[identity] Remove machine-code-dependent codepaths (#15024) (#15041)

* [identity] Remove machine-code-dependent codepaths

* Linter fixes

* Disable broken perf test

* Added missing import back

sdk/identity/identity/CHANGELOG.md

@@ -4,14 +4,17 @@
 
 ### New features
 
+- Azure Identity for JavaScript no longer carries any native dependencies (neither ordinary, peer, nor optional dependencies). Previous distributions of `@azure/identity` carried an optional dependency on `keytar`, which caused issues for some users in restrictive environments.
 - Updated the `@azure/msal-node` dependency to version `^1.0.2`, which allows cancelling of an ongoing `getToken()` operation on `DeviceCodeCredential`.
 - Fixed issue with the logging of success messages on the `DefaultAzureCredential` and the `ChainedTokenCredential`. These messages will now mention the internal credential that succeeded.
 - The feature of persistence caching of credentials (introduced in 2.0.0-beta.1) is now supported on Node.js 15 as well.
 - `AuthenticationRequiredError` (introduced in 2.0.0-beta.1) now has the same impact on `ChainedTokenCredential` as the `CredentialUnavailableError` which is to allow the next credential in the chain to be tried.
-- `ManagedIdentityCredential` now retries with exponential back-off when a request for a token fails with a 404 status code on environments with available IMDS endpoints. 
+- `ManagedIdentityCredential` now retries with exponential back-off when a request for a token fails with a 404 status code on environments with available IMDS endpoints.
 
 ### Breaking changes from 2.0.0-beta.1
 
+- Removed `VisualStudioCodeCredential`, as it requires us to list `keytar` as an optional dependency. `keytar` containes machine-code components that are difficult to build in certain environments, so this credential will be offered through a separate extension package in the future.
+- Removed token persistence through `@azure/msal-node-extensions`, as its machine-code components have the same problems as `keytar`. This functionality will similarly be reintroduced through a separate extension package in the future.
 - Removed `authenticationRecord`, `disableAutomaticAuthentication` and `authenticate()` from the credential `UsernamePasswordCredential`. While MSAL does support this, allowing `authenticationRecord` arguably could result in users authenticating through an account other than the one they're specifying with the username and the password.
 
 ## 2.0.0-beta.2 (2021-04-06)
@@ -38,7 +41,7 @@ This update marks the preview for the first major version update of the `@azure/
 
 ### Breaking changes
 
-- Changes to `InteractiveBrowserCredential` 
+- Changes to `InteractiveBrowserCredential`
   - When used in browser applications, the `InteractiveBrowserCredential` has been updated to use the [Auth Code Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow) with [PKCE](https://tools.ietf.org/html/rfc7636) rather than [Implicit Grant Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-implicit-grant-flow) by default to better support browsers with enhanced security restrictions. Please note that this credential always used the Auth Code Flow when used in Node.js applications. Read more on this in our [docs on Interactive Browser Credential](https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/interactive-browser-credential.md).
   - The default client ID used for `InteractiveBrowserCredential` was viable only in Node.js and not for the browser. Therefore, client Id is now a required parameter when constructing this credential in browser applications.
   - The `loginStyle` and `flow` options to the constructor for `InteractiveBrowserCredential` will now show up only when used in browser applications as these were never applicable to Node.js
@@ -53,7 +56,7 @@ This update marks the preview for the first major version update of the `@azure/
 - Changes to `InteractiveBrowserCredential`, `DeviceCodeCredential`, `ClientSecretCredential`, `ClientCertificateCredential` and `UsernamePasswordCredential`:
   - Migrated to use the latest MSAL. This update improves caching of tokens, significantly reducing the number of network requests.
   - Added the feature of persistence caching of credentials. This is driven by the new `tokenCachePersistenceOptions` option available in the options you pass to the credential constructors.
-     - For now, to use this feature, users will need to install `@azure/msal-node-extensions` [1.0.0-alpha.6](https://www.npmjs.com/package/@azure/msal-node-extensions/v/1.0.0-alpha.6) on their own. This experience will be improved in the next update.
+    - For now, to use this feature, users will need to install `@azure/msal-node-extensions` [1.0.0-alpha.6](https://www.npmjs.com/package/@azure/msal-node-extensions/v/1.0.0-alpha.6) on their own. This experience will be improved in the next update.
     - This feature uses DPAPI on Windows, it tries to use the Keychain on OSX and the Keyring on Linux.
     - To learn more on the usage, please refer to our docs on the `TokenCachePersistenceOptions` interface.
     - **IMPORTANT:** As part of this beta, this feature is only supported in Node 10, 12 and 14.
@@ -69,7 +72,7 @@ This update marks the preview for the first major version update of the `@azure/
 ### Other changes
 
 - Updated the `@azure/msal-node` dependency to `^1.0.0`.
-- `DefaultAzureCredential`'s implementation for browsers is simplified to throw the `BrowserNotSupportedError` in its constructor. Previously, we relied on getting the same error from trying to instantiate the different  credentials that `DefaultAzureCredential` supports in Node.js.
+- `DefaultAzureCredential`'s implementation for browsers is simplified to throw the `BrowserNotSupportedError` in its constructor. Previously, we relied on getting the same error from trying to instantiate the different credentials that `DefaultAzureCredential` supports in Node.js.
   - As before, please use only the `InteractiveBrowserCredential` in your browser applications.
 - For the `InteractiveBrowserCredential` for node, replaced the use of the `express` module with a native http server for Node, shrinking the resulting identity module considerably.
 

sdk/identity/identity/package.json

@@ -96,9 +96,6 @@
     "tslib": "^2.0.0",
     "uuid": "^8.3.0"
   },
-  "optionalDependencies": {
-    "keytar": "^7.6.0"
-  },
   "devDependencies": {
     "@azure/eslint-plugin-azure-sdk": "^3.0.0",
     "@azure/dev-tool": "^1.0.0",

sdk/identity/identity/review/identity.api.md

@@ -104,7 +104,6 @@ export class ClientCertificateCredential implements TokenCredential {
 // @public
 export interface ClientCertificateCredentialOptions extends TokenCredentialOptions {
     sendCertificateChain?: boolean;
-    tokenCachePersistenceOptions?: TokenCachePersistenceOptions;
 }
 
 // @public
@@ -115,7 +114,6 @@ export class ClientSecretCredential implements TokenCredential {
 
 // @public
 export interface ClientSecretCredentialOptions extends TokenCredentialOptions {
-    tokenCachePersistenceOptions?: TokenCachePersistenceOptions;
 }
 
 // @public
@@ -211,7 +209,6 @@ export type InteractiveBrowserCredentialOptions = TokenCredentialOptions & Inter
 export interface InteractiveCredentialOptions extends TokenCredentialOptions {
     authenticationRecord?: AuthenticationRecord;
     disableAutomaticAuthentication?: boolean;
-    tokenCachePersistenceOptions?: TokenCachePersistenceOptions;
 }
 
 // @public
@@ -227,12 +224,6 @@ export class ManagedIdentityCredential implements TokenCredential {
 // @public
 export function serializeAuthenticationRecord(record: AuthenticationRecord): string;
 
-// @public
-export interface TokenCachePersistenceOptions {
-    allowUnencryptedStorage?: boolean;
-    name?: string;
-}
-
 export { TokenCredential }
 
 // @public
@@ -248,18 +239,6 @@ export class UsernamePasswordCredential implements TokenCredential {
 
 // @public
 export interface UsernamePasswordCredentialOptions extends TokenCredentialOptions {
-    tokenCachePersistenceOptions?: TokenCachePersistenceOptions;
-}
-
-// @public
-export class VisualStudioCodeCredential implements TokenCredential {
-    constructor(options?: VisualStudioCodeCredentialOptions);
-    getToken(scopes: string | string[], _options?: GetTokenOptions): Promise<AccessToken>;
-    }
-
-// @public
-export interface VisualStudioCodeCredentialOptions extends TokenCredentialOptions {
-    tenantId?: string;
 }
 
 

sdk/identity/identity/src/credentials/clientCertificateCredentialOptions.ts

@@ -2,7 +2,6 @@
 // Licensed under the MIT license.
 
 import { TokenCredentialOptions } from "../client/identityClient";
-import { TokenCachePersistenceOptions } from "../tokenCache/persistencePlatforms";
 
 /**
  * Optional parameters for the {@link ClientCertificateCredential} class.
@@ -13,16 +12,4 @@ export interface ClientCertificateCredentialOptions extends TokenCredentialOptio
    * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim
    */
   sendCertificateChain?: boolean;
-
-  /**
-   * To provide a persistence layer to store the credentials,
-   * we allow users to optionally specify {@link TokenCachePersistenceOptions} for their credential.
-   *
-   * This feature is not currently available on Node 8 or earlier versions of Node JS.
-   *
-   * This persistence layer uses DPAPI on Windows.
-   * On OSX (Darwin) it tries to use the system's Keychain, otherwise if the property `allowUnencryptedStorage` is set to true, it uses an unencrypted file.
-   * On Linux it tries to use the system's Keyring, otherwise if the property `allowUnencryptedStorage` is set to true, it uses an unencrypted file.
-   */
-  tokenCachePersistenceOptions?: TokenCachePersistenceOptions;
 }

sdk/identity/identity/src/credentials/clientSecretCredentialOptions.ts

@@ -2,21 +2,8 @@
 // Licensed under the MIT license.
 
 import { TokenCredentialOptions } from "../client/identityClient";
-import { TokenCachePersistenceOptions } from "../tokenCache/persistencePlatforms";
 
 /**
  * Optional parameters for the {@link ClientSecretCredential} class.
  */
-export interface ClientSecretCredentialOptions extends TokenCredentialOptions {
-  /**
-   * To provide a persistence layer to store the credentials,
-   * we allow users to optionally specify {@link TokenCachePersistenceOptions} for their credential.
-   *
-   * This feature is not currently available on Node 8 or earlier versions of Node JS.
-   *
-   * This persistence layer uses DPAPI on Windows.
-   * On OSX (Darwin) it tries to use the system's Keychain, otherwise if the property `allowUnencryptedStorage` is set to true, it uses an unencrypted file.
-   * On Linux it tries to use the system's Keyring, otherwise if the property `allowUnencryptedStorage` is set to true, it uses an unencrypted file.
-   */
-  tokenCachePersistenceOptions?: TokenCachePersistenceOptions;
-}
+export interface ClientSecretCredentialOptions extends TokenCredentialOptions {}

sdk/identity/identity/src/credentials/defaultAzureCredential.ts

@@ -6,7 +6,6 @@ import { ChainedTokenCredential } from "./chainedTokenCredential";
 import { EnvironmentCredential } from "./environmentCredential";
 import { ManagedIdentityCredential } from "./managedIdentityCredential";
 import { AzureCliCredential } from "./azureCliCredential";
-import { VisualStudioCodeCredential } from "./visualStudioCodeCredential";
 
 /**
  * Provides options to configure the {@link DefaultAzureCredential} class.
@@ -58,7 +57,6 @@ export class DefaultAzureCredential extends ChainedTokenCredential {
     }
 
     credentials.push(new AzureCliCredential());
-    credentials.push(new VisualStudioCodeCredential(options));
 
     super(...credentials);
     this.UnavailableMessage =

sdk/identity/identity/src/credentials/interactiveCredentialOptions.ts

@@ -3,7 +3,6 @@
 
 import { TokenCredentialOptions } from "../client/identityClient";
 import { AuthenticationRecord } from "../msal/types";
-import { TokenCachePersistenceOptions } from "../tokenCache/persistencePlatforms";
 
 /**
  * Common constructor options for the Identity credentials that requires user interaction.
@@ -26,16 +25,4 @@ export interface InteractiveCredentialOptions extends TokenCredentialOptions {
    * Developers will need to call to `authenticate()` to control when to manually authenticate.
    */
   disableAutomaticAuthentication?: boolean;
-
-  /**
-   * To provide a persistence layer to store the credentials,
-   * we allow users to optionally specify {@link TokenCachePersistenceOptions} for their credential.
-   *
-   * This feature is not currently available on Node 8 or earlier versions of Node JS.
-   *
-   * This persistence layer uses DPAPI on Windows.
-   * On OSX (Darwin) it tries to use the system's Keychain, otherwise if the property `allowUnencryptedStorage` is set to true, it uses an unencrypted file.
-   * On Linux it tries to use the system's Keyring, otherwise if the property `allowUnencryptedStorage` is set to true, it uses an unencrypted file.
-   */
-  tokenCachePersistenceOptions?: TokenCachePersistenceOptions;
 }

sdk/identity/identity/src/credentials/usernamePasswordCredentialOptions.ts

@@ -2,21 +2,8 @@
 // Licensed under the MIT license.
 
 import { TokenCredentialOptions } from "../client/identityClient";
-import { TokenCachePersistenceOptions } from "../tokenCache/persistencePlatforms";
 
 /**
  * Defines options for the {@link UsernamePasswordCredential} class.
  */
-export interface UsernamePasswordCredentialOptions extends TokenCredentialOptions {
-  /**
-   * To provide a persistence layer to store the credentials,
-   * we allow users to optionally specify {@link TokenCachePersistenceOptions} for their credential.
-   *
-   * This feature is not currently available on Node 8 or earlier versions of Node JS.
-   *
-   * This persistence layer uses DPAPI on Windows.
-   * On OSX (Darwin) it tries to use the system's Keychain, otherwise if the property `allowUnencryptedStorage` is set to true, it uses an unencrypted file.
-   * On Linux it tries to use the system's Keyring, otherwise if the property `allowUnencryptedStorage` is set to true, it uses an unencrypted file.
-   */
-  tokenCachePersistenceOptions?: TokenCachePersistenceOptions;
-}
+export interface UsernamePasswordCredentialOptions extends TokenCredentialOptions {}