@azure/identity
Advanced tools
Comparing version 4.4.0 to 4.4.1
@@ -50,2 +50,3 @@ // Copyright (c) Microsoft Corporation. | ||
}, baseUri })); | ||
this.allowInsecureConnection = false; | ||
this.authorityHost = baseUri; | ||
@@ -56,2 +57,6 @@ this.abortControllers = new Map(); | ||
this.tokenCredentialOptions = Object.assign({}, options); | ||
// used for ManagedIdentity | ||
if (options === null || options === void 0 ? void 0 : options.allowInsecureConnection) { | ||
this.allowInsecureConnection = options.allowInsecureConnection; | ||
} | ||
} | ||
@@ -174,2 +179,3 @@ async sendTokenRequest(request) { | ||
body: options === null || options === void 0 ? void 0 : options.body, | ||
allowInsecureConnection: this.allowInsecureConnection, | ||
headers: createHttpHeaders(options === null || options === void 0 ? void 0 : options.headers), | ||
@@ -192,2 +198,3 @@ abortSignal: this.generateAbortSignal(noCorrelationId), | ||
headers: createHttpHeaders(options === null || options === void 0 ? void 0 : options.headers), | ||
allowInsecureConnection: this.allowInsecureConnection, | ||
// MSAL doesn't send the correlation ID on the get requests. | ||
@@ -194,0 +201,0 @@ abortSignal: this.generateAbortSignal(this.getCorrelationId(options)), |
@@ -6,3 +6,3 @@ // Copyright (c) Microsoft Corporation. | ||
*/ | ||
export const SDK_VERSION = `4.4.0`; | ||
export const SDK_VERSION = `4.4.1`; | ||
/** | ||
@@ -9,0 +9,0 @@ * The default client ID for authentication |
@@ -80,28 +80,43 @@ // Copyright (c) Microsoft Corporation. | ||
const response = await this.identityClient.sendRequest(request); | ||
const text = response.bodyAsText; | ||
if (!text) { | ||
logger.error(`${credentialName}: Authenticated Failed. Received null token from OIDC request. Response status- ${response.status}. Complete response - ${JSON.stringify(response)}`); | ||
throw new AuthenticationError(response.status, `${credentialName}: Authenticated Failed. Received null token from OIDC request. Response status- ${response.status}. Complete response - ${JSON.stringify(response)}`); | ||
return handleOidcResponse(response); | ||
} | ||
} | ||
export function handleOidcResponse(response) { | ||
const text = response.bodyAsText; | ||
if (!text) { | ||
logger.error(`${credentialName}: Authentication Failed. Received null token from OIDC request. Response status- ${response.status}. Complete response - ${JSON.stringify(response)}`); | ||
throw new AuthenticationError(response.status, { | ||
error: `${credentialName}: Authentication Failed. Received null token from OIDC request.`, | ||
error_description: `${JSON.stringify(response)}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`, | ||
}); | ||
} | ||
try { | ||
const result = JSON.parse(text); | ||
if (result === null || result === void 0 ? void 0 : result.oidcToken) { | ||
return result.oidcToken; | ||
} | ||
try { | ||
const result = JSON.parse(text); | ||
if (result === null || result === void 0 ? void 0 : result.oidcToken) { | ||
return result.oidcToken; | ||
else { | ||
const errorMessage = `${credentialName}: Authentication Failed. oidcToken field not detected in the response.`; | ||
let errorDescription = ``; | ||
if (response.status !== 200) { | ||
errorDescription = `Complete response - ${JSON.stringify(result)}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`; | ||
} | ||
else { | ||
let errorMessage = `${credentialName}: Authentication Failed. oidcToken field not detected in the response.`; | ||
if (response.status !== 200) { | ||
errorMessage += `Response = ${JSON.stringify(result)}`; | ||
} | ||
logger.error(errorMessage); | ||
throw new AuthenticationError(response.status, errorMessage); | ||
} | ||
logger.error(errorMessage); | ||
logger.error(errorDescription); | ||
throw new AuthenticationError(response.status, { | ||
error: errorMessage, | ||
error_description: errorDescription, | ||
}); | ||
} | ||
catch (e) { | ||
logger.error(e.message); | ||
logger.error(`${credentialName}: Authentication Failed. oidcToken field not detected in the response. Response = ${text}`); | ||
throw new AuthenticationError(response.status, `${credentialName}: Authentication Failed. oidcToken field not detected in the response. Response = ${text}`); | ||
} | ||
} | ||
catch (e) { | ||
const errorDetails = `${credentialName}: Authentication Failed. oidcToken field not detected in the response.`; | ||
logger.error(`Response from service = ${text} and error message = ${e.message}`); | ||
logger.error(errorDetails); | ||
throw new AuthenticationError(response.status, { | ||
error: errorDetails, | ||
error_description: `Response = ${text}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`, | ||
}); | ||
} | ||
} | ||
//# sourceMappingURL=azurePipelinesCredential.js.map |
@@ -132,8 +132,3 @@ // Copyright (c) Microsoft Corporation. | ||
const result = results[1]; | ||
try { | ||
return JSON.parse(result); | ||
} | ||
catch (e) { | ||
throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`); | ||
} | ||
return parseJsonToken(result); | ||
} | ||
@@ -185,2 +180,34 @@ throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system`); | ||
} | ||
/** | ||
* | ||
* @internal | ||
*/ | ||
export async function parseJsonToken(result) { | ||
const jsonRegex = /{[^{}]*}/g; | ||
const matches = result.match(jsonRegex); | ||
let resultWithoutToken = result; | ||
if (matches) { | ||
try { | ||
for (const item of matches) { | ||
try { | ||
const jsonContent = JSON.parse(item); | ||
if (jsonContent === null || jsonContent === void 0 ? void 0 : jsonContent.Token) { | ||
resultWithoutToken = resultWithoutToken.replace(item, ""); | ||
if (resultWithoutToken) { | ||
logger.getToken.warning(resultWithoutToken); | ||
} | ||
return jsonContent; | ||
} | ||
} | ||
catch (e) { | ||
continue; | ||
} | ||
} | ||
} | ||
catch (e) { | ||
throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`); | ||
} | ||
} | ||
throw new Error(`No access token found in the output. Received output: ${result}`); | ||
} | ||
//# sourceMappingURL=azurePowerShellCredential.js.map |
// Copyright (c) Microsoft Corporation. | ||
// Licensed under the MIT license. | ||
import { LegacyMsiProvider } from "./legacyMsiProvider"; | ||
import { MsalMsiProvider } from "./msalMsiProvider"; | ||
/** | ||
@@ -18,3 +18,7 @@ * Attempts authentication using a managed identity available at the deployment environment. | ||
constructor(clientIdOrOptions, options) { | ||
this.implProvider = new LegacyMsiProvider(clientIdOrOptions, options); | ||
// https://github.com/Azure/azure-sdk-for-js/issues/30189 | ||
// If needed, you may release a hotfix to quickly rollback to the legacy implementation by changing the following line to: | ||
// this.implProvider = new LegacyMsiProvider(clientIdOrOptions, options); | ||
// Once stabilized, you can remove the legacy implementation and inline the msalMsiProvider code here as a drop-in replacement. | ||
this.implProvider = new MsalMsiProvider(clientIdOrOptions, options); | ||
} | ||
@@ -21,0 +25,0 @@ /** |
@@ -79,3 +79,3 @@ // Copyright (c) Microsoft Corporation. | ||
cloudShellMsi, | ||
tokenExchangeMsi(), | ||
tokenExchangeMsi, | ||
imdsMsi, | ||
@@ -82,0 +82,0 @@ ]; |
@@ -10,24 +10,21 @@ // Copyright (c) Microsoft Corporation. | ||
*/ | ||
export function tokenExchangeMsi() { | ||
return { | ||
name: "tokenExchangeMsi", | ||
async isAvailable({ clientId }) { | ||
const env = process.env; | ||
const result = Boolean((clientId || env.AZURE_CLIENT_ID) && | ||
env.AZURE_TENANT_ID && | ||
process.env.AZURE_FEDERATED_TOKEN_FILE); | ||
if (!result) { | ||
logger.info(`${msiName}: Unavailable. The environment variables needed are: AZURE_CLIENT_ID (or the client ID sent through the parameters), AZURE_TENANT_ID and AZURE_FEDERATED_TOKEN_FILE`); | ||
} | ||
return result; | ||
}, | ||
async getToken(configuration, getTokenOptions = {}) { | ||
const { scopes, clientId } = configuration; | ||
const identityClientTokenCredentialOptions = {}; | ||
const workloadIdentityCredential = new WorkloadIdentityCredential(Object.assign(Object.assign({ clientId, tenantId: process.env.AZURE_TENANT_ID, tokenFilePath: process.env.AZURE_FEDERATED_TOKEN_FILE }, identityClientTokenCredentialOptions), { disableInstanceDiscovery: true })); | ||
const token = await workloadIdentityCredential.getToken(scopes, getTokenOptions); | ||
return token; | ||
}, | ||
}; | ||
} | ||
export const tokenExchangeMsi = { | ||
name: "tokenExchangeMsi", | ||
async isAvailable({ clientId }) { | ||
const env = process.env; | ||
const result = Boolean((clientId || env.AZURE_CLIENT_ID) && | ||
env.AZURE_TENANT_ID && | ||
process.env.AZURE_FEDERATED_TOKEN_FILE); | ||
if (!result) { | ||
logger.info(`${msiName}: Unavailable. The environment variables needed are: AZURE_CLIENT_ID (or the client ID sent through the parameters), AZURE_TENANT_ID and AZURE_FEDERATED_TOKEN_FILE`); | ||
} | ||
return result; | ||
}, | ||
async getToken(configuration, getTokenOptions = {}) { | ||
const { scopes, clientId } = configuration; | ||
const identityClientTokenCredentialOptions = {}; | ||
const workloadIdentityCredential = new WorkloadIdentityCredential(Object.assign(Object.assign({ clientId, tenantId: process.env.AZURE_TENANT_ID, tokenFilePath: process.env.AZURE_FEDERATED_TOKEN_FILE }, identityClientTokenCredentialOptions), { disableInstanceDiscovery: true })); | ||
return workloadIdentityCredential.getToken(scopes, getTokenOptions); | ||
}, | ||
}; | ||
//# sourceMappingURL=tokenExchangeMsi.js.map |
{ | ||
"name": "@azure/identity", | ||
"sdk-type": "client", | ||
"version": "4.4.0", | ||
"version": "4.4.1", | ||
"description": "Provides credential implementations for Azure SDK libraries that can authenticate with Microsoft Entra ID", | ||
@@ -6,0 +6,0 @@ "main": "dist/index.js", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
234
110
5
1631916
12424