(options)
| 77080 | } |
| 77081 | function getChallenge(response) { |
| 77082 | const challenge = response.headers.get("WWW-Authenticate"); |
| 77083 | if (response.status === 401 && challenge) { |
| 77084 | return challenge; |
| 77085 | } |
| 77086 | return; |
| 77087 | } |
| 77088 | function bearerTokenAuthenticationPolicy(options) { |
| 77089 | var _a5; |
| 77090 | const { credential, scopes, challengeCallbacks } = options; |
| 77091 | const logger3 = options.logger || logger; |
| 77092 | const callbacks = Object.assign({ authorizeRequest: (_a5 = challengeCallbacks === null || challengeCallbacks === void 0 ? void 0 : challengeCallbacks.authorizeRequest) !== null && _a5 !== void 0 ? _a5 : defaultAuthorizeRequest, authorizeRequestOnChallenge: challengeCallbacks === null || challengeCallbacks === void 0 ? void 0 : challengeCallbacks.authorizeRequestOnChallenge }, challengeCallbacks); |
| 77093 | const getAccessToken = credential ? createTokenCycler( |
| 77094 | credential |
| 77095 | /* , options */ |
| 77096 | ) : () => Promise.resolve(null); |
| 77097 | return { |
| 77098 | name: bearerTokenAuthenticationPolicyName, |
| 77099 | /** |
| 77100 | * If there's no challenge parameter: |
| 77101 | * - It will try to retrieve the token using the cache, or the credential's getToken. |
| 77102 | * - Then it will try the next policy with or without the retrieved token. |
| 77103 | * |
| 77104 | * It uses the challenge parameters to: |
| 77105 | * - Skip a first attempt to get the token from the credential if there's no cached token, |
| 77106 | * since it expects the token to be retrievable only after the challenge. |
| 77107 | * - Prepare the outgoing request if the `prepareRequest` method has been provided. |
| 77108 | * - Send an initial request to receive the challenge if it fails. |
| 77109 | * - Process a challenge if the response contains it. |
| 77110 | * - Retrieve a token with the challenge information, then re-send the request. |
| 77111 | */ |
| 77112 | async sendRequest(request3, next) { |
| 77113 | if (!request3.url.toLowerCase().startsWith("https://")) { |
| 77114 | throw new Error("Bearer token authentication is not permitted for non-TLS protected (non-https) URLs."); |
| 77115 | } |
| 77116 | await callbacks.authorizeRequest({ |
| 77117 | scopes: Array.isArray(scopes) ? scopes : [scopes], |
| 77118 | request: request3, |
| 77119 | getAccessToken, |
| 77120 | logger: logger3 |
| 77121 | }); |
| 77122 | let response; |
| 77123 | let error; |
| 77124 | try { |
| 77125 | response = await next(request3); |
| 77126 | } catch (err) { |
| 77127 | error = err; |
| 77128 | response = err.response; |
| 77129 | } |
| 77130 | if (callbacks.authorizeRequestOnChallenge && (response === null || response === void 0 ? void 0 : response.status) === 401 && getChallenge(response)) { |
| 77131 | const shouldSendRequest = await callbacks.authorizeRequestOnChallenge({ |
| 77132 | scopes: Array.isArray(scopes) ? scopes : [scopes], |
| 77133 | request: request3, |
| 77134 | response, |
| 77135 | getAccessToken, |
| 77136 | logger: logger3 |
| 77137 | }); |
| 77138 | if (shouldSendRequest) { |
| 77139 | return next(request3); |
no test coverage detected
searching dependent graphs…