in src/core/account.ts [34:91]
export async function authenticateWithAzureIdentity(details: LoginDetails = {}, useKeychain = true, clearCache = false): Promise<TokenCredential> {
logger.silly("Executing authenticateWithAzureIdentity");
logger.silly({ details, useKeychain });
let tokenCachePersistenceOptions: TokenCachePersistenceOptions = {
enabled: false,
name: "swa-cli-persistence-plugin",
unsafeAllowUnencryptedStorage: false,
};
if (useKeychain === true) {
logger.silly("Keychain is enabled");
useIdentityPlugin(swaCliPersistencePlugin);
tokenCachePersistenceOptions.enabled = true;
if (clearCache) {
logger.silly("Clearing keychain credentials");
await new SWACLIPersistenceCachePlugin(tokenCachePersistenceOptions).clearCache();
}
} else {
logger.silly("Keychain is disabled");
tokenCachePersistenceOptions.enabled = false;
}
const browserCredential = new InteractiveBrowserCredential({
redirectUri: `http://localhost:31337`,
tokenCachePersistenceOptions,
tenantId: details.tenantId,
});
const deviceCredential = new DeviceCodeCredential({
tokenCachePersistenceOptions,
tenantId: details.tenantId,
});
const environmentCredential = new EnvironmentCredential();
const azureCliCredential = new AzureCliCredential({
tenantId: details.tenantId,
});
// Only use interactive browser credential if we're not running in docker
const credentials = isRunningInDocker()
? [environmentCredential, azureCliCredential, deviceCredential]
: [environmentCredential, azureCliCredential, browserCredential, deviceCredential];
if (details.tenantId && details.clientId && details.clientSecret) {
const clientSecretCredential = new ClientSecretCredential(details.tenantId, details.clientId, details.clientSecret, {
tokenCachePersistenceOptions,
});
// insert at the beginning of the array to ensure that it is tried first
credentials.unshift(clientSecretCredential);
}
return new ChainedTokenCredential(...credentials);
}