@azure/msal-node - npm Package Compare versions

dist/client/ManagedIdentitySources/CloudShell.cjs

dist/client/ManagedIdentitySources/CloudShell.cjs.map

dist/client/ManagedIdentitySources/CloudShell.mjs

dist/client/ManagedIdentitySources/CloudShell.mjs.map

dist/client/ManagedIdentitySources/ServiceFabric.cjs

dist/client/ManagedIdentitySources/ServiceFabric.cjs.map

dist/client/ManagedIdentitySources/ServiceFabric.mjs

dist/client/ManagedIdentitySources/ServiceFabric.mjs.map

dist/network/HttpClientWithRetries.cjs

dist/network/HttpClientWithRetries.cjs.map

dist/network/HttpClientWithRetries.d.ts

dist/network/HttpClientWithRetries.d.ts.map

dist/network/HttpClientWithRetries.mjs

dist/network/HttpClientWithRetries.mjs.map

dist/retry/IHttpRetryPolicy.d.ts

dist/retry/IHttpRetryPolicy.d.ts.map

dist/retry/LinearRetryPolicy.cjs

dist/retry/LinearRetryPolicy.cjs.map

dist/retry/LinearRetryPolicy.d.ts

dist/retry/LinearRetryPolicy.d.ts.map

dist/retry/LinearRetryPolicy.mjs

dist/retry/LinearRetryPolicy.mjs.map

src/network/HttpClientWithRetries.ts

src/retry/IHttpRetryPolicy.ts

src/retry/LinearRetryPolicy.ts

0

dist/cache/distributed/DistributedCachePlugin.d.ts

@@ -0,0 +0,0 @@ import { ICachePlugin, TokenCacheContext } from "@azure/msal-common";

0

dist/cache/distributed/ICacheClient.d.ts

@@ -0,0 +0,0 @@ export interface ICacheClient {

0

dist/cache/distributed/IPartitionManager.d.ts

@@ -0,0 +0,0 @@ import { AccountEntity } from "@azure/msal-common";

0

dist/cache/ITokenCache.d.ts

@@ -0,0 +0,0 @@ import { AccountInfo } from "@azure/msal-common";

0

dist/cache/NodeStorage.d.ts

@@ -0,0 +0,0 @@ import { TokenKeys, AccountEntity, IdTokenEntity, AccessTokenEntity, RefreshTokenEntity, AppMetadataEntity, ServerTelemetryEntity, ThrottlingEntity, CacheManager, Logger, ValidCacheType, ICrypto, AuthorityMetadataEntity, ValidCredentialType, StaticAuthorityOptions } from "@azure/msal-common";

0

dist/cache/serializer/Deserializer.d.ts

@@ -0,0 +0,0 @@ import { AccountCache, IdTokenCache, AccessTokenCache, RefreshTokenCache, AppMetadataCache } from "@azure/msal-common";

0

dist/cache/serializer/Serializer.d.ts

@@ -0,0 +0,0 @@ import { AccountCache, IdTokenCache, AccessTokenCache, RefreshTokenCache, AppMetadataCache } from "@azure/msal-common";

0

dist/cache/serializer/SerializerTypes.d.ts

@@ -0,0 +0,0 @@ import { AccountCache, IdTokenCache, AccessTokenCache, RefreshTokenCache, AppMetadataCache, ValidCacheType } from "@azure/msal-common";

0

dist/cache/TokenCache.d.ts

@@ -0,0 +0,0 @@ import { NodeStorage } from "./NodeStorage.js";

2

dist/client/ClientApplication.d.ts

		@@ -118,3 +118,3 @@ import { ClientConfiguration, AuthenticationResult, BaseAuthRequest, Logger, ServerTelemetryManager, AzureRegionConfiguration, AzureCloudOptions, AuthorizationCodePayload } from "@azure/msal-common";
		*/
		protected buildOauthClientConfiguration(authority: string, requestCorrelationId?: string, serverTelemetryManager?: ServerTelemetryManager, azureRegionConfiguration?: AzureRegionConfiguration, azureCloudOptions?: AzureCloudOptions): Promise<ClientConfiguration>;
		protected buildOauthClientConfiguration(authority: string, requestCorrelationId: string, serverTelemetryManager?: ServerTelemetryManager, azureRegionConfiguration?: AzureRegionConfiguration, azureCloudOptions?: AzureCloudOptions): Promise<ClientConfiguration>;
		private getClientAssertion;
		@@ -121,0 +121,0 @@ /**

0

dist/client/ClientAssertion.d.ts

@@ -0,0 +0,0 @@ import { CryptoProvider } from "../crypto/CryptoProvider.js";

0

dist/client/ClientCredentialClient.d.ts

@@ -0,0 +0,0 @@ import { AuthenticationResult, Authority, BaseClient, CacheManager, CacheOutcome, ClientConfiguration, CommonClientCredentialRequest, IAppTokenProvider, ICrypto, ServerTelemetryManager } from "@azure/msal-common";

0

dist/client/ConfidentialClientApplication.d.ts

@@ -0,0 +0,0 @@ import { ClientApplication } from "./ClientApplication.js";

0

dist/client/DeviceCodeClient.d.ts

@@ -0,0 +0,0 @@ import { AuthenticationResult, BaseClient, ClientConfiguration, CommonDeviceCodeRequest } from "@azure/msal-common";

0

dist/client/IConfidentialClientApplication.d.ts

@@ -0,0 +0,0 @@ import { AuthenticationResult, IAppTokenProvider, Logger } from "@azure/msal-common";

0

dist/client/IPublicClientApplication.d.ts

@@ -0,0 +0,0 @@ import { AccountInfo, AuthenticationResult, Logger } from "@azure/msal-common";

2

dist/client/ManagedIdentityApplication.d.ts

		@@ -10,3 +10,3 @@ import { AuthenticationResult } from "@azure/msal-common";
		private logger;
		private static nodeStorage;
		private static nodeStorage?;
		private networkClient;
		@@ -13,0 +13,0 @@ private cryptoProvider;

7

dist/client/ManagedIdentityClient.d.ts

		import { Authority, INetworkModule, Logger, AuthenticationResult } from "@azure/msal-common";
		import { AppService } from "./ManagedIdentitySources/AppService";
		import { AzureArc } from "./ManagedIdentitySources/AzureArc";
		import { CloudShell } from "./ManagedIdentitySources/CloudShell";
		import { Imds } from "./ManagedIdentitySources/Imds";
		import { ServiceFabric } from "./ManagedIdentitySources/ServiceFabric";
		import { CryptoProvider } from "../crypto/CryptoProvider";
		@@ -16,3 +11,3 @@ import { ManagedIdentityRequest } from "../request/ManagedIdentityRequest";
		private cryptoProvider;
		static identitySource: ServiceFabric \| AppService \| CloudShell \| AzureArc \| Imds \| undefined;
		private static identitySource?;
		constructor(logger: Logger, nodeStorage: NodeStorage, networkClient: INetworkModule, cryptoProvider: CryptoProvider);
		@@ -19,0 +14,0 @@ sendManagedIdentityTokenRequest(managedIdentityRequest: ManagedIdentityRequest, managedIdentityId: ManagedIdentityId, fakeAuthority: Authority, refreshAccessToken?: boolean): Promise<AuthenticationResult>;

6

dist/client/ManagedIdentitySources/AppService.d.ts

		@@ -11,5 +11,5 @@ import { INetworkModule, Logger } from "@azure/msal-common";
		export declare class AppService extends BaseManagedIdentitySource {
		private endpoint;
		private secret;
		constructor(logger: Logger, nodeStorage: NodeStorage, networkClient: INetworkModule, cryptoProvider: CryptoProvider, endpoint: string, secret: string);
		private identityEndpoint;
		private identityHeader;
		constructor(logger: Logger, nodeStorage: NodeStorage, networkClient: INetworkModule, cryptoProvider: CryptoProvider, identityEndpoint: string, identityHeader: string);
		static tryCreate(logger: Logger, nodeStorage: NodeStorage, networkClient: INetworkModule, cryptoProvider: CryptoProvider): AppService \| null;
		@@ -16,0 +16,0 @@ createRequest(resource: string, managedIdentityId: ManagedIdentityId): ManagedIdentityRequestParameters;

10

dist/client/ManagedIdentitySources/AzureArc.d.ts

		import { INetworkModule, NetworkResponse, NetworkRequestOptions, Logger, ServerAuthorizationTokenResponse } from "@azure/msal-common";
		import { ManagedIdentityId } from "../../config/ManagedIdentityId";
		import { ManagedIdentityRequestParameters } from "../../config/ManagedIdentityRequestParameters";
		@@ -8,2 +7,3 @@ import { BaseManagedIdentitySource } from "./BaseManagedIdentitySource";
		import { ManagedIdentityTokenResponse } from "../../response/ManagedIdentityTokenResponse";
		import { ManagedIdentityId } from "../../config/ManagedIdentityId";
		export declare const ARC_API_VERSION: string;
		@@ -14,8 +14,8 @@ /**
		export declare class AzureArc extends BaseManagedIdentitySource {
		private endpoint;
		constructor(logger: Logger, nodeStorage: NodeStorage, networkClient: INetworkModule, cryptoProvider: CryptoProvider, endpoint: string);
		static tryCreate(logger: Logger, nodeStorage: NodeStorage, networkClient: INetworkModule, cryptoProvider: CryptoProvider): AzureArc \| null;
		createRequest(resource: string, managedIdentityId: ManagedIdentityId): ManagedIdentityRequestParameters;
		private identityEndpoint;
		constructor(logger: Logger, nodeStorage: NodeStorage, networkClient: INetworkModule, cryptoProvider: CryptoProvider, identityEndpoint: string);
		static tryCreate(logger: Logger, nodeStorage: NodeStorage, networkClient: INetworkModule, cryptoProvider: CryptoProvider, managedIdentityId: ManagedIdentityId): AzureArc \| null;
		createRequest(resource: string): ManagedIdentityRequestParameters;
		getServerTokenResponseAsync(originalResponse: NetworkResponse<ManagedIdentityTokenResponse>, networkClient: INetworkModule, networkRequest: ManagedIdentityRequestParameters, networkRequestOptions: NetworkRequestOptions): Promise<ServerAuthorizationTokenResponse>;
		}
		//# sourceMappingURL=AzureArc.d.ts.map

12

dist/client/ManagedIdentitySources/BaseManagedIdentitySource.d.ts

		@@ -6,4 +6,14 @@ import { Authority, INetworkModule, Logger, NetworkRequestOptions, NetworkResponse, ServerAuthorizationTokenResponse, AuthenticationResult } from "@azure/msal-common";
		import { ManagedIdentityRequest } from "../../request/ManagedIdentityRequest";
		import { ManagedIdentityIdType } from "../../utils/Constants";
		import { ManagedIdentityTokenResponse } from "../../response/ManagedIdentityTokenResponse";
		import { NodeStorage } from "../../cache/NodeStorage";
		/**
		* Managed Identity User Assigned Id Query Parameter Names
		*/
		export declare const ManagedIdentityUserAssignedIdQueryParameterNames: {
		readonly MANAGED_IDENTITY_CLIENT_ID: "client_id";
		readonly MANAGED_IDENTITY_OBJECT_ID: "object_id";
		readonly MANAGED_IDENTITY_RESOURCE_ID: "mi_res_id";
		};
		export type ManagedIdentityUserAssignedIdQueryParameterNames = (typeof ManagedIdentityUserAssignedIdQueryParameterNames)[keyof typeof ManagedIdentityUserAssignedIdQueryParameterNames];
		export declare abstract class BaseManagedIdentitySource {
		@@ -19,3 +29,5 @@ protected logger: Logger;
		acquireTokenWithManagedIdentity(managedIdentityRequest: ManagedIdentityRequest, managedIdentityId: ManagedIdentityId, fakeAuthority: Authority, refreshAccessToken?: boolean): Promise<AuthenticationResult>;
		getManagedIdentityUserAssignedIdQueryParameterKey(managedIdentityIdType: ManagedIdentityIdType): string;
		static getValidatedEnvVariableUrlString: (envVariableStringName: string, envVariable: string, sourceName: string, logger: Logger) => string;
		}
		//# sourceMappingURL=BaseManagedIdentitySource.d.ts.map

13

dist/client/ManagedIdentitySources/CloudShell.d.ts

		@@ -1,7 +0,16 @@
		import { ManagedIdentityId } from "../../config/ManagedIdentityId";
		import { INetworkModule, Logger } from "@azure/msal-common";
		import { ManagedIdentityRequestParameters } from "../../config/ManagedIdentityRequestParameters";
		import { BaseManagedIdentitySource } from "./BaseManagedIdentitySource";
		import { NodeStorage } from "../../cache/NodeStorage";
		import { CryptoProvider } from "../../crypto/CryptoProvider";
		import { ManagedIdentityId } from "../../config/ManagedIdentityId";
		/**
		* Original source of code: https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/CloudShellManagedIdentitySource.cs
		*/
		export declare class CloudShell extends BaseManagedIdentitySource {
		createRequest(_resource: string, _managedIdentityId: ManagedIdentityId): ManagedIdentityRequestParameters;
		private msiEndpoint;
		constructor(logger: Logger, nodeStorage: NodeStorage, networkClient: INetworkModule, cryptoProvider: CryptoProvider, msiEndpoint: string);
		static tryCreate(logger: Logger, nodeStorage: NodeStorage, networkClient: INetworkModule, cryptoProvider: CryptoProvider, managedIdentityId: ManagedIdentityId): CloudShell \| null;
		createRequest(resource: string): ManagedIdentityRequestParameters;
		}
		//# sourceMappingURL=CloudShell.d.ts.map

4

dist/client/ManagedIdentitySources/Imds.d.ts

		@@ -8,4 +8,4 @@ import { INetworkModule, Logger } from "@azure/msal-common";
		export declare class Imds extends BaseManagedIdentitySource {
		private endpoint;
		constructor(logger: Logger, nodeStorage: NodeStorage, networkClient: INetworkModule, cryptoProvider: CryptoProvider, endpoint: string);
		private identityEndpoint;
		constructor(logger: Logger, nodeStorage: NodeStorage, networkClient: INetworkModule, cryptoProvider: CryptoProvider, identityEndpoint: string);
		static tryCreate(logger: Logger, nodeStorage: NodeStorage, networkClient: INetworkModule, cryptoProvider: CryptoProvider): Imds;
		@@ -12,0 +12,0 @@ createRequest(resource: string, managedIdentityId: ManagedIdentityId): ManagedIdentityRequestParameters;

12

dist/client/ManagedIdentitySources/ServiceFabric.d.ts

		@@ -0,7 +1,17 @@
		import { INetworkModule, Logger } from "@azure/msal-common";
		import { ManagedIdentityId } from "../../config/ManagedIdentityId";
		import { ManagedIdentityRequestParameters } from "../../config/ManagedIdentityRequestParameters";
		import { BaseManagedIdentitySource } from "./BaseManagedIdentitySource";
		import { NodeStorage } from "../../cache/NodeStorage";
		import { CryptoProvider } from "../../crypto/CryptoProvider";
		/**
		* Original source of code: https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/ServiceFabricManagedIdentitySource.cs
		*/
		export declare class ServiceFabric extends BaseManagedIdentitySource {
		createRequest(_resource: string, _managedIdentityId: ManagedIdentityId): ManagedIdentityRequestParameters;
		private identityEndpoint;
		private identityHeader;
		constructor(logger: Logger, nodeStorage: NodeStorage, networkClient: INetworkModule, cryptoProvider: CryptoProvider, identityEndpoint: string, identityHeader: string);
		static tryCreate(logger: Logger, nodeStorage: NodeStorage, networkClient: INetworkModule, cryptoProvider: CryptoProvider, managedIdentityId: ManagedIdentityId): ServiceFabric \| null;
		createRequest(resource: string, managedIdentityId: ManagedIdentityId): ManagedIdentityRequestParameters;
		}
		//# sourceMappingURL=ServiceFabric.d.ts.map

0

dist/client/OnBehalfOfClient.d.ts

@@ -0,0 +0,0 @@ import { AuthenticationResult, BaseClient, ClientConfiguration, CommonOnBehalfOfRequest } from "@azure/msal-common";

0

dist/client/PublicClientApplication.d.ts

@@ -0,0 +0,0 @@ import { AuthenticationResult, AccountInfo } from "@azure/msal-common";

0

dist/client/UsernamePasswordClient.d.ts

@@ -0,0 +0,0 @@ import { AuthenticationResult, BaseClient, ClientConfiguration, CommonUsernamePasswordRequest } from "@azure/msal-common";

3

dist/config/Configuration.d.ts

		@@ -68,2 +68,3 @@ /// <reference types="node" />
		customAgentOptions?: http.AgentOptions \| https.AgentOptions;
		disableInternalRetries?: boolean;
		};
		@@ -121,5 +122,5 @@ export type NodeTelemetryOptions = {
		managedIdentityId: ManagedIdentityId;
		system: Required<NodeSystemOptions>;
		system: Required<Pick<NodeSystemOptions, "loggerOptions" \| "networkClient">>;
		};
		export declare function buildManagedIdentityConfiguration({ managedIdentityIdParams, system, }: ManagedIdentityConfiguration): ManagedIdentityNodeConfiguration;
		//# sourceMappingURL=Configuration.d.ts.map

0

dist/config/ManagedIdentityId.d.ts

@@ -0,0 +0,0 @@ import { ManagedIdentityIdType } from "../utils/Constants";

0

dist/config/ManagedIdentityRequestParameters.d.ts

@@ -0,0 +0,0 @@ import { HttpMethod } from "../utils/Constants";

0

dist/crypto/CryptoProvider.d.ts

@@ -0,0 +0,0 @@ import { ICrypto, PkceCodes } from "@azure/msal-common";

0

dist/crypto/GuidGenerator.d.ts

@@ -0,0 +0,0 @@ import { IGuidGenerator } from "@azure/msal-common";

0

dist/crypto/HashUtils.d.ts

@@ -0,0 +0,0 @@ /// <reference types="node" />

0

dist/crypto/PkceGenerator.d.ts

@@ -0,0 +0,0 @@ import { PkceCodes } from "@azure/msal-common";

8

dist/error/ManagedIdentityError.d.ts

		@@ -11,6 +11,12 @@ import { AuthError } from "@azure/msal-common";
		missing_client_id: string;
		azure_pod_identity_authority_host_url_malformed: string;
		identity_endpoint_url_malformed: string;
		imds_endpoint_url_malformed: string;
		msi_endpoint_url_malformed: string;
		network_unavailable: string;
		unable_to_create_azure_arc: string;
		unable_to_create_cloud_shell: string;
		unable_to_create_source: string;
		unable_to_read_secret_file: string;
		url_parse_error: string;
		user_assigned_not_available_at_runtime: string;
		www_authenticate_header_missing: string;
		@@ -17,0 +23,0 @@ www_authenticate_header_unsupported_format: string;

10

dist/error/ManagedIdentityErrorCodes.d.ts

		export declare const invalidManagedIdentityIdType = "invalid_managed_identity_id_type";
		export declare const invalidResource = "invalid_resource";
		export declare const missingId = "missing_client_id";
		export declare const networkUnavailable = "network_unavailable";
		export declare const unableToCreateAzureArc = "unable_to_create_azure_arc";
		export declare const unableToCreateCloudShell = "unable_to_create_cloud_shell";
		export declare const unableToCreateSource = "unable_to_create_source";
		export declare const unableToReadSecretFile = "unable_to_read_secret_file";
		export declare const urlParseError = "url_parse_error";
		export declare const userAssignedNotAvailableAtRuntime = "user_assigned_not_available_at_runtime";
		export declare const wwwAuthenticateHeaderMissing = "www_authenticate_header_missing";
		export declare const wwwAuthenticateHeaderUnsupportedFormat = "www_authenticate_header_unsupported_format";
		export declare const MsiEnvironmentVariableUrlMalformedErrorCodes: {
		readonly AZURE_POD_IDENTITY_AUTHORITY_HOST: "azure_pod_identity_authority_host_url_malformed";
		readonly IDENTITY_ENDPOINT: "identity_endpoint_url_malformed";
		readonly IMDS_ENDPOINT: "imds_endpoint_url_malformed";
		readonly MSI_ENDPOINT: "msi_endpoint_url_malformed";
		};
		export type MsiEnvironmentVariableErrorCodes = (typeof MsiEnvironmentVariableUrlMalformedErrorCodes)[keyof typeof MsiEnvironmentVariableUrlMalformedErrorCodes];
		//# sourceMappingURL=ManagedIdentityErrorCodes.d.ts.map

0

dist/error/NodeAuthError.d.ts

@@ -0,0 +0,0 @@ import { AuthError } from "@azure/msal-common";

0

dist/index.d.ts

@@ -0,0 +0,0 @@ /**

0

dist/internals.d.ts

@@ -0,0 +0,0 @@ /**

3

dist/network/HttpClient.d.ts

		@@ -12,4 +12,3 @@ /// <reference types="node" />
		private customAgentOptions;
		private managedIdentity;
		constructor(proxyUrl?: string, customAgentOptions?: http.AgentOptions \| https.AgentOptions, managedIdentity?: boolean);
		constructor(proxyUrl?: string, customAgentOptions?: http.AgentOptions \| https.AgentOptions);
		/**
		@@ -16,0 +15,0 @@ * Http Get request

0

dist/network/ILoopbackClient.d.ts

@@ -0,0 +0,0 @@ import { ServerAuthorizationCodeResponse } from "@azure/msal-common";

0

dist/network/LoopbackClient.d.ts

@@ -0,0 +0,0 @@ import { ServerAuthorizationCodeResponse } from "@azure/msal-common";

2

dist/packageMetadata.d.ts

		export declare const name = "@azure/msal-node";
		export declare const version = "2.7.0-alpha.0";
		export declare const version = "2.7.0";
		//# sourceMappingURL=packageMetadata.d.ts.map

0

dist/request/AuthorizationCodeRequest.d.ts

@@ -0,0 +0,0 @@ import { CommonAuthorizationCodeRequest } from "@azure/msal-common";

0

dist/request/AuthorizationUrlRequest.d.ts

@@ -0,0 +0,0 @@ import { CommonAuthorizationUrlRequest } from "@azure/msal-common";

0

dist/request/ClientCredentialRequest.d.ts

@@ -0,0 +0,0 @@ import { CommonClientCredentialRequest } from "@azure/msal-common";

0

dist/request/DeviceCodeRequest.d.ts

@@ -0,0 +0,0 @@ import { CommonDeviceCodeRequest, DeviceCodeResponse } from "@azure/msal-common";

0

dist/request/InteractiveRequest.d.ts

@@ -0,0 +0,0 @@ /// <reference types="node" />

0

dist/request/ManagedIdentityRequest.d.ts

@@ -0,0 +0,0 @@ import { CommonClientCredentialRequest } from "@azure/msal-common";

0

dist/request/ManagedIdentityRequestParams.d.ts

@@ -0,0 +0,0 @@ /**

0

dist/request/OnBehalfOfRequest.d.ts

@@ -0,0 +0,0 @@ import { CommonOnBehalfOfRequest } from "@azure/msal-common";

0

dist/request/RefreshTokenRequest.d.ts

@@ -0,0 +0,0 @@ import { CommonRefreshTokenRequest } from "@azure/msal-common";

0

dist/request/SignOutRequest.d.ts

@@ -0,0 +0,0 @@ import { AccountInfo } from "@azure/msal-common";

0

dist/request/SilentFlowRequest.d.ts

@@ -0,0 +0,0 @@ import { AccountInfo, CommonSilentFlowRequest } from "@azure/msal-common";

0

dist/request/UsernamePasswordRequest.d.ts

@@ -0,0 +0,0 @@ import { CommonUsernamePasswordRequest } from "@azure/msal-common";

0

dist/response/ManagedIdentityTokenResponse.d.ts

@@ -0,0 +0,0 @@ import { AuthenticationScheme } from "@azure/msal-common";

35

dist/utils/Constants.d.ts

		export declare const AUTHORIZATION_HEADER_NAME: string;
		export declare const METADATA_HEADER_NAME: string;
		export declare const SECRET_HEADER_NAME: string;
		export declare const MANAGED_IDENTITY_CLIENT_ID = "client_id";
		export declare const MANAGED_IDENTITY_OBJECT_ID = "object_id";
		export declare const MANAGED_IDENTITY_RESOURCE_ID = "mi_res_id";
		export declare const APP_SERVICE_SECRET_HEADER_NAME: string;
		export declare const SERVICE_FABRIC_SECRET_HEADER_NAME: string;
		export declare const API_VERSION_QUERY_PARAMETER_NAME: string;
		export declare const RESOURCE_BODY_OR_QUERY_PARAMETER_NAME: string;
		export declare const DEFAULT_MANAGED_IDENTITY_ID = "system_assigned_managed_identity";
		export declare const MANAGED_IDENTITY_DEFAULT_TENANT = "managed_identity";
		export declare const DEFAULT_AUTHORITY_FOR_MANAGED_IDENTITY: string;
		export declare const MANAGED_IDENTITY_TIMEOUT_ERROR: string;
		/**
		* Managed Identity Environment Variable Names
		*/
		export declare const ManagedIdentityEnvironmentVariableNames: {
		readonly AZURE_POD_IDENTITY_AUTHORITY_HOST: "AZURE_POD_IDENTITY_AUTHORITY_HOST";
		readonly IDENTITY_ENDPOINT: "IDENTITY_ENDPOINT";
		readonly IDENTITY_HEADER: "IDENTITY_HEADER";
		readonly IDENTITY_SERVER_THUMBPRINT: "IDENTITY_SERVER_THUMBPRINT";
		readonly IMDS_ENDPOINT: "IMDS_ENDPOINT";
		readonly MSI_ENDPOINT: "MSI_ENDPOINT";
		};
		export type ManagedIdentityEnvironmentVariableNames = (typeof ManagedIdentityEnvironmentVariableNames)[keyof typeof ManagedIdentityEnvironmentVariableNames];
		/**
		* Managed Identity Source Names
		*/
		export declare const ManagedIdentitySourceNames: {
		readonly APP_SERVICE: "App Service";
		readonly AZURE_ARC: "Azure Arc";
		readonly CLOUD_SHELL: "Cloud Shell";
		readonly IMDS: "IMDS";
		readonly SERVICE_FABRIC: "Service Fabric";
		};
		export type ManagedIdentitySourceNames = (typeof ManagedIdentitySourceNames)[keyof typeof ManagedIdentitySourceNames];
		/**
		* Managed Identity Ids
		@@ -107,2 +129,5 @@ */
		};
		export declare const MANAGED_IDENTITY_MAX_RETRIES = 3;
		export declare const MANAGED_IDENTITY_RETRY_DELAY = 1000;
		export declare const MANAGED_IDENTITY_HTTP_STATUS_CODES_TO_RETRY_ON: (500 \| 404 \| 408 \| 429 \| 503 \| 504)[];
		//# sourceMappingURL=Constants.d.ts.map

0

dist/utils/EncodingUtils.d.ts

@@ -0,0 +0,0 @@ /// <reference types="node" />

0

dist/utils/NetworkUtils.d.ts

@@ -0,0 +0,0 @@ import { NetworkResponse, UrlToHttpRequestOptions } from "@azure/msal-common";

10

package.json

		{
		"$schema": "https://json.schemastore.org/package.json",
		"name": "@azure/msal-node",
		"version": "2.7.0-alpha.0",
		"version": "2.7.0",
		"author": {
		@@ -52,4 +52,4 @@ "name": "Microsoft",
		"prepack": "npm run build:all",
		"format:check": "npx prettier --ignore-path .gitignore --check src test",
		"format:fix": "npx prettier --ignore-path .gitignore --write src test"
		"format:check": "prettier --ignore-path .gitignore --check src test",
		"format:fix": "prettier --ignore-path .gitignore --write src test"
		},
		@@ -70,3 +70,3 @@ "beachball": {
		"@types/uuid": "^7.0.0",
		"eslint-config-msal": "^0.0.0",
		"eslint-config-msal": "file:../../shared-configs/eslint-config-msal",
		"jest": "^29.5.0",
		@@ -82,3 +82,3 @@ "prettier": "2.8.7",
		"dependencies": {
		"@azure/msal-common": "14.6.0-alpha.0",
		"@azure/msal-common": "14.9.0",
		"jsonwebtoken": "^9.0.0",
		@@ -85,0 +85,0 @@ "uuid": "^8.3.0"

13

src/cache/NodeStorage.ts

		@@ -94,3 +94,3 @@ /*
		inMemoryCache.refreshTokens[key] = value as RefreshTokenEntity;
		} else if (value instanceof AppMetadataEntity) {
		} else if (CacheHelpers.isAppMetadataEntity(key, value)) {
		inMemoryCache.appMetadata[key] = value as AppMetadataEntity;
		@@ -326,5 +326,3 @@ } else {
		) as AppMetadataEntity;
		if (
		AppMetadataEntity.isAppMetadataEntity(appMetadataKey, appMetadata)
		) {
		if (CacheHelpers.isAppMetadataEntity(appMetadataKey, appMetadata)) {
		return appMetadata;
		@@ -340,3 +338,3 @@ }
		setAppMetadata(appMetadata: AppMetadataEntity): void {
		const appMetadataKey = appMetadata.generateAppMetadataKey();
		const appMetadataKey = CacheHelpers.generateAppMetadataKey(appMetadata);
		this.setItem(appMetadataKey, appMetadata);
		@@ -389,6 +387,3 @@ }
		authorityMetadataEntity &&
		AuthorityMetadataEntity.isAuthorityMetadataEntity(
		key,
		authorityMetadataEntity
		)
		CacheHelpers.isAuthorityMetadataEntity(key, authorityMetadataEntity)
		) {
		@@ -395,0 +390,0 @@ return authorityMetadataEntity;

6

src/cache/serializer/Deserializer.ts

		@@ -16,3 +16,2 @@ /*
		RefreshTokenEntity,
		AppMetadataEntity,
		CacheManager,
		@@ -185,3 +184,3 @@ CredentialType,
		const serializedAmdt = appMetadata[key];
		const mappedAmd = {
		appMetadataObjects[key] = {
		clientId: serializedAmdt.client_id,
		@@ -191,5 +190,2 @@ environment: serializedAmdt.environment,
		};
		const amd: AppMetadataEntity = new AppMetadataEntity();
		CacheManager.toObject(amd, mappedAmd);
		appMetadataObjects[key] = amd;
		});
		@@ -196,0 +192,0 @@ }

9

src/client/ClientApplication.ts

		@@ -399,3 +399,3 @@ /*
		authority: string,
		requestCorrelationId?: string,
		requestCorrelationId: string,
		serverTelemetryManager?: ServerTelemetryManager,
		@@ -418,4 +418,4 @@ azureRegionConfiguration?: AzureRegionConfiguration,
		authority,
		requestCorrelationId,
		azureRegionConfiguration,
		requestCorrelationId,
		userAzureCloudOptions
		@@ -564,4 +564,4 @@ );
		authorityString: string,
		requestCorrelationId: string,
		azureRegionConfiguration?: AzureRegionConfiguration,
		requestCorrelationId?: string,
		azureCloudOptions?: AzureCloudOptions
		@@ -592,3 +592,4 @@ ): Promise<Authority> {
		authorityOptions,
		this.logger
		this.logger,
		requestCorrelationId
		);
		@@ -595,0 +596,0 @@ }

6

src/client/ManagedIdentityApplication.ts

		@@ -46,3 +46,3 @@ /*
		private logger: Logger;
		private static nodeStorage: NodeStorage \| undefined;
		private static nodeStorage?: NodeStorage;
		private networkClient: INetworkModule;
		@@ -98,4 +98,4 @@ private cryptoProvider: CryptoProvider;
		this.logger,
		this.cryptoProvider.createNewGuid(), // correlationID
		undefined,
		undefined,
		true
		@@ -148,3 +148,3 @@ );
		authority: this.fakeAuthority.canonicalAuthority,
		correlationId: this.config.managedIdentityId.id,
		correlationId: this.cryptoProvider.createNewGuid(),
		};
		@@ -151,0 +151,0 @@

34

src/client/ManagedIdentityClient.ts

		@@ -25,2 +25,3 @@ /*
		import { NodeStorage } from "../cache/NodeStorage";
		import { BaseManagedIdentitySource } from "./ManagedIdentitySources/BaseManagedIdentitySource";

		@@ -37,9 +38,3 @@ /*

		static identitySource:
		\| ServiceFabric
		\| AppService
		\| CloudShell
		\| AzureArc
		\| Imds
		\| undefined;
		private static identitySource?: BaseManagedIdentitySource;

		@@ -70,3 +65,4 @@ constructor(
		this.networkClient,
		this.cryptoProvider
		this.cryptoProvider,
		managedIdentityId
		);
		@@ -91,5 +87,13 @@ }
		networkClient: INetworkModule,
		cryptoProvider: CryptoProvider
		): ServiceFabric \| AppService \| CloudShell \| AzureArc \| Imds {
		cryptoProvider: CryptoProvider,
		managedIdentityId: ManagedIdentityId
		): BaseManagedIdentitySource {
		const source =
		ServiceFabric.tryCreate(
		logger,
		nodeStorage,
		networkClient,
		cryptoProvider,
		managedIdentityId
		) \|\|
		AppService.tryCreate(
		@@ -101,2 +105,9 @@ logger,
		) \|\|
		CloudShell.tryCreate(
		logger,
		nodeStorage,
		networkClient,
		cryptoProvider,
		managedIdentityId
		) \|\|
		AzureArc.tryCreate(
		@@ -106,3 +117,4 @@ logger,
		networkClient,
		cryptoProvider
		cryptoProvider,
		managedIdentityId
		) \|\|
		@@ -109,0 +121,0 @@ Imds.tryCreate(logger, nodeStorage, networkClient, cryptoProvider);

159

src/client/ManagedIdentitySources/AppService.ts

		@@ -6,11 +6,12 @@ /*

		import { INetworkModule, Logger, UrlString } from "@azure/msal-common";
		import { INetworkModule, Logger } from "@azure/msal-common";
		import { BaseManagedIdentitySource } from "./BaseManagedIdentitySource";
		import {
		HttpMethod,
		MANAGED_IDENTITY_CLIENT_ID,
		MANAGED_IDENTITY_OBJECT_ID,
		MANAGED_IDENTITY_RESOURCE_ID,
		APP_SERVICE_SECRET_HEADER_NAME,
		API_VERSION_QUERY_PARAMETER_NAME,
		RESOURCE_BODY_OR_QUERY_PARAMETER_NAME,
		ManagedIdentityEnvironmentVariableNames,
		ManagedIdentitySourceNames,
		ManagedIdentityIdType,
		SECRET_HEADER_NAME,
		} from "../../utils/Constants";
		@@ -20,6 +21,2 @@ import { CryptoProvider } from "../../crypto/CryptoProvider";
		import { ManagedIdentityId } from "../../config/ManagedIdentityId";
		import {
		ManagedIdentityErrorCodes,
		createManagedIdentityError,
		} from "../../error/ManagedIdentityError";
		import { NodeStorage } from "../../cache/NodeStorage";
		@@ -34,4 +31,4 @@
		export class AppService extends BaseManagedIdentitySource {
		private endpoint: string;
		private secret: string;
		private identityEndpoint: string;
		private identityHeader: string;

		@@ -43,9 +40,9 @@ constructor(
		cryptoProvider: CryptoProvider,
		endpoint: string,
		secret: string
		identityEndpoint: string,
		identityHeader: string
		) {
		super(logger, nodeStorage, networkClient, cryptoProvider);

		this.endpoint = endpoint;
		this.secret = secret;
		this.identityEndpoint = identityEndpoint;
		this.identityHeader = identityHeader;
		}
		@@ -59,23 +56,39 @@
		): AppService \| null {
		const secret: string \| undefined = process.env["IDENTITY_HEADER"];
		const identityEndpoint: string \| undefined =
		process.env[
		ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT
		];
		const identityHeader: string \| undefined =
		process.env[
		ManagedIdentityEnvironmentVariableNames.IDENTITY_HEADER
		];

		const [areEnvironmentVariablesValidated, endpoint]: [
		boolean,
		string \| undefined
		] = validateEnvironmentVariables(
		process.env["IDENTITY_ENDPOINT"] \|\| undefined,
		secret,
		logger
		// if either of the identity endpoint or identity header variables are undefined, this MSI provider is unavailable.
		if (!identityEndpoint \|\| !identityHeader) {
		logger.info(
		`[Managed Identity] ${ManagedIdentitySourceNames.APP_SERVICE} managed identity is unavailable because one or both of the '${ManagedIdentityEnvironmentVariableNames.IDENTITY_HEADER}' and '${ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT}' environment variables are not defined.`
		);
		return null;
		}

		const validatedIdentityEndpoint: string =
		AppService.getValidatedEnvVariableUrlString(
		ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT,
		identityEndpoint,
		ManagedIdentitySourceNames.APP_SERVICE,
		logger
		);

		logger.info(
		`[Managed Identity] Environment variables validation passed for ${ManagedIdentitySourceNames.APP_SERVICE} managed identity. Endpoint URI: ${validatedIdentityEndpoint}. Creating ${ManagedIdentitySourceNames.APP_SERVICE} managed identity.`
		);

		return areEnvironmentVariablesValidated
		? new AppService(
		logger,
		nodeStorage,
		networkClient,
		cryptoProvider,
		endpoint as string,
		secret as string
		)
		: null;
		return new AppService(
		logger,
		nodeStorage,
		networkClient,
		cryptoProvider,
		identityEndpoint,
		identityHeader
		);
		}
		@@ -88,70 +101,28 @@
		const request: ManagedIdentityRequestParameters =
		new ManagedIdentityRequestParameters(HttpMethod.GET, this.endpoint);
		new ManagedIdentityRequestParameters(
		HttpMethod.GET,
		this.identityEndpoint
		);

		request.headers[SECRET_HEADER_NAME] = this.secret;
		request.queryParameters["api-version"] = APP_SERVICE_MSI_API_VERSION;
		request.queryParameters["resource"] = resource;
		// bodyParameters calculated in BaseManagedIdentity.acquireTokenWithManagedIdentity
		request.headers[APP_SERVICE_SECRET_HEADER_NAME] = this.identityHeader;

		switch (managedIdentityId.idType) {
		case ManagedIdentityIdType.USER_ASSIGNED_CLIENT_ID:
		this.logger.info(
		"[Managed Identity] Adding user assigned client id to the request."
		);
		request.queryParameters[MANAGED_IDENTITY_CLIENT_ID] =
		managedIdentityId.id;
		break;
		request.queryParameters[API_VERSION_QUERY_PARAMETER_NAME] =
		APP_SERVICE_MSI_API_VERSION;
		request.queryParameters[RESOURCE_BODY_OR_QUERY_PARAMETER_NAME] =
		resource;

		case ManagedIdentityIdType.USER_ASSIGNED_RESOURCE_ID:
		this.logger.info(
		"[Managed Identity] Adding user assigned resource id to the request."
		);
		request.queryParameters[MANAGED_IDENTITY_RESOURCE_ID] =
		managedIdentityId.id;
		break;

		case ManagedIdentityIdType.USER_ASSIGNED_OBJECT_ID:
		this.logger.info(
		"[Managed Identity] Adding user assigned object id to the request."
		);
		request.queryParameters[MANAGED_IDENTITY_OBJECT_ID] =
		managedIdentityId.id;
		break;
		if (
		managedIdentityId.idType !== ManagedIdentityIdType.SYSTEM_ASSIGNED
		) {
		request.queryParameters[
		this.getManagedIdentityUserAssignedIdQueryParameterKey(
		managedIdentityId.idType
		)
		] = managedIdentityId.id;
		}

		// bodyParameters calculated in BaseManagedIdentity.acquireTokenWithManagedIdentity

		return request;
		}
		}

		const validateEnvironmentVariables = (
		endpoint: string \| undefined,
		secret: string \| undefined,
		logger: Logger
		): [boolean, string \| undefined] => {
		let endpointUrlString: string \| undefined;

		// if either of the endpoint or secret environment variables are undefined, this MSI provider is unavailable.
		if (!endpoint \|\| !secret) {
		logger.info(
		"[Managed Identity] App Service managed identity is unavailable because one or both of the 'IDENTITY_HEADER' and 'IDENTITY_ENDPOINT' environment variables are missing."
		);
		return [false, endpointUrlString];
		}

		try {
		endpointUrlString = new UrlString(endpoint).urlString;
		} catch (error) {
		logger.info(
		"[Managed Identity] App Service managed identity is unavailable because the 'IDENTITY_ENDPOINT' environment variable is malformed."
		);

		throw createManagedIdentityError(
		ManagedIdentityErrorCodes.urlParseError
		);
		}

		logger.info(
		`[Managed Identity] Environment variables validation passed for App Service managed identity. Endpoint URI: ${endpointUrlString}. Creating App Service managed identity.`
		);
		return [true, endpointUrlString];
		};

127

src/client/ManagedIdentitySources/AzureArc.ts

		@@ -15,6 +15,4 @@ /*
		Logger,
		UrlString,
		ServerAuthorizationTokenResponse,
		} from "@azure/msal-common";
		import { ManagedIdentityId } from "../../config/ManagedIdentityId";
		import { ManagedIdentityRequestParameters } from "../../config/ManagedIdentityRequestParameters";
		@@ -28,6 +26,10 @@ import { BaseManagedIdentitySource } from "./BaseManagedIdentitySource";
		import {
		API_VERSION_QUERY_PARAMETER_NAME,
		AUTHORIZATION_HEADER_NAME,
		HttpMethod,
		METADATA_HEADER_NAME,
		ManagedIdentityEnvironmentVariableNames,
		ManagedIdentityIdType,
		ManagedIdentitySourceNames,
		RESOURCE_BODY_OR_QUERY_PARAMETER_NAME,
		} from "../../utils/Constants";
		@@ -37,2 +39,3 @@ import { NodeStorage } from "../../cache/NodeStorage";
		import { ManagedIdentityTokenResponse } from "../../response/ManagedIdentityTokenResponse";
		import { ManagedIdentityId } from "../../config/ManagedIdentityId";

		@@ -45,3 +48,3 @@ export const ARC_API_VERSION: string = "2019-11-01";
		export class AzureArc extends BaseManagedIdentitySource {
		private endpoint: string;
		private identityEndpoint: string;

		@@ -53,7 +56,7 @@ constructor(
		cryptoProvider: CryptoProvider,
		endpoint: string
		identityEndpoint: string
		) {
		super(logger, nodeStorage, networkClient, cryptoProvider);

		this.endpoint = endpoint;
		this.identityEndpoint = identityEndpoint;
		}
		@@ -65,30 +68,43 @@
		networkClient: INetworkModule,
		cryptoProvider: CryptoProvider
		cryptoProvider: CryptoProvider,
		managedIdentityId: ManagedIdentityId
		): AzureArc \| null {
		const imdsEndpoint: string \| undefined = process.env["IMDS_ENDPOINT"];
		const identityEndpoint: string \| undefined =
		process.env[
		ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT
		];
		const imdsEndpoint: string \| undefined =
		process.env[ManagedIdentityEnvironmentVariableNames.IMDS_ENDPOINT];

		const [areEnvironmentVariablesValidated, endpoint]: [
		boolean,
		string \| undefined
		] = validateEnvironmentVariables(
		process.env["IDENTITY_ENDPOINT"] \|\| undefined,
		// if either of the identity or imds endpoints are undefined, this MSI provider is unavailable.
		if (!identityEndpoint \|\| !imdsEndpoint) {
		logger.info(
		`[Managed Identity] ${ManagedIdentitySourceNames.AZURE_ARC} managed identity is unavailable because one or both of the '${ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT}' and '${ManagedIdentityEnvironmentVariableNames.IMDS_ENDPOINT}' environment variables are not defined.`
		);
		return null;
		}

		const validatedIdentityEndpoint: string =
		AzureArc.getValidatedEnvVariableUrlString(
		ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT,
		identityEndpoint,
		ManagedIdentitySourceNames.AZURE_ARC,
		logger
		);
		// remove trailing slash
		validatedIdentityEndpoint.endsWith("/")
		? validatedIdentityEndpoint.slice(0, -1)
		: validatedIdentityEndpoint;

		AzureArc.getValidatedEnvVariableUrlString(
		ManagedIdentityEnvironmentVariableNames.IMDS_ENDPOINT,
		imdsEndpoint,
		ManagedIdentitySourceNames.AZURE_ARC,
		logger
		);

		return areEnvironmentVariablesValidated
		? new AzureArc(
		logger,
		nodeStorage,
		networkClient,
		cryptoProvider,
		endpoint as string
		)
		: null;
		}
		logger.info(
		`[Managed Identity] Environment variables validation passed for ${ManagedIdentitySourceNames.AZURE_ARC} managed identity. Endpoint URI: ${validatedIdentityEndpoint}. Creating ${ManagedIdentitySourceNames.AZURE_ARC} managed identity.`
		);

		public createRequest(
		resource: string,
		managedIdentityId: ManagedIdentityId
		): ManagedIdentityRequestParameters {
		if (
		@@ -102,11 +118,25 @@ managedIdentityId.idType !== ManagedIdentityIdType.SYSTEM_ASSIGNED

		return new AzureArc(
		logger,
		nodeStorage,
		networkClient,
		cryptoProvider,
		identityEndpoint
		);
		}

		public createRequest(resource: string): ManagedIdentityRequestParameters {
		const request: ManagedIdentityRequestParameters =
		new ManagedIdentityRequestParameters(
		HttpMethod.GET,
		this.endpoint.replace("localhost", "127.0.0.1")
		this.identityEndpoint.replace("localhost", "127.0.0.1")
		);

		request.headers[METADATA_HEADER_NAME] = "true";
		request.queryParameters["api-version"] = ARC_API_VERSION;
		request.queryParameters["resource"] = resource;

		request.queryParameters[API_VERSION_QUERY_PARAMETER_NAME] =
		ARC_API_VERSION;
		request.queryParameters[RESOURCE_BODY_OR_QUERY_PARAMETER_NAME] =
		resource;

		// bodyParameters calculated in BaseManagedIdentity.acquireTokenWithManagedIdentity
		@@ -177,40 +207,1 @@
		}

		const validateEnvironmentVariables = (
		identityEndpoint: string \| undefined,
		imdsEndpoint: string \| undefined,
		logger: Logger
		): [boolean, string \| undefined] => {
		let endpointUrlString: string \| undefined;

		// if either of the identity or imds endpoints are undefined, this MSI provider is unavailable.
		if (!identityEndpoint \|\| !imdsEndpoint) {
		logger.info(
		"[Managed Identity] Azure Arc managed identity is unavailable because one or both of the 'IDENTITY_ENDPOINT' and 'IMDS_ENDPOINT' environment variables are missing."
		);
		return [false, endpointUrlString];
		}

		try {
		endpointUrlString = new UrlString(identityEndpoint).urlString;
		} catch (error) {
		logger.info(
		"[Managed Identity] App service managed identity is unavailable because the 'IDENTITY_ENDPOINT' environment variable is malformed."
		);

		throw createManagedIdentityError(
		ManagedIdentityErrorCodes.urlParseError
		);
		}

		logger.info(
		`[Managed Identity] Environment variables validation passed for Azure Arc managed identity. Endpoint URI: ${endpointUrlString}. Creating Azure Arc managed identity.`
		);
		return [
		true,
		// remove trailing slash
		endpointUrlString.endsWith("/")
		? endpointUrlString.slice(0, -1)
		: endpointUrlString,
		];
		};

72

src/client/ManagedIdentitySources/BaseManagedIdentitySource.ts

		@@ -21,2 +21,3 @@ /*
		AuthenticationResult,
		UrlString,
		} from "@azure/msal-common";
		@@ -27,6 +28,21 @@ import { ManagedIdentityId } from "../../config/ManagedIdentityId";
		import { ManagedIdentityRequest } from "../../request/ManagedIdentityRequest";
		import { HttpMethod } from "../../utils/Constants";
		import { HttpMethod, ManagedIdentityIdType } from "../../utils/Constants";
		import { ManagedIdentityTokenResponse } from "../../response/ManagedIdentityTokenResponse";
		import { NodeStorage } from "../../cache/NodeStorage";
		import {
		ManagedIdentityErrorCodes,
		createManagedIdentityError,
		} from "../../error/ManagedIdentityError";

		/**
		* Managed Identity User Assigned Id Query Parameter Names
		*/
		export const ManagedIdentityUserAssignedIdQueryParameterNames = {
		MANAGED_IDENTITY_CLIENT_ID: "client_id",
		MANAGED_IDENTITY_OBJECT_ID: "object_id",
		MANAGED_IDENTITY_RESOURCE_ID: "mi_res_id",
		} as const;
		export type ManagedIdentityUserAssignedIdQueryParameterNames =
		(typeof ManagedIdentityUserAssignedIdQueryParameterNames)[keyof typeof ManagedIdentityUserAssignedIdQueryParameterNames];

		export abstract class BaseManagedIdentitySource {
		@@ -109,4 +125,6 @@ protected logger: Logger;
		headers[HeaderNames.CONTENT_TYPE] = Constants.URL_FORM_CONTENT_TYPE;

		const networkRequestOptions: NetworkRequestOptions = { headers };
		if (managedIdentityRequest.forceRefresh) {

		if (Object.keys(networkRequest.bodyParameters).length) {
		networkRequestOptions.body =
		@@ -172,2 +190,52 @@ networkRequest.computeParametersBodyString();
		}

		public getManagedIdentityUserAssignedIdQueryParameterKey(
		managedIdentityIdType: ManagedIdentityIdType
		): string {
		switch (managedIdentityIdType) {
		case ManagedIdentityIdType.USER_ASSIGNED_CLIENT_ID:
		this.logger.info(
		"[Managed Identity] Adding user assigned client id to the request."
		);
		return ManagedIdentityUserAssignedIdQueryParameterNames.MANAGED_IDENTITY_CLIENT_ID;

		case ManagedIdentityIdType.USER_ASSIGNED_RESOURCE_ID:
		this.logger.info(
		"[Managed Identity] Adding user assigned resource id to the request."
		);
		return ManagedIdentityUserAssignedIdQueryParameterNames.MANAGED_IDENTITY_RESOURCE_ID;

		case ManagedIdentityIdType.USER_ASSIGNED_OBJECT_ID:
		this.logger.info(
		"[Managed Identity] Adding user assigned object id to the request."
		);
		return ManagedIdentityUserAssignedIdQueryParameterNames.MANAGED_IDENTITY_OBJECT_ID;
		default:
		throw createManagedIdentityError(
		ManagedIdentityErrorCodes.invalidManagedIdentityIdType
		);
		}
		}

		public static getValidatedEnvVariableUrlString = (
		envVariableStringName: string,
		envVariable: string,
		sourceName: string,
		logger: Logger
		): string => {
		try {
		return new UrlString(envVariable).urlString;
		} catch (error) {
		logger.info(
		`[Managed Identity] ${sourceName} managed identity is unavailable because the '${envVariableStringName}' environment variable is malformed.`
		);

		throw createManagedIdentityError(
		ManagedIdentityErrorCodes
		.MsiEnvironmentVariableUrlMalformedErrorCodes[
		envVariableStringName
		]
		);
		}
		};
		}

101

src/client/ManagedIdentitySources/CloudShell.ts

		@@ -6,15 +6,100 @@ /*

		import { ManagedIdentityId } from "../../config/ManagedIdentityId";
		import { INetworkModule, Logger } from "@azure/msal-common";
		import { ManagedIdentityRequestParameters } from "../../config/ManagedIdentityRequestParameters";
		import { BaseManagedIdentitySource } from "./BaseManagedIdentitySource";
		import { NodeStorage } from "../../cache/NodeStorage";
		import { CryptoProvider } from "../../crypto/CryptoProvider";
		import {
		HttpMethod,
		METADATA_HEADER_NAME,
		ManagedIdentityEnvironmentVariableNames,
		ManagedIdentityIdType,
		ManagedIdentitySourceNames,
		RESOURCE_BODY_OR_QUERY_PARAMETER_NAME,
		} from "../../utils/Constants";
		import {
		ManagedIdentityErrorCodes,
		createManagedIdentityError,
		} from "../../error/ManagedIdentityError";
		import { ManagedIdentityId } from "../../config/ManagedIdentityId";

		/**
		* Original source of code: https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/CloudShellManagedIdentitySource.cs
		*/
		export class CloudShell extends BaseManagedIdentitySource {
		public createRequest(
		// eslint-disable-next-line @typescript-eslint/no-unused-vars
		_resource: string,
		// eslint-disable-next-line @typescript-eslint/no-unused-vars
		_managedIdentityId: ManagedIdentityId
		): ManagedIdentityRequestParameters {
		throw new Error("Method not implemented.");
		private msiEndpoint: string;

		constructor(
		logger: Logger,
		nodeStorage: NodeStorage,
		networkClient: INetworkModule,
		cryptoProvider: CryptoProvider,
		msiEndpoint: string
		) {
		super(logger, nodeStorage, networkClient, cryptoProvider);

		this.msiEndpoint = msiEndpoint;
		}

		public static tryCreate(
		logger: Logger,
		nodeStorage: NodeStorage,
		networkClient: INetworkModule,
		cryptoProvider: CryptoProvider,
		managedIdentityId: ManagedIdentityId
		): CloudShell \| null {
		const msiEndpoint: string \| undefined =
		process.env[ManagedIdentityEnvironmentVariableNames.MSI_ENDPOINT];

		// if the msi endpoint environment variable is undefined, this MSI provider is unavailable.
		if (!msiEndpoint) {
		logger.info(
		`[Managed Identity] ${ManagedIdentitySourceNames.CLOUD_SHELL} managed identity is unavailable because the '${ManagedIdentityEnvironmentVariableNames.MSI_ENDPOINT} environment variable is not defined.`
		);
		return null;
		}

		const validatedMsiEndpoint: string =
		CloudShell.getValidatedEnvVariableUrlString(
		ManagedIdentityEnvironmentVariableNames.MSI_ENDPOINT,
		msiEndpoint,
		ManagedIdentitySourceNames.CLOUD_SHELL,
		logger
		);

		logger.info(
		`[Managed Identity] Environment variable validation passed for ${ManagedIdentitySourceNames.CLOUD_SHELL} managed identity. Endpoint URI: ${validatedMsiEndpoint}. Creating ${ManagedIdentitySourceNames.CLOUD_SHELL} managed identity.`
		);

		if (
		managedIdentityId.idType !== ManagedIdentityIdType.SYSTEM_ASSIGNED
		) {
		throw createManagedIdentityError(
		ManagedIdentityErrorCodes.unableToCreateCloudShell
		);
		}

		return new CloudShell(
		logger,
		nodeStorage,
		networkClient,
		cryptoProvider,
		msiEndpoint
		);
		}

		public createRequest(resource: string): ManagedIdentityRequestParameters {
		const request: ManagedIdentityRequestParameters =
		new ManagedIdentityRequestParameters(
		HttpMethod.POST,
		this.msiEndpoint
		);

		request.headers[METADATA_HEADER_NAME] = "true";

		request.bodyParameters[RESOURCE_BODY_OR_QUERY_PARAMETER_NAME] =
		resource;

		return request;
		}
		}

94

src/client/ManagedIdentitySources/Imds.ts

		@@ -12,8 +12,9 @@ /*
		import {
		API_VERSION_QUERY_PARAMETER_NAME,
		HttpMethod,
		MANAGED_IDENTITY_CLIENT_ID,
		MANAGED_IDENTITY_OBJECT_ID,
		MANAGED_IDENTITY_RESOURCE_ID,
		METADATA_HEADER_NAME,
		ManagedIdentityEnvironmentVariableNames,
		ManagedIdentityIdType,
		ManagedIdentitySourceNames,
		RESOURCE_BODY_OR_QUERY_PARAMETER_NAME,
		} from "../../utils/Constants";
		@@ -30,3 +31,3 @@ import { NodeStorage } from "../../cache/NodeStorage";
		export class Imds extends BaseManagedIdentitySource {
		private endpoint: string;
		private identityEndpoint: string;

		@@ -38,7 +39,7 @@ constructor(
		cryptoProvider: CryptoProvider,
		endpoint: string
		identityEndpoint: string
		) {
		super(logger, nodeStorage, networkClient, cryptoProvider);

		this.endpoint = endpoint;
		this.identityEndpoint = identityEndpoint;
		}
		@@ -52,14 +53,36 @@
		): Imds {
		let endpoint: string;
		let validatedIdentityEndpoint: string;

		if (process.env["AZURE_POD_IDENTITY_AUTHORITY_HOST"]) {
		if (
		process.env[
		ManagedIdentityEnvironmentVariableNames
		.AZURE_POD_IDENTITY_AUTHORITY_HOST
		]
		) {
		logger.info(
		`[Managed Identity] Environment variable AZURE_POD_IDENTITY_AUTHORITY_HOST for IMDS returned endpoint: ${process.env["AZURE_POD_IDENTITY_AUTHORITY_HOST"]}`
		`[Managed Identity] Environment variable ${
		ManagedIdentityEnvironmentVariableNames.AZURE_POD_IDENTITY_AUTHORITY_HOST
		} for ${ManagedIdentitySourceNames.IMDS} returned endpoint: ${
		process.env[
		ManagedIdentityEnvironmentVariableNames
		.AZURE_POD_IDENTITY_AUTHORITY_HOST
		]
		}`
		);
		endpoint = `${process.env["AZURE_POD_IDENTITY_AUTHORITY_HOST"]}${IMDS_TOKEN_PATH}`;
		validatedIdentityEndpoint = Imds.getValidatedEnvVariableUrlString(
		ManagedIdentityEnvironmentVariableNames.AZURE_POD_IDENTITY_AUTHORITY_HOST,
		`${
		process.env[
		ManagedIdentityEnvironmentVariableNames
		.AZURE_POD_IDENTITY_AUTHORITY_HOST
		]
		}${IMDS_TOKEN_PATH}`,
		ManagedIdentitySourceNames.IMDS,
		logger
		);
		} else {
		logger.info(
		"[Managed Identity] Unable to find AZURE_POD_IDENTITY_AUTHORITY_HOST environment variable for IMDS, using the default endpoint."
		`[Managed Identity] Unable to find ${ManagedIdentityEnvironmentVariableNames.AZURE_POD_IDENTITY_AUTHORITY_HOST} environment variable for ${ManagedIdentitySourceNames.IMDS}, using the default endpoint.`
		);
		endpoint = DEFAULT_IMDS_ENDPOINT;
		validatedIdentityEndpoint = DEFAULT_IMDS_ENDPOINT;
		}
		@@ -72,3 +95,3 @@
		cryptoProvider,
		endpoint
		validatedIdentityEndpoint
		);
		@@ -82,37 +105,28 @@ }
		const request: ManagedIdentityRequestParameters =
		new ManagedIdentityRequestParameters(HttpMethod.GET, this.endpoint);
		new ManagedIdentityRequestParameters(
		HttpMethod.GET,
		this.identityEndpoint
		);

		request.headers[METADATA_HEADER_NAME] = "true";
		request.queryParameters["api-version"] = IMDS_API_VERSION;
		request.queryParameters["resource"] = resource;
		// bodyParameters calculated in BaseManagedIdentity.acquireTokenWithManagedIdentity

		switch (managedIdentityId.idType) {
		case ManagedIdentityIdType.USER_ASSIGNED_CLIENT_ID:
		this.logger.info(
		"[Managed Identity] Adding user assigned client id to the request."
		);
		request.queryParameters[MANAGED_IDENTITY_CLIENT_ID] =
		managedIdentityId.id;
		break;
		request.queryParameters[API_VERSION_QUERY_PARAMETER_NAME] =
		IMDS_API_VERSION;
		request.queryParameters[RESOURCE_BODY_OR_QUERY_PARAMETER_NAME] =
		resource;

		case ManagedIdentityIdType.USER_ASSIGNED_RESOURCE_ID:
		this.logger.info(
		"[Managed Identity] Adding user assigned resource id to the request."
		);
		request.queryParameters[MANAGED_IDENTITY_RESOURCE_ID] =
		managedIdentityId.id;
		break;

		case ManagedIdentityIdType.USER_ASSIGNED_OBJECT_ID:
		this.logger.info(
		"[Managed Identity] Adding user assigned object id to the request."
		);
		request.queryParameters[MANAGED_IDENTITY_OBJECT_ID] =
		managedIdentityId.id;
		break;
		if (
		managedIdentityId.idType !== ManagedIdentityIdType.SYSTEM_ASSIGNED
		) {
		request.queryParameters[
		this.getManagedIdentityUserAssignedIdQueryParameterKey(
		managedIdentityId.idType
		)
		] = managedIdentityId.id;
		}

		// bodyParameters calculated in BaseManagedIdentity.acquireTokenWithManagedIdentity

		return request;
		}
		}

131

src/client/ManagedIdentitySources/ServiceFabric.ts

		@@ -6,15 +6,136 @@ /*

		import { INetworkModule, Logger } from "@azure/msal-common";
		import { ManagedIdentityId } from "../../config/ManagedIdentityId";
		import { ManagedIdentityRequestParameters } from "../../config/ManagedIdentityRequestParameters";
		import { BaseManagedIdentitySource } from "./BaseManagedIdentitySource";
		import { NodeStorage } from "../../cache/NodeStorage";
		import { CryptoProvider } from "../../crypto/CryptoProvider";
		import {
		API_VERSION_QUERY_PARAMETER_NAME,
		HttpMethod,
		ManagedIdentityEnvironmentVariableNames,
		ManagedIdentityIdType,
		ManagedIdentitySourceNames,
		RESOURCE_BODY_OR_QUERY_PARAMETER_NAME,
		SERVICE_FABRIC_SECRET_HEADER_NAME,
		} from "../../utils/Constants";

		// MSI Constants. Docs for MSI are available here https://docs.microsoft.com/azure/app-service/overview-managed-identity
		const SERVICE_FABRIC_MSI_API_VERSION: string = "2019-07-01-preview";

		/**
		* Original source of code: https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/ServiceFabricManagedIdentitySource.cs
		*/
		export class ServiceFabric extends BaseManagedIdentitySource {
		private identityEndpoint: string;
		private identityHeader: string;

		constructor(
		logger: Logger,
		nodeStorage: NodeStorage,
		networkClient: INetworkModule,
		cryptoProvider: CryptoProvider,
		identityEndpoint: string,
		identityHeader: string
		) {
		super(logger, nodeStorage, networkClient, cryptoProvider);

		this.identityEndpoint = identityEndpoint;
		this.identityHeader = identityHeader;
		}

		public static tryCreate(
		logger: Logger,
		nodeStorage: NodeStorage,
		networkClient: INetworkModule,
		cryptoProvider: CryptoProvider,
		managedIdentityId: ManagedIdentityId
		): ServiceFabric \| null {
		const identityEndpoint: string \| undefined =
		process.env[
		ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT
		];
		const identityHeader: string \| undefined =
		process.env[
		ManagedIdentityEnvironmentVariableNames.IDENTITY_HEADER
		];
		const identityServerThumbprint: string \| undefined =
		process.env[
		ManagedIdentityEnvironmentVariableNames
		.IDENTITY_SERVER_THUMBPRINT
		];

		/*
		* if either of the identity endpoint, identity header, or identity server thumbprint
		* environment variables are undefined, this MSI provider is unavailable.
		*/
		if (!identityEndpoint \|\| !identityHeader \|\| !identityServerThumbprint) {
		logger.info(
		`[Managed Identity] ${ManagedIdentitySourceNames.SERVICE_FABRIC} managed identity is unavailable because one or all of the '${ManagedIdentityEnvironmentVariableNames.IDENTITY_HEADER}', '${ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT}' or '${ManagedIdentityEnvironmentVariableNames.IDENTITY_SERVER_THUMBPRINT}' environment variables are not defined.`
		);
		return null;
		}

		const validatedIdentityEndpoint: string =
		ServiceFabric.getValidatedEnvVariableUrlString(
		ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT,
		identityEndpoint,
		ManagedIdentitySourceNames.SERVICE_FABRIC,
		logger
		);

		logger.info(
		`[Managed Identity] Environment variables validation passed for ${ManagedIdentitySourceNames.SERVICE_FABRIC} managed identity. Endpoint URI: ${validatedIdentityEndpoint}. Creating ${ManagedIdentitySourceNames.SERVICE_FABRIC} managed identity.`
		);

		if (
		managedIdentityId.idType !== ManagedIdentityIdType.SYSTEM_ASSIGNED
		) {
		logger.warning(
		`[Managed Identity] ${ManagedIdentitySourceNames.SERVICE_FABRIC} user assigned managed identity is configured in the cluster, not during runtime. See also: https://learn.microsoft.com/en-us/azure/service-fabric/configure-existing-cluster-enable-managed-identity-token-service.`
		);
		}

		return new ServiceFabric(
		logger,
		nodeStorage,
		networkClient,
		cryptoProvider,
		identityEndpoint,
		identityHeader
		);
		}

		public createRequest(
		// eslint-disable-next-line @typescript-eslint/no-unused-vars
		_resource: string,
		// eslint-disable-next-line @typescript-eslint/no-unused-vars
		_managedIdentityId: ManagedIdentityId
		resource: string,
		managedIdentityId: ManagedIdentityId
		): ManagedIdentityRequestParameters {
		throw new Error("Method not implemented.");
		const request: ManagedIdentityRequestParameters =
		new ManagedIdentityRequestParameters(
		HttpMethod.GET,
		this.identityEndpoint
		);

		request.headers[SERVICE_FABRIC_SECRET_HEADER_NAME] =
		this.identityHeader;

		request.queryParameters[API_VERSION_QUERY_PARAMETER_NAME] =
		SERVICE_FABRIC_MSI_API_VERSION;
		request.queryParameters[RESOURCE_BODY_OR_QUERY_PARAMETER_NAME] =
		resource;

		if (
		managedIdentityId.idType !== ManagedIdentityIdType.SYSTEM_ASSIGNED
		) {
		request.queryParameters[
		this.getManagedIdentityUserAssignedIdQueryParameterKey(
		managedIdentityId.idType
		)
		] = managedIdentityId.id;
		}

		// bodyParameters calculated in BaseManagedIdentity.acquireTokenWithManagedIdentity

		return request;
		}
		}

60

src/config/Configuration.ts

		@@ -22,2 +22,9 @@ /*
		import { ManagedIdentityId } from "./ManagedIdentityId.js";
		import {
		MANAGED_IDENTITY_HTTP_STATUS_CODES_TO_RETRY_ON,
		MANAGED_IDENTITY_MAX_RETRIES,
		MANAGED_IDENTITY_RETRY_DELAY,
		} from "../utils/Constants.js";
		import { LinearRetryPolicy } from "../retry/LinearRetryPolicy.js";
		import { HttpClientWithRetries } from "../network/HttpClientWithRetries.js";

		@@ -88,2 +95,3 @@ /**
		customAgentOptions?: http.AgentOptions \| https.AgentOptions;
		disableInternalRetries?: boolean;
		};
		@@ -163,2 +171,3 @@
		customAgentOptions: {} as http.AgentOptions \| https.AgentOptions,
		disableInternalRetries: false,
		};
		@@ -204,8 +213,6 @@
		system?.proxyUrl,
		system?.customAgentOptions as
		\| http.AgentOptions
		\| https.AgentOptions,
		false // Managed Identity
		system?.customAgentOptions as http.AgentOptions \| https.AgentOptions
		),
		loggerOptions: system?.loggerOptions \|\| DEFAULT_LOGGER_OPTIONS,
		disableInternalRetries: system?.disableInternalRetries \|\| false,
		};
		@@ -224,3 +231,5 @@
		managedIdentityId: ManagedIdentityId;
		system: Required<NodeSystemOptions>;
		system: Required<
		Pick<NodeSystemOptions, "loggerOptions" \| "networkClient">
		>;
		};
		@@ -236,18 +245,37 @@

		const systemOptions: Required<NodeSystemOptions> = {
		...DEFAULT_SYSTEM_OPTIONS,
		loggerOptions: system?.loggerOptions \|\| DEFAULT_LOGGER_OPTIONS,
		networkClient: new HttpClient(
		const loggerOptions: LoggerOptions =
		system?.loggerOptions \|\| DEFAULT_LOGGER_OPTIONS;

		let networkClient: INetworkModule;
		// use developer provided network client if passed in
		if (system?.networkClient) {
		networkClient = system.networkClient;
		// otherwise, create a new one
		} else {
		networkClient = new HttpClient(
		system?.proxyUrl,
		system?.customAgentOptions as
		\| http.AgentOptions
		\| https.AgentOptions,
		true // Managed Identity
		),
		};
		system?.customAgentOptions as http.AgentOptions \| https.AgentOptions
		);
		}

		// wrap the network client with a retry policy if the developer has not disabled the option to do so
		if (!system?.disableInternalRetries) {
		const linearRetryPolicy: LinearRetryPolicy = new LinearRetryPolicy(
		MANAGED_IDENTITY_MAX_RETRIES,
		MANAGED_IDENTITY_RETRY_DELAY,
		MANAGED_IDENTITY_HTTP_STATUS_CODES_TO_RETRY_ON
		);
		networkClient = new HttpClientWithRetries(
		networkClient,
		linearRetryPolicy
		);
		}

		return {
		managedIdentityId: managedIdentityId,
		system: { ...systemOptions, ...system },
		system: {
		loggerOptions,
		networkClient,
		},
		};
		}

7

src/config/ManagedIdentityRequestParameters.ts

		@@ -46,9 +46,4 @@ /*

		const bodyParametersString = parameterBuilder.createQueryString();

		return UrlString.appendQueryString(
		this._baseEndpoint,
		bodyParametersString
		);
		return parameterBuilder.createQueryString();
		}
		}

17

src/error/ManagedIdentityError.ts

		@@ -8,2 +8,3 @@ /*
		import * as ManagedIdentityErrorCodes from "./ManagedIdentityErrorCodes";
		import { ManagedIdentityEnvironmentVariableNames } from "../utils/Constants";
		export { ManagedIdentityErrorCodes };
		@@ -21,4 +22,16 @@
		"A ManagedIdentityId id was not provided.",
		[ManagedIdentityErrorCodes.MsiEnvironmentVariableUrlMalformedErrorCodes
		.AZURE_POD_IDENTITY_AUTHORITY_HOST]: `The Managed Identity's '${ManagedIdentityEnvironmentVariableNames.AZURE_POD_IDENTITY_AUTHORITY_HOST}' environment variable is malformed.`,
		[ManagedIdentityErrorCodes.MsiEnvironmentVariableUrlMalformedErrorCodes
		.IDENTITY_ENDPOINT]: `The Managed Identity's '${ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT}' environment variable is malformed.`,
		[ManagedIdentityErrorCodes.MsiEnvironmentVariableUrlMalformedErrorCodes
		.IMDS_ENDPOINT]: `The Managed Identity's '${ManagedIdentityEnvironmentVariableNames.IMDS_ENDPOINT}' environment variable is malformed.`,
		[ManagedIdentityErrorCodes.MsiEnvironmentVariableUrlMalformedErrorCodes
		.MSI_ENDPOINT]: `The Managed Identity's '${ManagedIdentityEnvironmentVariableNames.MSI_ENDPOINT}' environment variable is malformed.`,
		[ManagedIdentityErrorCodes.networkUnavailable]:
		"Authentication unavailable. The request to the managed identity endpoint timed out.",
		[ManagedIdentityErrorCodes.unableToCreateAzureArc]:
		"Azure Arc Managed Identities can only be system assigned.",
		[ManagedIdentityErrorCodes.unableToCreateCloudShell]:
		"Cloud Shell Managed Identities can only be system assigned.",
		[ManagedIdentityErrorCodes.unableToCreateSource]:
		@@ -28,4 +41,4 @@ "Unable to create a Managed Identity source based on environment variables.",
		"Unable to read the secret file.",
		[ManagedIdentityErrorCodes.urlParseError]:
		"The Managed Identity's 'IDENTITY_ENDPOINT' environment variable is malformed.",
		[ManagedIdentityErrorCodes.userAssignedNotAvailableAtRuntime]:
		"Service Fabric user assigned managed identity ClientId or ResourceId is not configurable at runtime.",
		[ManagedIdentityErrorCodes.wwwAuthenticateHeaderMissing]:
		@@ -32,0 +45,0 @@ "A 401 response was received form the Azure Arc Managed Identity, but the www-authenticate header is missing.",

19

src/error/ManagedIdentityErrorCodes.ts

		@@ -6,11 +6,30 @@ /*

		import { ManagedIdentityEnvironmentVariableNames } from "../utils/Constants";

		export const invalidManagedIdentityIdType = "invalid_managed_identity_id_type";
		export const invalidResource = "invalid_resource";
		export const missingId = "missing_client_id";
		export const networkUnavailable = "network_unavailable";
		export const unableToCreateAzureArc = "unable_to_create_azure_arc";
		export const unableToCreateCloudShell = "unable_to_create_cloud_shell";
		export const unableToCreateSource = "unable_to_create_source";
		export const unableToReadSecretFile = "unable_to_read_secret_file";
		export const urlParseError = "url_parse_error";
		export const userAssignedNotAvailableAtRuntime =
		"user_assigned_not_available_at_runtime";
		export const wwwAuthenticateHeaderMissing = "www_authenticate_header_missing";
		export const wwwAuthenticateHeaderUnsupportedFormat =
		"www_authenticate_header_unsupported_format";

		export const MsiEnvironmentVariableUrlMalformedErrorCodes = {
		[ManagedIdentityEnvironmentVariableNames.AZURE_POD_IDENTITY_AUTHORITY_HOST]:
		"azure_pod_identity_authority_host_url_malformed",
		[ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT]:
		"identity_endpoint_url_malformed",
		[ManagedIdentityEnvironmentVariableNames.IMDS_ENDPOINT]:
		"imds_endpoint_url_malformed",
		[ManagedIdentityEnvironmentVariableNames.MSI_ENDPOINT]:
		"msi_endpoint_url_malformed",
		} as const;
		export type MsiEnvironmentVariableErrorCodes =
		(typeof MsiEnvironmentVariableUrlMalformedErrorCodes)[keyof typeof MsiEnvironmentVariableUrlMalformedErrorCodes];

17

src/network/HttpClient.ts

		@@ -23,12 +23,9 @@ /*
		private customAgentOptions: http.AgentOptions \| https.AgentOptions;
		private managedIdentity: boolean;

		constructor(
		proxyUrl?: string,
		customAgentOptions?: http.AgentOptions \| https.AgentOptions,
		managedIdentity?: boolean
		customAgentOptions?: http.AgentOptions \| https.AgentOptions
		) {
		this.proxyUrl = proxyUrl \|\| "";
		this.customAgentOptions = customAgentOptions \|\| {};
		this.managedIdentity = managedIdentity \|\| false;
		}
		@@ -59,4 +56,3 @@
		this.customAgentOptions as https.AgentOptions,
		undefined,
		this.managedIdentity
		undefined
		);
		@@ -91,4 +87,3 @@ }
		this.customAgentOptions as https.AgentOptions,
		cancellationToken,
		this.managedIdentity
		cancellationToken
		);
		@@ -289,4 +284,3 @@ }
		agentOptions?: https.AgentOptions,
		timeout?: number,
		managedIdentity?: boolean
		timeout?: number
		): Promise<NetworkResponse<T>> => {
		@@ -322,3 +316,4 @@ const isPostRequest = httpMethod === HttpMethod.POST;
		let request: http.ClientRequest;
		if (managedIdentity) {
		// managed identity sources use http instead of https
		if (customOptions.protocol === "http:") {
		request = http.request(customOptions);
		@@ -325,0 +320,0 @@ } else {

2

src/packageMetadata.ts

		/* eslint-disable header/header */
		export const name = "@azure/msal-node";
		export const version = "2.7.0-alpha.0";
		export const version = "2.7.0";

50

src/utils/Constants.ts

		@@ -6,10 +6,11 @@ /*

		import { HttpStatus } from "@azure/msal-common";

		// MSI Constants. Docs for MSI are available here https://docs.microsoft.com/azure/app-service/overview-managed-identity
		export const AUTHORIZATION_HEADER_NAME: string = "Authorization";
		export const METADATA_HEADER_NAME: string = "Metadata";
		export const SECRET_HEADER_NAME: string = "X-IDENTITY-HEADER";

		export const MANAGED_IDENTITY_CLIENT_ID = "client_id";
		export const MANAGED_IDENTITY_OBJECT_ID = "object_id";
		export const MANAGED_IDENTITY_RESOURCE_ID = "mi_res_id";
		export const APP_SERVICE_SECRET_HEADER_NAME: string = "X-IDENTITY-HEADER";
		export const SERVICE_FABRIC_SECRET_HEADER_NAME: string = "secret";
		export const API_VERSION_QUERY_PARAMETER_NAME: string = "api-version";
		export const RESOURCE_BODY_OR_QUERY_PARAMETER_NAME: string = "resource";
		export const DEFAULT_MANAGED_IDENTITY_ID = "system_assigned_managed_identity";
		@@ -19,6 +20,30 @@ export const MANAGED_IDENTITY_DEFAULT_TENANT = "managed_identity";

		export const MANAGED_IDENTITY_TIMEOUT_ERROR: string =
		"[Managed Identity] Authentication unavailable. The request to the managed identity endpoint timed out.";
		/**
		* Managed Identity Environment Variable Names
		*/
		export const ManagedIdentityEnvironmentVariableNames = {
		AZURE_POD_IDENTITY_AUTHORITY_HOST: "AZURE_POD_IDENTITY_AUTHORITY_HOST",
		IDENTITY_ENDPOINT: "IDENTITY_ENDPOINT",
		IDENTITY_HEADER: "IDENTITY_HEADER",
		IDENTITY_SERVER_THUMBPRINT: "IDENTITY_SERVER_THUMBPRINT",
		IMDS_ENDPOINT: "IMDS_ENDPOINT",
		MSI_ENDPOINT: "MSI_ENDPOINT",
		} as const;
		export type ManagedIdentityEnvironmentVariableNames =
		(typeof ManagedIdentityEnvironmentVariableNames)[keyof typeof ManagedIdentityEnvironmentVariableNames];

		/**
		* Managed Identity Source Names
		*/
		export const ManagedIdentitySourceNames = {
		APP_SERVICE: "App Service",
		AZURE_ARC: "Azure Arc",
		CLOUD_SHELL: "Cloud Shell",
		IMDS: "IMDS",
		SERVICE_FABRIC: "Service Fabric",
		} as const;
		export type ManagedIdentitySourceNames =
		(typeof ManagedIdentitySourceNames)[keyof typeof ManagedIdentitySourceNames];

		/**
		* Managed Identity Ids
		@@ -133,1 +158,12 @@ */
		};

		export const MANAGED_IDENTITY_MAX_RETRIES = 3;
		export const MANAGED_IDENTITY_RETRY_DELAY = 1000;
		export const MANAGED_IDENTITY_HTTP_STATUS_CODES_TO_RETRY_ON = [
		HttpStatus.NOT_FOUND,
		HttpStatus.REQUEST_TIMEOUT,
		HttpStatus.TOO_MANY_REQUESTS,
		HttpStatus.INTERNAL_SERVER_ERROR,
		HttpStatus.SERVICE_UNAVAILABLE,
		HttpStatus.GATEWAY_TIMEOUT,
		];

dist/cache/distributed/DistributedCachePlugin.cjs