsi",
		async isAvailable({ clientId }) {
		const env = process.env;
		const result = Boolean((clientId \|\| env.AZURE_CLIENT_ID) &&
		env.AZURE_TENANT_ID &&
		process.env.AZURE_FEDERATED_TOKEN_FILE);
		if (!result) {
		logger.info(`${msiName}: Unavailable. The environment variables needed are: AZURE_CLIENT_ID (or the client ID sent through the parameters), AZURE_TENANT_ID and AZURE_FEDERATED_TOKEN_FILE`);
		}
		return result;
		},
		async getToken(configuration, getTokenOptions = {}) {
		const { scopes, clientId } = configuration;
		const identityClientTokenCredentialOptions = {};
		const workloadIdentityCredential = new WorkloadIdentityCredential(Object.assign(Object.assign({ clientId, tenantId: process.env.AZURE_TENANT_ID, tokenFilePath: process.env.AZURE_FEDERATED_TOKEN_FILE }, identityClientTokenCredentialOptions), { disableInstanceDiscovery: true }));
		const token = await workloadIdentityCredential.getToken(scopes, getTokenOptions);
		return token;
		},
		};
		}
		export const tokenExchangeMsi = {
		name: "tokenExchangeMsi",
		async isAvailable({ clientId }) {
		const env = process.env;
		const result = Boolean((clientId \|\| env.AZURE_CLIENT_ID) &&
		env.AZURE_TENANT_ID &&
		process.env.AZURE_FEDERATED_TOKEN_FILE);
		if (!result) {
		logger.info(`${msiName}: Unavailable. The environment variables needed are: AZURE_CLIENT_ID (or the client ID sent through the parameters), AZURE_TENANT_ID and AZURE_FEDERATED_TOKEN_FILE`);
		}
		return result;
		},
		async getToken(configuration, getTokenOptions = {}) {
		const { scopes, clientId } = configuration;
		const identityClientTokenCredentialOptions = {};
		const workloadIdentityCredential = new WorkloadIdentityCredential(Object.assign(Object.assign({ clientId, tenantId: process.env.AZURE_TENANT_ID, tokenFilePath: process.env.AZURE_FEDERATED_TOKEN_FILE }, identityClientTokenCredentialOptions), { disableInstanceDiscovery: true }));
		return workloadIdentityCredential.getToken(scopes, getTokenOptions);
		},
		};
		//# sourceMappingURL=tokenExchangeMsi.js.map

2

package.json

		{
		"name": "@azure/identity",
		"sdk-type": "client",
		"version": "4.4.0",
		"version": "4.4.1",
		"description": "Provides credential implementations for Azure SDK libraries that can authenticate with Microsoft Entra ID",
		@@ -6,0 +6,0 @@ "main": "dist/index.js",

dist-esm/src/client/identityClient.js.map