[identity] Migrate to ESM and tshy (#31647)

### Packages impacted by this PR

@azure/identity-broker
@azure/identity 

### Issues associated with this PR

#31338 

### Describe the problem that is addressed by this PR

Migrates identity and identity-broker to ESM, tshy, and Vitest

common/tools/dev-tool/src/commands/admin/migrate-package.ts

@@ -85,12 +85,14 @@ export default leafCommand(commandInfo, async ({ "package-name": packageName, br
   await prepareFiles(projectFolder, { browser });
   await applyCodemods(projectFolder);
 
-  log.info("Running `rush update`");
-  await run(["rush", "update"], { cwd: projectFolder });
   log.info("Formatting files");
   await run(["rushx", "format"], { cwd: projectFolder });
   await commitChanges(projectFolder, "rushx format");
 
+  log.info(
+    "Done. Please run `rush update`, `rush build -t <project-name>`, and run tests to verify the changes.",
+  );
+
   return true;
 });
 

sdk/identity/identity-broker/CHANGELOG.md

@@ -10,6 +10,8 @@
 
 ### Other Changes
 
+- Native ESM support has been added, and this package will now emit both CommonJS and ESM. [#31647](https://github.com/Azure/azure-sdk-for-js/pull/31647)
+
 ## 1.1.0 (2024-10-15)
 
 ### Features Added
@@ -25,9 +27,11 @@
 ## 1.0.0 (2023-11-07)
 
 ### Features Added
+
 - First GA release of the plugin package `@azure/identity-broker` to [support authentication through broker such as WAM](https://learn.microsoft.com/entra/identity-platform/scenario-desktop-acquire-token-wam). This plugin works with the [`brokerOptions` on `InteractiveBrowserCredential` added in the `@azure/identity` package](https://github.com/Azure/azure-sdk-for-js/pull/26091/).
 
 ## 1.0.0-beta.1 (2023-10-23)
 
 ### Features Added
+
 - Created a plugin package to [support authentication through broker such as WAM](https://learn.microsoft.com/entra/identity-platform/scenario-desktop-acquire-token-wam). This plugin works with the [`brokerOptions` on `InteractiveBrowserCredential` added in the `@azure/identity` package](https://github.com/Azure/azure-sdk-for-js/pull/26091).

sdk/identity/identity-broker/api-extractor.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://developer.microsoft.com/json-schemas/api-extractor/v7/api-extractor.schema.json",
-  "mainEntryPointFilePath": "./types/identity-broker/src/index.d.ts",
+  "mainEntryPointFilePath": "dist/esm/index.d.ts",
   "docModel": {
     "enabled": true
   },
@@ -11,7 +11,7 @@
   "dtsRollup": {
     "enabled": true,
     "untrimmedFilePath": "",
-    "publicTrimmedFilePath": "./types/identity-broker.d.ts"
+    "publicTrimmedFilePath": "dist/identity-broker.d.ts"
   },
   "messages": {
     "tsdocMessageReporting": {

sdk/identity/identity-broker/package.json

@@ -3,17 +3,17 @@
   "version": "1.1.1",
   "sdk-type": "client",
   "description": "A native plugin for Azure Identity credentials to enable broker authentication such as WAM",
-  "main": "dist/index.js",
-  "module": "dist-esm/identity-broker/src/index.js",
-  "types": "./types/identity-broker.d.ts",
+  "main": "./dist/commonjs/index.js",
+  "module": "./dist/esm/index.js",
+  "types": "./dist/commonjs/index.d.ts",
   "scripts": {
-    "build": "npm run extract-api && tsc -p . && dev-tool run bundle",
+    "build": "npm run clean && dev-tool run build-package && dev-tool run extract-api",
     "build:samples": "echo skipped",
-    "build:test": "tsc -p . && dev-tool run bundle",
+    "build:test": "dev-tool run build-package && dev-tool run bundle",
     "check-format": "dev-tool run vendored prettier --list-different --config ../../../.prettierrc.json --ignore-path ../../../.prettierignore \"src/**/*.ts\" \"test/**/*.ts\" \"*.{js,json}\"",
     "clean": "dev-tool run vendored rimraf --glob dist dist-esm types \"*.tgz\" \"*.log\"",
     "execute:samples": "echo skipped",
-    "extract-api": "tsc -p . && dev-tool run extract-api",
+    "extract-api": "dev-tool run build-package && dev-tool run extract-api",
     "format": "dev-tool run vendored prettier --write --config ../../../.prettierrc.json --ignore-path ../../../.prettierignore \"src/**/*.ts\" \"test/**/*.ts\" \"*.{js,json}\"",
     "integration-test": "npm run integration-test:node && npm run integration-test:browser",
     "integration-test:browser": "echo skipped",
@@ -22,19 +22,16 @@
     "lint:fix": "eslint package.json api-extractor.json README.md src test --fix --fix-type [problem,suggestion]",
     "pack": "npm pack 2>&1",
     "test": "npm run clean && npm run build:test && npm run unit-test && npm run integration-test",
-    "test:browser": "npm run clean && npm run build:test && npm run unit-test:browser && npm run integration-test:browser",
+    "test:browser": "echo skipped",
     "test:node": "npm run clean && npm run build:test && npm run unit-test:node && npm run integration-test:node",
     "unit-test": "npm run unit-test:node && npm run unit-test:browser",
     "unit-test:browser": "echo skipped",
-    "unit-test:node": "dev-tool run test:node-ts-input -- --timeout 300000 --exclude 'test/**/browser/**/*.spec.ts' --exclude 'test/snippets.spec.ts' 'test/**/**/*.spec.ts'",
+    "unit-test:node": "dev-tool run test:vitest -- --test-timeout 300000",
     "update-snippets": "dev-tool run update-snippets",
     "unit-test:manual": "dev-tool run test:node-ts-input -- --timeout 300000 'test/manual/node/popTokenSupport.spec.ts'"
   },
   "files": [
     "dist/",
-    "dist-esm/identity/src",
-    "dist-esm/identity-broker/src",
-    "types/identity-broker.d.ts",
     "README.md",
     "LICENSE"
   ],
@@ -65,8 +62,8 @@
     "tslib": "^2.2.0"
   },
   "devDependencies": {
-    "@azure-tools/test-recorder": "^3.0.0",
-    "@azure-tools/test-utils": "^1.0.1",
+    "@azure-tools/test-recorder": "^4.1.0",
+    "@azure-tools/test-utils-vitest": "^1.0.0",
     "@azure/abort-controller": "^1.1.0",
     "@azure/core-client": "^1.7.0",
     "@azure/core-rest-pipeline": "^1.17.0",
@@ -74,14 +71,13 @@
     "@azure/dev-tool": "^1.0.0",
     "@azure/eslint-plugin-azure-sdk": "^3.0.0",
     "@azure/logger": "^1.0.4",
-    "@types/mocha": "^10.0.0",
     "@types/node": "^18.0.0",
-    "@types/sinon": "^17.0.0",
+    "@vitest/browser": "^2.1.4",
+    "@vitest/coverage-istanbul": "^2.1.4",
     "eslint": "^9.9.0",
-    "mocha": "^10.0.0",
-    "puppeteer": "^23.0.2",
-    "sinon": "^17.0.0",
-    "typescript": "~5.6.2"
+    "playwright": "^1.48.2",
+    "typescript": "~5.6.2",
+    "vitest": "^2.1.4"
   },
   "//sampleConfiguration": {
     "productName": "Azure Identity Brokered Auth Plugin",
@@ -92,5 +88,38 @@
     "requiredResources": {
       "Microsoft Entra App Registration": "https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app"
     }
+  },
+  "type": "module",
+  "tshy": {
+    "exports": {
+      "./package.json": "./package.json",
+      ".": "./src/index.ts"
+    },
+    "dialects": [
+      "esm",
+      "commonjs"
+    ],
+    "esmDialects": [
+      "browser"
+    ],
+    "selfLink": false
+  },
+  "browser": "./dist/browser/index.js",
+  "exports": {
+    "./package.json": "./package.json",
+    ".": {
+      "browser": {
+        "types": "./dist/browser/index.d.ts",
+        "default": "./dist/browser/index.js"
+      },
+      "import": {
+        "types": "./dist/esm/index.d.ts",
+        "default": "./dist/esm/index.js"
+      },
+      "require": {
+        "types": "./dist/commonjs/index.d.ts",
+        "default": "./dist/commonjs/index.js"
+      }
+    }
   }
 }

sdk/identity/identity-broker/src/index.ts

@@ -1,10 +1,23 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { AzurePluginContext } from "../../identity/src/plugins/provider";
 import type { IdentityPlugin } from "@azure/identity";
 import { NativeBrokerPlugin } from "@azure/msal-node-extensions";
 
+/**
+ * A subset of the AzurePluginContext provided by \@azure/identity
+ *
+ * @internal
+ */
+interface AzurePluginContext {
+  nativeBrokerPluginControl: NativeBrokerPluginControl;
+}
+
+interface NativeBrokerPluginControl {
+  // eslint-disable-next-line @typescript-eslint/consistent-type-imports
+  setNativeBroker(nativeBroker: import("@azure/msal-node").INativeBrokerPlugin): void;
+}
+
 /**
  * A plugin that provides WAM Integration for `@azure/identity`
  * credentials. The plugin API is compatible with `@azure/identity` versions
@@ -26,7 +39,6 @@ import { NativeBrokerPlugin } from "@azure/msal-node-extensions";
  * });
  * ```
  */
-
 export const nativeBrokerPlugin: IdentityPlugin = (context: unknown) => {
   const { nativeBrokerPluginControl } = context as AzurePluginContext;
   const brokerPlugin = new NativeBrokerPlugin();

sdk/identity/identity-broker/test/internal/node/interactiveBrowserCredential.spec.ts

@@ -2,49 +2,42 @@
 // Licensed under the MIT License.
 import type { InteractiveBrowserCredentialNodeOptions } from "@azure/identity";
 import { InteractiveBrowserCredential, useIdentityPlugin } from "@azure/identity";
-import type { MsalTestCleanup } from "../../../../identity/test/node/msalNodeTestSetup";
-import { msalNodeTestSetup } from "../../../../identity/test/node/msalNodeTestSetup";
 import { PublicClientApplication } from "@azure/msal-node";
-import type Sinon from "sinon";
 import type { Recorder } from "@azure-tools/test-recorder";
 import { isLiveMode, env, isPlaybackMode } from "@azure-tools/test-recorder";
-import { nativeBrokerPlugin } from "../../../src";
+import { nativeBrokerPlugin } from "../../../src/index.js";
 import { isNodeLike } from "@azure/core-util";
-import { assert } from "@azure-tools/test-utils";
-import type http from "http";
+import type http from "node:http";
+import type { MockInstance } from "vitest";
+import { describe, it, assert, expect, vi, beforeEach, afterEach } from "vitest";
 
-describe("InteractiveBrowserCredential (internal)", function (this: Mocha.Suite) {
-  let cleanup: MsalTestCleanup;
+describe("InteractiveBrowserCredential (internal)", function () {
   let listen: http.Server | undefined;
-  let doGetTokenSpy: Sinon.SinonSpy;
+  let doGetTokenSpy: MockInstance;
   let recorder: Recorder;
 
-  beforeEach(async function (this: Mocha.Context) {
-    const setup = await msalNodeTestSetup(this.currentTest);
-    cleanup = setup.cleanup;
-    recorder = setup.recorder;
-
-    // getTokenSilentSpy = setup.sandbox.spy(MsalNode.prototype, "getTokenSilent");
-
-    doGetTokenSpy = setup.sandbox.spy(PublicClientApplication.prototype, "acquireTokenInteractive");
+  beforeEach(async function (ctx) {
+    doGetTokenSpy = vi.spyOn(PublicClientApplication.prototype, "acquireTokenInteractive");
   });
+
   afterEach(async function () {
     if (listen) {
       listen.close();
     }
 
-    await cleanup();
+    vi.restoreAllMocks();
   });
-  it("Throws error when no plugin is imported", async function (this: Mocha.Context) {
+
+  it("Throws error when no plugin is imported", async function (ctx) {
     if (isNodeLike) {
       // OSX asks for passwords on CI, so we need to skip these tests from our automation
       if (process.platform !== "win32") {
-        this.skip();
+        ctx.skip();
       }
       // These tests should not run live because this credential requires user interaction.
       // currently test with broker is hanging, so skipping in playback mode for the ci
       if (isLiveMode() || isPlaybackMode()) {
-        this.skip();
+        ctx.skip();
       }
       const winHandle = Buffer.from("srefleqr93285329lskadjffa");
       const interactiveBrowserCredentialOptions: InteractiveBrowserCredentialNodeOptions = {
@@ -61,19 +54,19 @@ describe("InteractiveBrowserCredential (internal)", function (this: Mocha.Suite)
         );
       }, "Broker for WAM was requested to be enabled, but no native broker was configured.");
     } else {
-      this.skip();
+      ctx.skip();
     }
   });
-  it("Accepts interactiveBrowserCredentialOptions", async function (this: Mocha.Context) {
+  it("Accepts interactiveBrowserCredentialOptions", async function (ctx) {
     if (isNodeLike) {
       // OSX asks for passwords on CI, so we need to skip these tests from our automation
       if (process.platform !== "win32") {
-        this.skip();
+        ctx.skip();
       }
       // These tests should not run live because this credential requires user interaction.
       // currently test with broker is hanging, so skipping in playback mode for the ci
       if (isLiveMode() || isPlaybackMode()) {
-        this.skip();
+        ctx.skip();
       }
       useIdentityPlugin(nativeBrokerPlugin);
       const winHandle = Buffer.from("srefleqr93285329lskadjffa");
@@ -94,15 +87,16 @@ describe("InteractiveBrowserCredential (internal)", function (this: Mocha.Suite)
       try {
         const accessToken = await credential.getToken(scope);
         assert.exists(accessToken.token);
-        assert.equal(doGetTokenSpy.callCount, 1);
-        const result = await doGetTokenSpy.lastCall.returnValue;
-        assert.equal(result.fromNativeBroker, true);
+        expect(doGetTokenSpy).toHaveBeenCalledOnce();
+        expect(doGetTokenSpy.mock.results[0].value).toEqual(
+          expect.objectContaining({ fromNativeBroker: true }),
+        );
       } catch (e) {
         console.log(e);
-        assert.equal(doGetTokenSpy.callCount, 1);
+        expect(doGetTokenSpy).toHaveBeenCalledOnce();
       }
     } else {
-      this.skip();
+      ctx.skip();
     }
   });
 });

sdk/identity/identity-broker/test/manual/node/popTokenAuthenticationPolicy.ts

@@ -9,7 +9,7 @@ import type {
   SendRequest,
   PipelinePolicy,
 } from "@azure/core-rest-pipeline";
-import { createTokenCycler } from "./popTokenCycler";
+import { createTokenCycler } from "./popTokenCycler.js";
 
 /**
  * The programmatic identifier of the popTokenAuthenticationPolicy.

sdk/identity/identity-broker/test/manual/node/popTokenClient.ts

@@ -14,9 +14,9 @@ import {
   createPipelineRequest,
   createDefaultHttpClient,
 } from "@azure/core-rest-pipeline";
-import { popTokenAuthenticationPolicy } from "./popTokenAuthenticationPolicy";
+import { popTokenAuthenticationPolicy } from "./popTokenAuthenticationPolicy.js";
 import type { TokenCredential } from "@azure/core-auth";
-import { authorizeRequestOnPopTokenChallenge } from "./authRequestPopTokenChallenge";
+import { authorizeRequestOnPopTokenChallenge } from "./authRequestPopTokenChallenge.js";
 
 export async function sendGraphRequest(credential: TokenCredential): Promise<PipelineResponse> {
   const pipeline = createEmptyPipeline();

sdk/identity/identity-broker/test/manual/node/popTokenSupport.spec.ts

@@ -4,20 +4,20 @@ import type { InteractiveBrowserCredentialNodeOptions } from "@azure/identity";
 import { InteractiveBrowserCredential, useIdentityPlugin } from "@azure/identity";
 
 import { env, isLiveMode, isPlaybackMode } from "@azure-tools/test-recorder";
-import { nativeBrokerPlugin } from "../../../src";
+import { nativeBrokerPlugin } from "../../../src/index.js";
 import { isNodeLike } from "@azure/core-util";
-import { sendGraphRequest } from "./popTokenClient";
-import { assert } from "@azure-tools/test-utils";
+import { sendGraphRequest } from "./popTokenClient.js";
+import { describe, it, assert } from "vitest";
 
-describe("InteractiveBrowserCredential", function (this: Mocha.Suite) {
-  it("supports pop token authentication", async function (this: Mocha.Context) {
+describe("InteractiveBrowserCredential", function () {
+  it("supports pop token authentication", async function (ctx) {
     if (isNodeLike) {
       // OSX asks for passwords on CI, so we need to skip these tests from our automation
       if (process.platform !== "win32") {
-        this.skip();
+        ctx.skip();
       }
       if (isLiveMode() || isPlaybackMode()) {
-        this.skip();
+        ctx.skip();
       }
       useIdentityPlugin(nativeBrokerPlugin);
       const winHandle = Buffer.from("srefleqr93285329lskadjffa");
@@ -35,7 +35,7 @@ describe("InteractiveBrowserCredential", function (this: Mocha.Suite) {
       assert.equal(response.status, 200);
       assert.exists(response.bodyAsText);
     } else {
-      this.skip();
+      ctx.skip();
     }
   });
 });

sdk/identity/identity-broker/test/snippets.spec.ts

@@ -4,6 +4,7 @@
 import { InteractiveBrowserCredential, useIdentityPlugin } from "@azure/identity";
 import { nativeBrokerPlugin } from "@azure/identity-broker";
 import { setLogLevel } from "@azure/logger";
+import { describe, it } from "vitest";
 
 describe("snippets", function () {
   it("getting_started", function () {

sdk/identity/identity-broker/tsconfig.browser.config.json

@@ -0,0 +1,10 @@
+{
+  "extends": "./.tshy/build.json",
+  "include": ["./src/**/*.ts", "./src/**/*.mts", "./test/**/*.spec.ts", "./test/**/*.mts"],
+  "exclude": ["./test/**/node/**/*.ts"],
+  "compilerOptions": {
+    "outDir": "./dist-test/browser",
+    "rootDir": ".",
+    "skipLibCheck": true
+  }
+}

sdk/identity/identity-broker/tsconfig.json

@@ -3,12 +3,13 @@
   "compilerOptions": {
     "target": "es2020",
     "lib": ["DOM"],
-    "declarationDir": "./types",
-    "outDir": "./dist-esm",
     "resolveJsonModule": true,
     "paths": {
       "@azure/identity-broker": ["./src/index"]
-    }
+    },
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "rootDir": "."
   },
-  "include": ["src/**/*", "test/**/*"]
+  "include": ["src/**/*.ts", "src/**/*.mts", "src/**/*.cts", "samples-dev/**/*.ts", "test/**/*.ts"]
 }

sdk/identity/identity-broker/vitest.browser.config.ts

@@ -0,0 +1,17 @@
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+import { defineConfig, mergeConfig } from "vitest/config";
+import viteConfig from "../../../vitest.browser.shared.config.ts";
+
+export default mergeConfig(
+  viteConfig,
+  defineConfig({
+    test: {
+      include: [
+        "dist-test/browser/test/**/*.spec.js",
+      ],
+    },
+  }),
+);

sdk/identity/identity-broker/vitest.config.ts

@@ -0,0 +1,15 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+import { defineConfig, mergeConfig } from "vitest/config";
+import viteConfig from "../../../vitest.shared.config.ts";
+
+export default mergeConfig(
+  viteConfig,
+  defineConfig({
+    test: {
+      include: ["test/**/*.spec.ts"],
+      exclude: ["test/snippets.spec.ts"],
+    },
+  }),
+);

sdk/identity/identity-cache-persistence/api-extractor.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://developer.microsoft.com/json-schemas/api-extractor/v7/api-extractor.schema.json",
-  "mainEntryPointFilePath": "./types/identity-cache-persistence/src/index.d.ts",
+  "mainEntryPointFilePath": "./types/src/index.d.ts",
   "docModel": {
     "enabled": true
   },

sdk/identity/identity-cache-persistence/package.json

@@ -4,7 +4,7 @@
   "sdk-type": "client",
   "description": "A secure, persistent token cache for Azure Identity credentials that uses the OS secret-management API",
   "main": "dist/index.js",
-  "module": "dist-esm/identity-cache-persistence/src/index.js",
+  "module": "dist-esm/src/index.js",
   "types": "./types/identity-cache-persistence.d.ts",
   "scripts": {
     "build": "npm run clean && npm run extract-api && tsc -p . && dev-tool run bundle",
@@ -31,8 +31,7 @@
   },
   "files": [
     "dist/",
-    "dist-esm/identity/src",
-    "dist-esm/identity-cache-persistence/src",
+    "dist-esm/src",
     "types/identity-cache-persistence.d.ts",
     "README.md",
     "LICENSE"

sdk/identity/identity-cache-persistence/src/index.ts

@@ -1,10 +1,29 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { AzurePluginContext } from "../../identity/src/plugins/provider";
-import type { IdentityPlugin } from "@azure/identity";
+import type { IdentityPlugin, TokenCachePersistenceOptions } from "@azure/identity";
 import { createPersistenceCachePlugin } from "./provider";
 
+/**
+ * Plugin context entries for controlling cache plugins.
+ */
+interface CachePluginControl {
+  setPersistence(
+    persistenceFactory: (
+      options?: TokenCachePersistenceOptions,
+    ) => Promise<import("@azure/msal-node").ICachePlugin>,
+  ): void;
+}
+/**
+ * Context options passed to a plugin during initialization.
+ *
+ * Represents a subset of the context defined in `@azure/identity`
+ *
+ */
+interface AzurePluginContext {
+  cachePluginControl: CachePluginControl;
+}
+
 /**
  * A plugin that provides persistent token caching for `@azure/identity`
  * credentials. The plugin API is compatible with `@azure/identity` versions

sdk/identity/identity-cache-persistence/test/internal/node/clientCertificateCredential.spec.ts

@@ -6,10 +6,10 @@
 
 import * as path from "path";
 
-import type { TokenCachePersistenceOptions } from "../../../../identity/src";
-import { ClientCertificateCredential } from "../../../../identity/src";
-import type { MsalTestCleanup } from "../../../../identity/test/node/msalNodeTestSetup";
-import { msalNodeTestSetup } from "../../../../identity/test/node/msalNodeTestSetup";
+import type { TokenCachePersistenceOptions } from "@azure/identity";
+import { ClientCertificateCredential } from "@azure/identity";
+import type { MsalTestCleanup } from "./msalNodeTestSetup";
+import { msalNodeTestSetup } from "./msalNodeTestSetup";
 import type { Recorder } from "@azure-tools/test-recorder";
 import { env, isPlaybackMode } from "@azure-tools/test-recorder";
 

sdk/identity/identity-cache-persistence/test/internal/node/clientSecretCredential.spec.ts

@@ -4,10 +4,9 @@
 /* eslint-disable @typescript-eslint/no-non-null-asserted-optional-chain */
 /* eslint-disable sort-imports */
 
-import type { TokenCachePersistenceOptions } from "../../../../identity/src";
-import { ClientSecretCredential } from "../../../../identity/src";
-import type { MsalTestCleanup } from "../../../../identity/test/node/msalNodeTestSetup";
-import { msalNodeTestSetup } from "../../../../identity/test/node/msalNodeTestSetup";
+import type { TokenCachePersistenceOptions } from "@azure/identity";
+import { ClientSecretCredential } from "@azure/identity";
+import { msalNodeTestSetup, type MsalTestCleanup } from "./msalNodeTestSetup";
 import type { Recorder } from "@azure-tools/test-recorder";
 import { env } from "@azure-tools/test-recorder";
 

sdk/identity/identity-cache-persistence/test/internal/node/deviceCodeCredential.spec.ts

@@ -4,10 +4,8 @@
 /* eslint-disable @typescript-eslint/no-non-null-asserted-optional-chain */
 /* eslint-disable sort-imports */
 
-import type { TokenCachePersistenceOptions } from "../../../../identity/src";
-import { DeviceCodeCredential } from "../../../../identity/src";
-import type { MsalTestCleanup } from "../../../../identity/test/node/msalNodeTestSetup";
-import { msalNodeTestSetup } from "../../../../identity/test/node/msalNodeTestSetup";
+import { DeviceCodeCredential, type TokenCachePersistenceOptions } from "@azure/identity";
+import { msalNodeTestSetup, type MsalTestCleanup } from "./msalNodeTestSetup";
 import type { Recorder } from "@azure-tools/test-recorder";
 import { isLiveMode } from "@azure-tools/test-recorder";
 

sdk/identity/identity-cache-persistence/test/internal/node/msalNodeTestSetup.ts

@@ -0,0 +1,233 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+import type { AuthenticationResult } from "@azure/msal-node";
+import { ConfidentialClientApplication, PublicClientApplication } from "@azure/msal-node";
+import type Sinon from "sinon";
+import { createSandbox } from "sinon";
+
+import { Recorder } from "@azure-tools/test-recorder";
+import { Test } from "mocha";
+
+const PlaybackTenantId = "12345678-1234-1234-1234-123456789012";
+
+export type MsalTestCleanup = () => Promise<void>;
+
+export interface MsalTestSetupResponse {
+  cleanup: MsalTestCleanup;
+  recorder?: Recorder;
+  sandbox: Sinon.SinonSandbox;
+}
+
+export async function msalNodeTestSetup(
+  testContext?: Test,
+  playbackClientId?: string,
+): Promise<{
+  cleanup: MsalTestCleanup;
+  recorder: Recorder;
+  sandbox: Sinon.SinonSandbox;
+}>;
+
+export async function msalNodeTestSetup(stubbedToken: AuthenticationResult): Promise<{
+  cleanup: MsalTestCleanup;
+  sandbox: Sinon.SinonSandbox;
+}>;
+
+export async function msalNodeTestSetup(
+  testContextOrStubbedToken?: Test | AuthenticationResult,
+  playbackClientId = "azure_client_id",
+): Promise<MsalTestSetupResponse> {
+  const playbackValues = {
+    correlationId: "client-request-id",
+  };
+
+  const sandbox = createSandbox();
+
+  if (testContextOrStubbedToken instanceof Test || testContextOrStubbedToken === undefined) {
+    const testContext = testContextOrStubbedToken;
+
+    const recorder = new Recorder(testContext);
+    recorder.setMatcher("CustomDefaultMatcher", {
+      excludedHeaders: ["X-AnchorMailbox", "Content-Length", "User-Agent"],
+    });
+
+    await recorder.start({
+      envSetupForPlayback: {
+        AZURE_TENANT_ID: PlaybackTenantId,
+        AZURE_CLIENT_ID: playbackClientId,
+        AZURE_CLIENT_SECRET: "azure_client_secret",
+        AZURE_IDENTITY_TEST_TENANTID: PlaybackTenantId,
+        AZURE_IDENTITY_TEST_USERNAME: "azure_username",
+        AZURE_IDENTITY_TEST_PASSWORD: "azure_password",
+        IDENTITY_SP_CLIENT_ID: "",
+        IDENTITY_SP_TENANT_ID: "",
+        IDENTITY_SP_CLIENT_SECRET: "",
+        IDENTITY_SP_CERT_PEM: "",
+        AZURE_CAE_MANAGEMENT_ENDPOINT: "https://management.azure.com/",
+        AZURE_CLIENT_CERTIFICATE_PATH: "assets/fake-cert.pem",
+        AZURE_IDENTITY_MULTI_TENANT_TENANT_ID: "99999999-9999-9999-9999-999999999999",
+        AZURE_IDENTITY_MULTI_TENANT_CLIENT_ID: "azure_multi_tenant_client_id",
+        AZURE_IDENTITY_MULTI_TENANT_CLIENT_SECRET: "azure_multi_tenant_client_secret",
+      },
+      sanitizerOptions: {
+        headerSanitizers: [
+          {
+            key: "User-Agent",
+            value: "User-Agent",
+          },
+          {
+            key: "Set-Cookie",
+            regex: true,
+            target: `(fpc|esctx)=(?<secret_cookie>[^;]+)`,
+            value: "secret_cookie",
+            groupForReplace: "secret_cookie",
+          },
+        ],
+        generalSanitizers: [
+          {
+            regex: true,
+            target: `enter the code [A-Z0-9]* to authenticate`,
+            value: `enter the code USER_CODE to authenticate`,
+          },
+        ],
+      },
+    });
+
+    // Playback sanitizers
+    await recorder.addSanitizers(
+      {
+        bodySanitizers: [
+          {
+            regex: true,
+            target: 'username=[^&"]+', // env sanitizers do not handle matching urlencoded params well (@ character is urlencoded)
+            value: "username=azure_username",
+          },
+          {
+            regex: true,
+            target: 'client_secret=[^&"]+',
+            value: "client_secret=azure_client_secret",
+          },
+          {
+            regex: true,
+            target: `client_assertion=[a-zA-Z0-9-._]*`,
+            value: "client_assertion=client_assertion",
+          },
+          {
+            regex: true,
+            target: 'device_code=[^&"]+',
+            value: "device_code=DEVICE_CODE",
+          },
+          {
+            regex: true,
+            target: `x-client-OS=[a-zA-Z0-9]+`,
+            value: `x-client-OS=Sanitized`,
+          },
+          {
+            regex: true,
+            target: `x-client-CPU=[a-zA-Z0-9]+`,
+            value: `x-client-CPU=Sanitized`,
+          },
+          {
+            regex: true,
+            target: `x-client-VER=[a-zA-Z0-9.-]+`,
+            value: `x-client-VER=identity-client-version`,
+          },
+          {
+            regex: true,
+            target: `client-request-id=[a-zA-Z0-9-]+`,
+            value: `client-request-id=${playbackValues.correlationId}`,
+          },
+        ],
+        bodyKeySanitizers: [
+          {
+            jsonPath: "$.device_code",
+            value: "DEVICE_CODE",
+          },
+          {
+            jsonPath: "$.bodyProvided.device_code",
+            value: "DEVICE_CODE",
+          },
+          {
+            jsonPath: "$.interval",
+            value: "0",
+          },
+          {
+            jsonPath: "$.client-request-id",
+            value: playbackValues.correlationId,
+          },
+          {
+            jsonPath: "$.access_token",
+            value: "access_token",
+          },
+          {
+            jsonPath: "$.bodyProvided.access_token",
+            value: "access_token",
+          },
+          {
+            jsonPath: "$.refresh_token",
+            value: "refresh_token",
+          },
+          {
+            jsonPath: "$.bodyProvided.refresh_token",
+            value: "refresh_token",
+          },
+          {
+            jsonPath: "$.id_token",
+            value:
+              "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImtpZCJ9.eyJhdWQiOiJhdWQiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vMTIzNDU2NzgtMTIzNC0xMjM0LTEyMzQtMTIzNDU2Nzg5MDEyL3YyLjAiLCJpYXQiOjE2MTUzMzcxNjMsIm5iZiI6MTYxNTMzNzE2MywiZXhwIjoxNjE1MzQxMDYzLCJhaW8iOiJhaW8iLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9pZHAvIiwibmFtZSI6IkRhbmllbCBSb2Ryw61ndWV6Iiwib2lkIjoib2lkIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiZGFucm9kcmlAbWljcm9zb2Z0LmNvbSIsInJoIjoicmguIiwic3ViIjoic3ViIiwidGlkIjoiMTIzNDU2NzgtMTIzNC0xMjM0LTEyMzQtMTIzNDU2Nzg5MDEyIiwidXRpIjoidXRpIiwidmVyIjoiMi4wIn0=.bm9faWRlYV93aGF0c190aGlz",
+          },
+          {
+            jsonPath: "$.client_info",
+            value:
+              "eyJ1aWQiOiIxMjM0NTY3OC0xMjM0LTEyMzQtMTIzNC0xMjM0NTY3ODkwMTIiLCJ1dGlkIjoiMTIzNDU2NzgtMTIzNC0xMjM0LTEyMzQtMTIzNDU2Nzg5MDEyIn0K",
+          },
+        ],
+      },
+      ["record", "playback"],
+    );
+
+    return {
+      sandbox,
+      recorder,
+      async cleanup() {
+        await recorder.stop();
+        sandbox.restore();
+      },
+    };
+  } else {
+    const stubbedToken = testContextOrStubbedToken;
+
+    const publicClientMethods: Array<keyof PublicClientApplication> = [
+      "acquireTokenByCode",
+      "acquireTokenByDeviceCode",
+      "acquireTokenByRefreshToken",
+      "acquireTokenByUsernamePassword",
+      "acquireTokenInteractive",
+      "acquireTokenSilent",
+    ];
+    const confidentialClientMethods: Array<keyof ConfidentialClientApplication> = [
+      "acquireTokenByClientCredential",
+      "acquireTokenByCode",
+      "acquireTokenByRefreshToken",
+      "acquireTokenByUsernamePassword",
+      "acquireTokenOnBehalfOf",
+      "acquireTokenSilent",
+    ];
+
+    publicClientMethods.forEach((method) =>
+      sandbox.stub(PublicClientApplication.prototype, method).callsFake(async () => stubbedToken),
+    );
+    confidentialClientMethods.forEach((method) =>
+      sandbox
+        .stub(ConfidentialClientApplication.prototype, method)
+        .callsFake(async () => stubbedToken),
+    );
+
+    return {
+      sandbox,
+      async cleanup() {
+        sandbox.restore();
+      },
+    };
+  }
+}

sdk/identity/identity-cache-persistence/test/internal/node/setup.spec.ts

@@ -5,7 +5,7 @@
 
 // We need to set up the plugin for the tests!
 
-import { useIdentityPlugin } from "../../../../identity/src";
+import { useIdentityPlugin } from "@azure/identity";
 
 // The persistence tests have to run on the same version of Node that's used to
 // install dependencies, currently 16.

sdk/identity/identity-cache-persistence/test/internal/node/usernamePasswordCredential.spec.ts

@@ -4,17 +4,17 @@
 /* eslint-disable @typescript-eslint/no-non-null-asserted-optional-chain */
 /* eslint-disable sort-imports */
 
-import type { MsalTestCleanup } from "../../../../identity/test/node/msalNodeTestSetup";
-import { msalNodeTestSetup } from "../../../../identity/test/node/msalNodeTestSetup";
 import type { Recorder } from "@azure-tools/test-recorder";
 import { env } from "@azure-tools/test-recorder";
-import type { TokenCachePersistenceOptions } from "../../../../identity/src";
-import { UsernamePasswordCredential } from "../../../../identity/src";
+import type { TokenCachePersistenceOptions } from "@azure/identity";
+import { UsernamePasswordCredential } from "@azure/identity";
 
 import { PublicClientApplication } from "@azure/msal-node";
 import type Sinon from "sinon";
 import assert from "assert";
 import { createPersistence } from "./setup.spec";
+import type { MsalTestCleanup } from "./msalNodeTestSetup";
+import { msalNodeTestSetup } from "./msalNodeTestSetup";
 
 describe("UsernamePasswordCredential (internal)", function (this: Mocha.Suite) {
   let cleanup: MsalTestCleanup;

sdk/identity/identity-vscode/api-extractor.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://developer.microsoft.com/json-schemas/api-extractor/v7/api-extractor.schema.json",
-  "mainEntryPointFilePath": "./types/identity-vscode/src/index.d.ts",
+  "mainEntryPointFilePath": "./types/src/index.d.ts",
   "docModel": {
     "enabled": true
   },

sdk/identity/identity-vscode/package.json

@@ -4,7 +4,7 @@
   "sdk-type": "client",
   "description": "Use the Azure Account extension for Visual Studio Code to authenticate with Azure Identity",
   "main": "dist/index.js",
-  "module": "dist-esm/identity-vscode/src/index.js",
+  "module": "dist-esm/src/index.js",
   "types": "./types/identity-vscode.d.ts",
   "scripts": {
     "build": "npm run clean && npm run extract-api && tsc -p . && dev-tool run bundle",
@@ -31,8 +31,7 @@
   },
   "files": [
     "dist/",
-    "dist-esm/identity/src",
-    "dist-esm/identity-vscode/src",
+    "dist-esm/src",
     "types/identity-vscode.d.ts",
     "README.md",
     "LICENSE"

sdk/identity/identity-vscode/src/index.ts

@@ -1,12 +1,37 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { AzurePluginContext } from "../../identity/src/plugins/provider";
 import type { IdentityPlugin } from "@azure/identity";
 import keytar from "keytar";
 
 const VSCodeServiceName = "VS Code Azure";
 
+/**
+ * A function that searches for credentials in the Visual Studio Code credential store.
+ *
+ * @returns an array of credentials (username and password)
+ */
+type VSCodeCredentialFinder = () => Promise<Array<{ account: string; password: string }>>;
+
+/**
+ * Plugin context entries for controlling VisualStudioCodeCredential.
+ */
+interface VisualStudioCodeCredentialControl {
+  setVsCodeCredentialFinder(finder: VSCodeCredentialFinder): void;
+}
+
+/**
+ * Context options passed to a plugin during initialization.
+ *
+ * Plugin authors are responsible for casting their plugin context values
+ * to this type.
+ *
+ * @internal
+ */
+interface AzurePluginContext {
+  vsCodeCredentialControl: VisualStudioCodeCredentialControl;
+}
+
 /**
  * A plugin that provides the dependencies of `VisualStudioCodeCredential`
  * and enables it within `@azure/identity`. The plugin API is compatible with

sdk/identity/identity-vscode/test/public/node/visualStudioCodeCredential.spec.ts

@@ -5,8 +5,6 @@
 /* eslint-disable @typescript-eslint/no-require-imports */
 /* eslint-disable sort-imports */
 
-import type { MsalTestCleanup } from "../../../../identity/test/node/msalNodeTestSetup";
-import { msalNodeTestSetup } from "../../../../identity/test/node/msalNodeTestSetup";
 import type { Recorder } from "@azure-tools/test-recorder";
 import { isRecordMode } from "@azure-tools/test-recorder";
 import { VisualStudioCodeCredential } from "@azure/identity";
@@ -22,18 +20,11 @@ const mockedResponse = [
 
 // TODO: Enable again once the VisualStudio cache bug is fixed.
 describe.skip("VisualStudioCodeCredential", function (this: Mocha.Suite) {
-  let cleanup: MsalTestCleanup;
   let recorder: Recorder;
 
-  beforeEach(async function (this: Mocha.Context) {
-    const setup = await msalNodeTestSetup(this.currentTest);
-    cleanup = setup.cleanup;
-    recorder = setup.recorder;
-  });
+  beforeEach(async function (this: Mocha.Context) {});
 
-  afterEach(async function () {
-    await cleanup();
-  });
+  afterEach(async function () {});
 
   const scope = "https://graph.microsoft.com/.default";
 

sdk/identity/identity/.nycrc

@@ -1,19 +0,0 @@
-{
-    "include": [
-      "dist-esm/src/**/*.js"
-    ],
-    "exclude": [
-      "**/*.d.ts",
-      "dist-esm/src/generated/*"
-    ],
-    "reporter": [
-      "text-summary",
-      "html",
-      "cobertura"
-    ],
-    "exclude-after-remap": false,
-    "sourceMap": true,
-    "produce-source-map": true,
-    "instrument": true,
-    "all": true
-  }

sdk/identity/identity/CHANGELOG.md

@@ -14,6 +14,8 @@
 
 - Mark `AzureAuthorityHosts.AZURE_GERMANY` deprecated as the Germany cloud closed in 2021. [#31519](https://github.com/Azure/azure-sdk-for-js/pull/31519)
 
+- Native ESM support has been added, and this package will now emit both CommonJS and ESM. [#31647](https://github.com/Azure/azure-sdk-for-js/pull/31647)
+
 ## 4.5.0 (2024-10-15)
 
 ### Features Added

sdk/identity/identity/api-extractor.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://developer.microsoft.com/json-schemas/api-extractor/v7/api-extractor.schema.json",
-  "mainEntryPointFilePath": "./types/src/index.d.ts",
+  "mainEntryPointFilePath": "dist/esm/index.d.ts",
   "docModel": {
     "enabled": true
   },
@@ -11,7 +11,7 @@
   "dtsRollup": {
     "enabled": true,
     "untrimmedFilePath": "",
-    "publicTrimmedFilePath": "./types/identity.d.ts"
+    "publicTrimmedFilePath": "dist/identity.d.ts"
   },
   "messages": {
     "tsdocMessageReporting": {

sdk/identity/identity/karma.conf.js

@@ -1,123 +0,0 @@
-const { relativeRecordingsPath } = require("@azure-tools/test-recorder");
-process.env.RECORDINGS_RELATIVE_PATH = relativeRecordingsPath();
-
-// https://github.com/karma-runner/karma-chrome-launcher
-process.env.CHROME_BIN = require("puppeteer").executablePath();
-require("dotenv").config();
-
-module.exports = function (config) {
-  config.set({
-    // base path that will be used to resolve all patterns (eg. files, exclude)
-    basePath: "./",
-
-    // frameworks to use
-    // available frameworks: https://npmjs.org/browse/keyword/karma-adapter
-    frameworks: ["mocha"],
-
-    plugins: [
-      "karma-mocha",
-      "karma-mocha-reporter",
-      "karma-chrome-launcher",
-      "karma-firefox-launcher",
-      "karma-env-preprocessor",
-      "karma-coverage",
-      "karma-sourcemap-loader",
-      "karma-junit-reporter",
-    ],
-
-    // list of files / patterns to load in the browser
-    files: [
-      "dist-test/index.browser.js",
-      { pattern: "dist-test/index.browser.js.map", type: "html", included: false, served: true },
-    ],
-
-    // list of files / patterns to exclude
-    exclude: [],
-
-    // preprocess matching files before serving them to the browser
-    // available preprocessors: https://npmjs.org/browse/keyword/karma-preprocessor
-    preprocessors: {
-      "**/*.js": ["sourcemap", "env"],
-    },
-
-    // inject following environment values into browser testing with window.__env__
-    // environment values MUST be exported or set with same console running "karma start"
-    // https://www.npmjs.com/package/karma-env-preprocessor
-    envPreprocessor: [
-      "AZURE_CLIENT_ID",
-      "AZURE_CLIENT_SECRET",
-      "AZURE_TENANT_ID",
-      "TEST_MODE",
-      "RECORDINGS_RELATIVE_PATH",
-    ],
-
-    // test results reporter to use
-    // possible values: 'dots', 'progress'
-    // available reporters: https://npmjs.org/browse/keyword/karma-reporter
-    reporters: ["mocha", "coverage", "junit"],
-
-    coverageReporter: {
-      // specify a common output directory
-      dir: "coverage-browser/",
-      reporters: [
-        { type: "json", subdir: ".", file: "coverage.json" },
-        { type: "lcovonly", subdir: ".", file: "lcov.info" },
-        { type: "html", subdir: "html" },
-        { type: "cobertura", subdir: ".", file: "cobertura-coverage.xml" },
-      ],
-    },
-
-    junitReporter: {
-      outputDir: "", // results will be saved as $outputDir/$browserName.xml
-      outputFile: "test-results.browser.xml", // if included, results will be saved as $outputDir/$browserName/$outputFile
-      suite: "", // suite will become the package name attribute in xml testsuite element
-      useBrowserName: false, // add browser name to report and classes names
-      nameFormatter: undefined, // function (browser, result) to customize the name attribute in xml testcase element
-      classNameFormatter: undefined, // function (browser, result) to customize the classname attribute in xml testcase element
-      properties: {}, // key value pair of properties to add to the <properties> section of the report
-    },
-
-    // web server port
-    port: 9876,
-
-    // enable / disable colors in the output (reporters and logs)
-    colors: true,
-
-    // level of logging
-    // possible values: config.LOG_DISABLE || config.LOG_ERROR || config.LOG_WARN || config.LOG_INFO || config.LOG_DEBUG
-    logLevel: config.LOG_INFO,
-
-    // enable / disable watching file and executing tests whenever any file changes
-    autoWatch: false,
-
-    // --no-sandbox allows our tests to run in Linux without having to change the system.
-    // --disable-web-security allows us to authenticate from the browser without having to write tests using interactive auth, which would be far more complex.
-    browsers: ["ChromeHeadlessNoSandbox"],
-    customLaunchers: {
-      ChromeHeadlessNoSandbox: {
-        base: "ChromeHeadless",
-        flags: ["--no-sandbox", "--disable-web-security"],
-      },
-    },
-
-    // Continuous Integration mode
-    // if true, Karma captures browsers, runs the tests and exits
-    singleRun: true,
-
-    // Concurrency level
-    // how many browser should be started simultaneous
-    concurrency: 1,
-
-    browserNoActivityTimeout: 600000,
-    browserDisconnectTimeout: 10000,
-    browserDisconnectTolerance: 3,
-
-    client: {
-      mocha: {
-        // change Karma's debug.html to the mocha web reporter
-        reporter: "html",
-        timeout: "600000",
-      },
-    },
-  });
-};

sdk/identity/identity/package.json

@@ -3,37 +3,10 @@
   "sdk-type": "client",
   "version": "4.5.1",
   "description": "Provides credential implementations for Azure SDK libraries that can authenticate with Microsoft Entra ID",
-  "main": "dist/index.js",
-  "module": "dist-esm/src/index.js",
-  "types": "./types/identity.d.ts",
-  "browser": {
-    "os": false,
-    "process": false,
-    "./dist-esm/src/credentials/azureCliCredential.js": "./dist-esm/src/credentials/azureCliCredential.browser.js",
-    "./dist-esm/src/credentials/azureDeveloperCliCredential.js": "./dist-esm/src/credentials/azureDeveloperCliCredential.browser.js",
-    "./dist-esm/src/credentials/environmentCredential.js": "./dist-esm/src/credentials/environmentCredential.browser.js",
-    "./dist-esm/src/credentials/managedIdentityCredential/index.js": "./dist-esm/src/credentials/managedIdentityCredential/index.browser.js",
-    "./dist-esm/src/credentials/clientCertificateCredential.js": "./dist-esm/src/credentials/clientCertificateCredential.browser.js",
-    "./dist-esm/src/credentials/clientSecretCredential.js": "./dist-esm/src/credentials/clientSecretCredential.browser.js",
-    "./dist-esm/src/credentials/clientAssertionCredential.js": "./dist-esm/src/credentials/clientAssertionCredential.browser.js",
-    "./dist-esm/src/credentials/deviceCodeCredential.js": "./dist-esm/src/credentials/deviceCodeCredential.browser.js",
-    "./dist-esm/src/credentials/defaultAzureCredential.js": "./dist-esm/src/credentials/defaultAzureCredential.browser.js",
-    "./dist-esm/src/credentials/authorizationCodeCredential.js": "./dist-esm/src/credentials/authorizationCodeCredential.browser.js",
-    "./dist-esm/src/credentials/interactiveBrowserCredential.js": "./dist-esm/src/credentials/interactiveBrowserCredential.browser.js",
-    "./dist-esm/src/credentials/visualStudioCodeCredential.js": "./dist-esm/src/credentials/visualStudioCodeCredential.browser.js",
-    "./dist-esm/src/credentials/usernamePasswordCredential.js": "./dist-esm/src/credentials/usernamePasswordCredential.browser.js",
-    "./dist-esm/src/credentials/azurePowerShellCredential.js": "./dist-esm/src/credentials/azurePowerShellCredential.browser.js",
-    "./dist-esm/src/credentials/azureApplicationCredential.js": "./dist-esm/src/credentials/azureApplicationCredential.browser.js",
-    "./dist-esm/src/credentials/azurePipelinesCredential.js": "./dist-esm/src/credentials/azurePipelinesCredential.browser.js",
-    "./dist-esm/src/credentials/onBehalfOfCredential.js": "./dist-esm/src/credentials/onBehalfOfCredential.browser.js",
-    "./dist-esm/src/credentials/workloadIdentityCredential.js": "./dist-esm/src/credentials/workloadIdentityCredential.browser.js",
-    "./dist-esm/src/msal/msal.js": "./dist-esm/src/msal/msal.browser.js",
-    "./dist-esm/src/util/authHostEnv.js": "./dist-esm/src/util/authHostEnv.browser.js",
-    "./dist-esm/src/util/processMultiTenantRequest.js": "./dist-esm/src/util/processMultiTenantRequest.browser.js",
-    "./dist-esm/src/tokenCache/TokenCachePersistence.js": "./dist-esm/src/tokenCache/TokenCachePersistence.browser.js",
-    "./dist-esm/src/plugins/consumer.js": "./dist-esm/src/plugins/consumer.browser.js",
-    "./dist-esm/test/httpRequests.js": "./dist-esm/test/httpRequests.browser.js"
-  },
+  "main": "./dist/commonjs/index.js",
+  "module": "./dist/esm/index.js",
+  "types": "./dist/commonjs/index.d.ts",
+  "browser": "./dist/browser/index.js",
   "//sampleConfiguration": {
     "productName": "Azure Identity",
     "productSlugs": [
@@ -46,34 +19,32 @@
     }
   },
   "scripts": {
-    "build": "npm run clean && npm run extract-api && tsc -p . && dev-tool run bundle",
+    "build": "npm run clean && dev-tool run build-package && dev-tool run extract-api",
     "build:samples": "echo Obsolete.",
     "build:test": "echo skipped. actual commands inlined in browser test scripts",
     "check-format": "dev-tool run vendored prettier --list-different --config ../../../.prettierrc.json --ignore-path ../../../.prettierignore \"src/**/*.ts\" \"test/**/*.ts\" \"samples-dev/**/*.ts\" \"*.{js,json}\"",
     "clean": "dev-tool run vendored rimraf --glob dist dist-* types *.tgz *.log",
     "execute:samples": "dev-tool samples run samples-dev",
-    "extract-api": "tsc -p . && dev-tool run extract-api",
+    "extract-api": "dev-tool run build-package && dev-tool run extract-api",
     "format": "dev-tool run vendored prettier --write --config ../../../.prettierrc.json --ignore-path ../../../.prettierignore \"src/**/*.ts\" \"test/**/*.ts\" \"samples-dev/**/*.ts\" \"*.{js,json}\"",
     "integration-test": "npm run integration-test:node && npm run integration-test:browser",
     "integration-test:browser": "echo skipped",
-    "integration-test:managed-identity": "dev-tool run test:node-ts-input -- --timeout 180000 'test/integration/**/*.spec.ts'",
-    "integration-test:node": "dev-tool run test:node-ts-input -- --timeout 180000 'test/public/node/*.spec.ts' 'test/internal/node/*.spec.ts'",
+    "integration-test:managed-identity": "dev-tool run test:vitest -- --test-timeout 180000 'test/integration/**/*.spec.ts'",
+    "integration-test:node": "dev-tool run test:vitest -- --test-timeout 180000 'test/public/node/*.spec.ts' 'test/internal/node/*.spec.ts'",
     "lint": "eslint package.json api-extractor.json src test",
     "lint:fix": "eslint package.json api-extractor.json src test --fix --fix-type [problem,suggestion]",
     "pack": "npm pack 2>&1",
     "test": "npm run clean && npm run build:test && npm run unit-test && npm run integration-test",
-    "test:browser": "npm run clean && tsc -p . && dev-tool run bundle && npm run unit-test:browser && npm run integration-test:browser",
+    "test:browser": "npm run unit-test:browser && npm run integration-test:browser",
     "test:node": "npm run clean && npm run unit-test:node && npm run integration-test:node",
     "unit-test": "npm run unit-test:node && npm run unit-test:browser",
-    "unit-test:browser": "dev-tool run test:browser",
-    "unit-test:node": "dev-tool run test:node-ts-input -- --timeout 300000 --exclude 'test/**/browser/**/*.spec.ts' --exclude 'test/snippets.spec.ts' --exclude 'test/integration/**/*.spec.ts' 'test/**/**/*.spec.ts'",
+    "unit-test:browser": "npm run clean && dev-tool run build-package && dev-tool run build-test && dev-tool run test:vitest --browser",
+    "unit-test:node": "dev-tool run test:vitest",
     "unit-test:node:no-timeouts": "dev-tool run test:node-ts-input -- --timeout Infinite --exclude 'test/snippets.spec.ts' --exclude 'test/**/browser/**/*.spec.ts' 'test/**/**/*.spec.ts'",
     "update-snippets": "dev-tool run update-snippets"
   },
   "files": [
     "dist/",
-    "dist-esm/src/",
-    "types/identity.d.ts",
     "README.md",
     "LICENSE"
   ],
@@ -119,45 +90,63 @@
     "@azure/msal-browser": "^3.26.1",
     "events": "^3.0.0",
     "jws": "^4.0.0",
-    "open": "^8.0.0",
+    "open": "^10.1.0",
     "stoppable": "^1.1.0",
     "tslib": "^2.2.0"
   },
   "devDependencies": {
-    "@azure-tools/test-recorder": "^3.0.0",
-    "@azure-tools/test-utils": "^1.0.1",
+    "@azure-tools/test-recorder": "^4.1.0",
+    "@azure-tools/test-utils-vitest": "^1.0.0",
     "@azure/dev-tool": "^1.0.0",
     "@azure/eslint-plugin-azure-sdk": "^3.0.0",
     "@azure/keyvault-keys": "^4.2.0",
-    "@types/chai": "^4.1.6",
     "@types/jsonwebtoken": "^9.0.0",
     "@types/jws": "^3.2.2",
-    "@types/mocha": "^10.0.0",
     "@types/ms": "^0.7.31",
     "@types/node": "^18.0.0",
-    "@types/sinon": "^17.0.0",
     "@types/stoppable": "^1.1.0",
-    "@types/uuid": "^8.0.0",
-    "chai": "^4.2.0",
+    "@vitest/browser": "^2.1.4",
+    "@vitest/coverage-istanbul": "^2.1.4",
     "dotenv": "^16.0.0",
     "eslint": "^9.9.0",
     "inherits": "^2.0.3",
     "jsonwebtoken": "^9.0.0",
-    "karma": "^6.2.0",
-    "karma-chrome-launcher": "^3.0.0",
-    "karma-coverage": "^2.0.0",
-    "karma-env-preprocessor": "^0.1.1",
-    "karma-junit-reporter": "^2.0.1",
-    "karma-mocha": "^2.0.1",
-    "karma-mocha-reporter": "^2.2.5",
-    "karma-sourcemap-loader": "^0.3.8",
-    "mocha": "^10.0.0",
     "ms": "^2.1.3",
-    "nyc": "^17.0.0",
-    "puppeteer": "^23.0.2",
-    "sinon": "^17.0.0",
-    "ts-node": "^10.0.0",
+    "playwright": "^1.48.2",
     "typescript": "~5.6.2",
-    "util": "^0.12.1"
+    "util": "^0.12.1",
+    "vitest": "^2.1.4"
+  },
+  "type": "module",
+  "tshy": {
+    "exports": {
+      "./package.json": "./package.json",
+      ".": "./src/index.ts"
+    },
+    "dialects": [
+      "esm",
+      "commonjs"
+    ],
+    "esmDialects": [
+      "browser"
+    ],
+    "selfLink": false
+  },
+  "exports": {
+    "./package.json": "./package.json",
+    ".": {
+      "browser": {
+        "types": "./dist/browser/index.d.ts",
+        "default": "./dist/browser/index.js"
+      },
+      "import": {
+        "types": "./dist/esm/index.d.ts",
+        "default": "./dist/esm/index.js"
+      },
+      "require": {
+        "types": "./dist/commonjs/index.d.ts",
+        "default": "./dist/commonjs/index.js"
+      }
+    }
   }
 }

sdk/identity/identity/src/client/identityClient.ts

@@ -8,17 +8,17 @@ import { isNode } from "@azure/core-util";
 import type { PipelineRequest, PipelineResponse } from "@azure/core-rest-pipeline";
 import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
 import type { AbortSignalLike } from "@azure/abort-controller";
-import { AuthenticationError, AuthenticationErrorName } from "../errors";
-import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint";
-import { DefaultAuthorityHost, SDK_VERSION } from "../constants";
-import { tracingClient } from "../util/tracing";
-import { logger } from "../util/logging";
-import type { TokenCredentialOptions } from "../tokenCredentialOptions";
-import type { TokenResponseParsedBody } from "../credentials/managedIdentityCredential/utils";
+import { AuthenticationError, AuthenticationErrorName } from "../errors.js";
+import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint.js";
+import { DefaultAuthorityHost, SDK_VERSION } from "../constants.js";
+import { tracingClient } from "../util/tracing.js";
+import { logger } from "../util/logging.js";
+import type { TokenCredentialOptions } from "../tokenCredentialOptions.js";
+import type { TokenResponseParsedBody } from "../credentials/managedIdentityCredential/utils.js";
 import {
   parseExpirationTimestamp,
   parseRefreshTimestamp,
-} from "../credentials/managedIdentityCredential/utils";
+} from "../credentials/managedIdentityCredential/utils.js";
 
 const noCorrelationId = "noCorrelationId";
 

sdk/identity/identity/src/credentials/authorizationCodeCredential-browser.mts

@@ -2,8 +2,8 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, TokenCredential } from "@azure/core-auth";
-import { credentialLogger, formatError } from "../util/logging";
-import type { AuthorizationCodeCredentialOptions } from "./authorizationCodeCredentialOptions";
+import { credentialLogger, formatError } from "../util/logging.js";
+import type { AuthorizationCodeCredentialOptions } from "./authorizationCodeCredentialOptions.js";
 
 const BrowserNotSupportedError = new Error(
   "AuthorizationCodeCredential is not supported in the browser. InteractiveBrowserCredential is more appropriate for this use case.",

sdk/identity/identity/src/credentials/authorizationCodeCredential.ts

@@ -5,14 +5,14 @@ import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-
 import {
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
-} from "../util/tenantIdUtils";
-import type { AuthorizationCodeCredentialOptions } from "./authorizationCodeCredentialOptions";
-import { checkTenantId } from "../util/tenantIdUtils";
-import { credentialLogger } from "../util/logging";
-import { ensureScopes } from "../util/scopeUtils";
-import { tracingClient } from "../util/tracing";
-import type { MsalClient } from "../msal/nodeFlows/msalClient";
-import { createMsalClient } from "../msal/nodeFlows/msalClient";
+} from "../util/tenantIdUtils.js";
+import type { AuthorizationCodeCredentialOptions } from "./authorizationCodeCredentialOptions.js";
+import { checkTenantId } from "../util/tenantIdUtils.js";
+import { credentialLogger } from "../util/logging.js";
+import { ensureScopes } from "../util/scopeUtils.js";
+import { tracingClient } from "../util/tracing.js";
+import type { MsalClient } from "../msal/nodeFlows/msalClient.js";
+import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
 
 const logger = credentialLogger("AuthorizationCodeCredential");
 

sdk/identity/identity/src/credentials/authorizationCodeCredentialOptions.ts

@@ -1,8 +1,8 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { AuthorityValidationOptions } from "./authorityValidationOptions";
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
+import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 
 /**
  * Options for the {@link AuthorizationCodeCredential}

sdk/identity/identity/src/credentials/azureApplicationCredential-browser.mts

@@ -1,10 +1,10 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import { credentialLogger, formatError } from "../util/logging";
+import { credentialLogger, formatError } from "../util/logging.js";
 import type { AccessToken } from "@azure/core-auth";
-import { ChainedTokenCredential } from "./chainedTokenCredential";
-import type { TokenCredentialOptions } from "../tokenCredentialOptions";
+import { ChainedTokenCredential } from "./chainedTokenCredential.js";
+import type { TokenCredentialOptions } from "../tokenCredentialOptions.js";
 
 const BrowserNotSupportedError = new Error(
   "ApplicationCredential is not supported in the browser. Use InteractiveBrowserCredential instead.",

sdk/identity/identity/src/credentials/azureApplicationCredential.ts

@@ -4,10 +4,10 @@
 import {
   createDefaultManagedIdentityCredential,
   createEnvironmentCredential,
-} from "./defaultAzureCredential";
+} from "./defaultAzureCredential.js";
 
-import type { AzureApplicationCredentialOptions } from "./azureApplicationCredentialOptions";
-import { ChainedTokenCredential } from "./chainedTokenCredential";
+import type { AzureApplicationCredentialOptions } from "./azureApplicationCredentialOptions.js";
+import { ChainedTokenCredential } from "./chainedTokenCredential.js";
 
 /**
  * Provides a default {@link ChainedTokenCredential} configuration that should

sdk/identity/identity/src/credentials/azureApplicationCredentialOptions.ts

@@ -1,8 +1,8 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions";
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
+import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 
 /**
  * Provides options to configure the {@link AzureApplicationCredential} class.

sdk/identity/identity/src/credentials/azureCliCredential-browser.mts

@@ -2,7 +2,7 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, TokenCredential } from "@azure/core-auth";
-import { credentialLogger, formatError } from "../util/logging";
+import { credentialLogger, formatError } from "../util/logging.js";
 
 const BrowserNotSupportedError = new Error("AzureCliCredential is not supported in the browser.");
 const logger = credentialLogger("AzureCliCredential");

sdk/identity/identity/src/credentials/azureCliCredential.ts

@@ -6,15 +6,15 @@ import {
   checkTenantId,
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
-} from "../util/tenantIdUtils";
-import { credentialLogger, formatError, formatSuccess } from "../util/logging";
-import { ensureValidScopeForDevTimeCreds, getScopeResource } from "../util/scopeUtils";
+} from "../util/tenantIdUtils.js";
+import { credentialLogger, formatError, formatSuccess } from "../util/logging.js";
+import { ensureValidScopeForDevTimeCreds, getScopeResource } from "../util/scopeUtils.js";
 
-import type { AzureCliCredentialOptions } from "./azureCliCredentialOptions";
-import { CredentialUnavailableError } from "../errors";
+import type { AzureCliCredentialOptions } from "./azureCliCredentialOptions.js";
+import { CredentialUnavailableError } from "../errors.js";
 import child_process from "child_process";
-import { tracingClient } from "../util/tracing";
-import { checkSubscription } from "../util/subscriptionUtils";
+import { tracingClient } from "../util/tracing.js";
+import { checkSubscription } from "../util/subscriptionUtils.js";
 
 /**
  * Mockable reference to the CLI credential cliCredentialFunctions

sdk/identity/identity/src/credentials/azureCliCredentialOptions.ts

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 
 /**
  * Options for the {@link AzureCliCredential}

sdk/identity/identity/src/credentials/azureDeveloperCliCredential-browser.mts

@@ -2,7 +2,7 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, TokenCredential } from "@azure/core-auth";
-import { credentialLogger, formatError } from "../util/logging";
+import { credentialLogger, formatError } from "../util/logging.js";
 
 const BrowserNotSupportedError = new Error(
   "AzureDeveloperCliCredential is not supported in the browser.",

sdk/identity/identity/src/credentials/azureDeveloperCliCredential.ts

@@ -2,17 +2,17 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import { credentialLogger, formatError, formatSuccess } from "../util/logging";
-import type { AzureDeveloperCliCredentialOptions } from "./azureDeveloperCliCredentialOptions";
-import { CredentialUnavailableError } from "../errors";
+import { credentialLogger, formatError, formatSuccess } from "../util/logging.js";
+import type { AzureDeveloperCliCredentialOptions } from "./azureDeveloperCliCredentialOptions.js";
+import { CredentialUnavailableError } from "../errors.js";
 import child_process from "child_process";
 import {
   checkTenantId,
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
-} from "../util/tenantIdUtils";
-import { tracingClient } from "../util/tracing";
-import { ensureValidScopeForDevTimeCreds } from "../util/scopeUtils";
+} from "../util/tenantIdUtils.js";
+import { tracingClient } from "../util/tracing.js";
+import { ensureValidScopeForDevTimeCreds } from "../util/scopeUtils.js";
 
 /**
  * Mockable reference to the Developer CLI credential cliCredentialFunctions

sdk/identity/identity/src/credentials/azureDeveloperCliCredentialOptions.ts

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 
 /**
  * Options for the {@link AzureDeveloperCliCredential}

sdk/identity/identity/src/credentials/azurePipelinesCredential-browser.mts

@@ -2,7 +2,7 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, TokenCredential } from "@azure/core-auth";
-import { credentialLogger, formatError } from "../util/logging";
+import { credentialLogger, formatError } from "../util/logging.js";
 
 const BrowserNotSupportedError = new Error(
   "AzurePipelinesCredential is not supported in the browser.",

sdk/identity/identity/src/credentials/azurePipelinesCredential.ts

@@ -2,15 +2,15 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import { AuthenticationError, CredentialUnavailableError } from "../errors";
+import { AuthenticationError, CredentialUnavailableError } from "../errors.js";
 import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
 
-import type { AzurePipelinesCredentialOptions } from "./azurePipelinesCredentialOptions";
-import { ClientAssertionCredential } from "./clientAssertionCredential";
-import { IdentityClient } from "../client/identityClient";
+import type { AzurePipelinesCredentialOptions } from "./azurePipelinesCredentialOptions.js";
+import { ClientAssertionCredential } from "./clientAssertionCredential.js";
+import { IdentityClient } from "../client/identityClient.js";
 import type { PipelineResponse } from "@azure/core-rest-pipeline";
-import { checkTenantId } from "../util/tenantIdUtils";
-import { credentialLogger } from "../util/logging";
+import { checkTenantId } from "../util/tenantIdUtils.js";
+import { credentialLogger } from "../util/logging.js";
 
 const credentialName = "AzurePipelinesCredential";
 const logger = credentialLogger(credentialName);

sdk/identity/identity/src/credentials/azurePipelinesCredentialOptions.ts

@@ -1,9 +1,9 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { AuthorityValidationOptions } from "./authorityValidationOptions";
-import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions";
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
+import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
+import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 
 /**
  * Optional parameters for the {@link AzurePipelinesCredential} class.

sdk/identity/identity/src/credentials/azurePowerShellCredential-browser.mts

@@ -2,7 +2,7 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, TokenCredential } from "@azure/core-auth";
-import { credentialLogger, formatError } from "../util/logging";
+import { credentialLogger, formatError } from "../util/logging.js";
 
 const BrowserNotSupportedError = new Error(
   "AzurePowerShellCredential is not supported in the browser.",

sdk/identity/identity/src/credentials/azurePowerShellCredential.ts

@@ -6,14 +6,14 @@ import {
   checkTenantId,
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
-} from "../util/tenantIdUtils";
-import { credentialLogger, formatError, formatSuccess } from "../util/logging";
-import { ensureValidScopeForDevTimeCreds, getScopeResource } from "../util/scopeUtils";
+} from "../util/tenantIdUtils.js";
+import { credentialLogger, formatError, formatSuccess } from "../util/logging.js";
+import { ensureValidScopeForDevTimeCreds, getScopeResource } from "../util/scopeUtils.js";
 
-import type { AzurePowerShellCredentialOptions } from "./azurePowerShellCredentialOptions";
-import { CredentialUnavailableError } from "../errors";
-import { processUtils } from "../util/processUtils";
-import { tracingClient } from "../util/tracing";
+import type { AzurePowerShellCredentialOptions } from "./azurePowerShellCredentialOptions.js";
+import { CredentialUnavailableError } from "../errors.js";
+import { processUtils } from "../util/processUtils.js";
+import { tracingClient } from "../util/tracing.js";
 
 const logger = credentialLogger("AzurePowerShellCredential");
 

sdk/identity/identity/src/credentials/azurePowerShellCredentialOptions.ts

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 
 /**
  * Options for the {@link AzurePowerShellCredential}

sdk/identity/identity/src/credentials/brokerAuthOptions.ts

@@ -1,6 +1,6 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
-import type { BrokerOptions } from "../msal/nodeFlows/brokerOptions";
+import type { BrokerOptions } from "../msal/nodeFlows/brokerOptions.js";
 
 /**
  * Configuration options for InteractiveBrowserCredential

sdk/identity/identity/src/credentials/chainedTokenCredential.ts

@@ -2,9 +2,9 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import { AggregateAuthenticationError, CredentialUnavailableError } from "../errors";
-import { credentialLogger, formatError, formatSuccess } from "../util/logging";
-import { tracingClient } from "../util/tracing";
+import { AggregateAuthenticationError, CredentialUnavailableError } from "../errors.js";
+import { credentialLogger, formatError, formatSuccess } from "../util/logging.js";
+import { tracingClient } from "../util/tracing.js";
 
 /**
  * @internal

sdk/identity/identity/src/credentials/clientAssertionCredential-browser.mts

@@ -2,7 +2,7 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, TokenCredential } from "@azure/core-auth";
-import { credentialLogger, formatError } from "../util/logging";
+import { credentialLogger, formatError } from "../util/logging.js";
 
 const BrowserNotSupportedError = new Error(
   "ClientAssertionCredential is not supported in the browser.",

sdk/identity/identity/src/credentials/clientAssertionCredential.ts

@@ -2,17 +2,17 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import type { MsalClient } from "../msal/nodeFlows/msalClient";
-import { createMsalClient } from "../msal/nodeFlows/msalClient";
+import type { MsalClient } from "../msal/nodeFlows/msalClient.js";
+import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
 import {
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
-} from "../util/tenantIdUtils";
+} from "../util/tenantIdUtils.js";
 
-import type { ClientAssertionCredentialOptions } from "./clientAssertionCredentialOptions";
-import { CredentialUnavailableError } from "../errors";
-import { credentialLogger } from "../util/logging";
-import { tracingClient } from "../util/tracing";
+import type { ClientAssertionCredentialOptions } from "./clientAssertionCredentialOptions.js";
+import { CredentialUnavailableError } from "../errors.js";
+import { credentialLogger } from "../util/logging.js";
+import { tracingClient } from "../util/tracing.js";
 
 const logger = credentialLogger("ClientAssertionCredential");
 

sdk/identity/identity/src/credentials/clientAssertionCredentialOptions.ts

@@ -1,9 +1,9 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { AuthorityValidationOptions } from "./authorityValidationOptions";
-import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions";
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
+import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
+import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 
 /**
  * Options for the {@link ClientAssertionCredential}

sdk/identity/identity/src/credentials/clientCertificateCredential-browser.mts

@@ -2,7 +2,7 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, TokenCredential } from "@azure/core-auth";
-import { credentialLogger, formatError } from "../util/logging";
+import { credentialLogger, formatError } from "../util/logging.js";
 
 const BrowserNotSupportedError = new Error(
   "ClientCertificateCredential is not supported in the browser.",

sdk/identity/identity/src/credentials/clientCertificateCredential.ts

@@ -2,19 +2,19 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import type { MsalClient } from "../msal/nodeFlows/msalClient";
-import { createMsalClient } from "../msal/nodeFlows/msalClient";
-import { createHash, createPrivateKey } from "crypto";
+import type { MsalClient } from "../msal/nodeFlows/msalClient.js";
+import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
+import { createHash, createPrivateKey } from "node:crypto";
 import {
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
-} from "../util/tenantIdUtils";
+} from "../util/tenantIdUtils.js";
 
-import type { CertificateParts } from "../msal/types";
-import type { ClientCertificateCredentialOptions } from "./clientCertificateCredentialOptions";
-import { credentialLogger } from "../util/logging";
-import { readFile } from "fs/promises";
-import { tracingClient } from "../util/tracing";
+import type { CertificateParts } from "../msal/types.js";
+import type { ClientCertificateCredentialOptions } from "./clientCertificateCredentialOptions.js";
+import { credentialLogger } from "../util/logging.js";
+import { readFile } from "node:fs/promises";
+import { tracingClient } from "../util/tracing.js";
 
 const credentialName = "ClientCertificateCredential";
 const logger = credentialLogger(credentialName);

sdk/identity/identity/src/credentials/clientCertificateCredentialOptions.ts

@@ -1,9 +1,9 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { AuthorityValidationOptions } from "./authorityValidationOptions";
-import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions";
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
+import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
+import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 
 /**
  * Optional parameters for the {@link ClientCertificateCredential} class.

sdk/identity/identity/src/credentials/clientSecretCredential-browser.mts

@@ -3,15 +3,15 @@
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
 import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
-import { credentialLogger, formatError, formatSuccess } from "../util/logging";
+import { credentialLogger, formatError, formatSuccess } from "../util/logging.js";
 import {
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
-} from "../util/tenantIdUtils";
-import type { ClientSecretCredentialOptions } from "./clientSecretCredentialOptions";
-import { IdentityClient } from "../client/identityClient";
-import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint";
-import { tracingClient } from "../util/tracing";
+} from "../util/tenantIdUtils.js";
+import type { ClientSecretCredentialOptions } from "./clientSecretCredentialOptions.js";
+import { IdentityClient } from "../client/identityClient.js";
+import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint.js";
+import { tracingClient } from "../util/tracing.js";
 
 const logger = credentialLogger("ClientSecretCredential");
 

sdk/identity/identity/src/credentials/clientSecretCredential.ts

@@ -2,18 +2,18 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import type { MsalClient } from "../msal/nodeFlows/msalClient";
-import { createMsalClient } from "../msal/nodeFlows/msalClient";
+import type { MsalClient } from "../msal/nodeFlows/msalClient.js";
+import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
 import {
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
-} from "../util/tenantIdUtils";
+} from "../util/tenantIdUtils.js";
 
-import type { ClientSecretCredentialOptions } from "./clientSecretCredentialOptions";
-import { CredentialUnavailableError } from "../errors";
-import { credentialLogger } from "../util/logging";
-import { ensureScopes } from "../util/scopeUtils";
-import { tracingClient } from "../util/tracing";
+import type { ClientSecretCredentialOptions } from "./clientSecretCredentialOptions.js";
+import { CredentialUnavailableError } from "../errors.js";
+import { credentialLogger } from "../util/logging.js";
+import { ensureScopes } from "../util/scopeUtils.js";
+import { tracingClient } from "../util/tracing.js";
 
 const logger = credentialLogger("ClientSecretCredential");
 

sdk/identity/identity/src/credentials/clientSecretCredentialOptions.ts

@@ -1,9 +1,9 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { AuthorityValidationOptions } from "./authorityValidationOptions";
-import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions";
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
+import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
+import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 
 /**
  * Optional parameters for the {@link ClientSecretCredential} class.

sdk/identity/identity/src/credentials/credentialPersistenceOptions.ts

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { TokenCachePersistenceOptions } from "../msal/nodeFlows/tokenCachePersistenceOptions";
+import type { TokenCachePersistenceOptions } from "../msal/nodeFlows/tokenCachePersistenceOptions.js";
 
 /**
  * Shared configuration options for credentials that support persistent token

sdk/identity/identity/src/credentials/defaultAzureCredential-browser.mts

@@ -1,10 +1,10 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import { credentialLogger, formatError } from "../util/logging";
+import { credentialLogger, formatError } from "../util/logging.js";
 import type { AccessToken } from "@azure/core-auth";
-import { ChainedTokenCredential } from "./chainedTokenCredential";
-import type { TokenCredentialOptions } from "../tokenCredentialOptions";
+import { ChainedTokenCredential } from "./chainedTokenCredential.js";
+import type { TokenCredentialOptions } from "../tokenCredentialOptions.js";
 
 const BrowserNotSupportedError = new Error(
   "DefaultAzureCredential is not supported in the browser. Use InteractiveBrowserCredential instead.",

sdk/identity/identity/src/credentials/defaultAzureCredential.ts

@@ -5,22 +5,22 @@ import type {
   DefaultAzureCredentialClientIdOptions,
   DefaultAzureCredentialOptions,
   DefaultAzureCredentialResourceIdOptions,
-} from "./defaultAzureCredentialOptions";
+} from "./defaultAzureCredentialOptions.js";
 import type {
   ManagedIdentityCredentialClientIdOptions,
   ManagedIdentityCredentialResourceIdOptions,
-} from "./managedIdentityCredential";
-import { ManagedIdentityCredential } from "./managedIdentityCredential";
+} from "./managedIdentityCredential/index.js";
+import { ManagedIdentityCredential } from "./managedIdentityCredential/index.js";
 
-import { AzureCliCredential } from "./azureCliCredential";
-import { AzureDeveloperCliCredential } from "./azureDeveloperCliCredential";
-import { AzurePowerShellCredential } from "./azurePowerShellCredential";
-import { ChainedTokenCredential } from "./chainedTokenCredential";
-import { EnvironmentCredential } from "./environmentCredential";
+import { AzureCliCredential } from "./azureCliCredential.js";
+import { AzureDeveloperCliCredential } from "./azureDeveloperCliCredential.js";
+import { AzurePowerShellCredential } from "./azurePowerShellCredential.js";
+import { ChainedTokenCredential } from "./chainedTokenCredential.js";
+import { EnvironmentCredential } from "./environmentCredential.js";
 import type { TokenCredential } from "@azure/core-auth";
-import { WorkloadIdentityCredential } from "./workloadIdentityCredential";
-import type { WorkloadIdentityCredentialOptions } from "./workloadIdentityCredentialOptions";
-import { credentialLogger } from "../util/logging";
+import { WorkloadIdentityCredential } from "./workloadIdentityCredential.js";
+import type { WorkloadIdentityCredentialOptions } from "./workloadIdentityCredentialOptions.js";
+import { credentialLogger } from "../util/logging.js";
 
 const logger = credentialLogger("DefaultAzureCredential");
 

sdk/identity/identity/src/credentials/defaultAzureCredentialOptions.ts

@@ -1,8 +1,8 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { AuthorityValidationOptions } from "./authorityValidationOptions";
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
+import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 
 /**
  * Provides options to configure the {@link DefaultAzureCredential} class.

sdk/identity/identity/src/credentials/deviceCodeCredential-browser.mts

@@ -3,7 +3,7 @@
 
 import type { AccessToken, TokenCredential } from "@azure/core-auth";
 
-import { credentialLogger, formatError } from "../util/logging";
+import { credentialLogger, formatError } from "../util/logging.js";
 
 const BrowserNotSupportedError = new Error("DeviceCodeCredential is not supported in the browser.");
 const logger = credentialLogger("DeviceCodeCredential");

sdk/identity/identity/src/credentials/deviceCodeCredential.ts

@@ -6,19 +6,19 @@ import {
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
   resolveTenantId,
-} from "../util/tenantIdUtils";
+} from "../util/tenantIdUtils.js";
 import type {
   DeviceCodeCredentialOptions,
   DeviceCodeInfo,
   DeviceCodePromptCallback,
-} from "./deviceCodeCredentialOptions";
-import type { AuthenticationRecord } from "../msal/types";
-import { credentialLogger } from "../util/logging";
-import { ensureScopes } from "../util/scopeUtils";
-import { tracingClient } from "../util/tracing";
-import type { MsalClient } from "../msal/nodeFlows/msalClient";
-import { createMsalClient } from "../msal/nodeFlows/msalClient";
-import { DeveloperSignOnClientId } from "../constants";
+} from "./deviceCodeCredentialOptions.js";
+import type { AuthenticationRecord } from "../msal/types.js";
+import { credentialLogger } from "../util/logging.js";
+import { ensureScopes } from "../util/scopeUtils.js";
+import { tracingClient } from "../util/tracing.js";
+import type { MsalClient } from "../msal/nodeFlows/msalClient.js";
+import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
+import { DeveloperSignOnClientId } from "../constants.js";
 
 const logger = credentialLogger("DeviceCodeCredential");
 

sdk/identity/identity/src/credentials/deviceCodeCredentialOptions.ts

@@ -1,8 +1,8 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions";
-import type { InteractiveCredentialOptions } from "./interactiveCredentialOptions";
+import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
+import type { InteractiveCredentialOptions } from "./interactiveCredentialOptions.js";
 
 /**
  * Provides the user code and verification URI where the code must be

sdk/identity/identity/src/credentials/environmentCredential-browser.mts

@@ -2,7 +2,7 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, TokenCredential } from "@azure/core-auth";
-import { credentialLogger, formatError } from "../util/logging";
+import { credentialLogger, formatError } from "../util/logging.js";
 
 const BrowserNotSupportedError = new Error(
   "EnvironmentCredential is not supported in the browser.",

sdk/identity/identity/src/credentials/environmentCredential.ts

@@ -2,15 +2,15 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import { AuthenticationError, CredentialUnavailableError } from "../errors";
-import { credentialLogger, formatError, formatSuccess, processEnvVars } from "../util/logging";
+import { AuthenticationError, CredentialUnavailableError } from "../errors.js";
+import { credentialLogger, formatError, formatSuccess, processEnvVars } from "../util/logging.js";
 
-import { ClientCertificateCredential } from "./clientCertificateCredential";
-import { ClientSecretCredential } from "./clientSecretCredential";
-import type { EnvironmentCredentialOptions } from "./environmentCredentialOptions";
-import { UsernamePasswordCredential } from "./usernamePasswordCredential";
-import { checkTenantId } from "../util/tenantIdUtils";
-import { tracingClient } from "../util/tracing";
+import { ClientCertificateCredential } from "./clientCertificateCredential.js";
+import { ClientSecretCredential } from "./clientSecretCredential.js";
+import type { EnvironmentCredentialOptions } from "./environmentCredentialOptions.js";
+import { UsernamePasswordCredential } from "./usernamePasswordCredential.js";
+import { checkTenantId } from "../util/tenantIdUtils.js";
+import { tracingClient } from "../util/tracing.js";
 
 /**
  * Contains the list of all supported environment variable names so that an

sdk/identity/identity/src/credentials/environmentCredentialOptions.ts

@@ -1,8 +1,8 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { AuthorityValidationOptions } from "./authorityValidationOptions";
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
+import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 
 /**
  * Enables authentication to Microsoft Entra ID depending on the available environment variables.

sdk/identity/identity/src/credentials/interactiveBrowserCredential-browser.mts

@@ -5,19 +5,19 @@ import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-
 import type {
   InteractiveBrowserCredentialInBrowserOptions,
   InteractiveBrowserCredentialNodeOptions,
-} from "./interactiveBrowserCredentialOptions";
-import { credentialLogger, formatError } from "../util/logging";
+} from "./interactiveBrowserCredentialOptions.js";
+import { credentialLogger, formatError } from "../util/logging.js";
 import {
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
-} from "../util/tenantIdUtils";
+} from "../util/tenantIdUtils.js";
 
-import type { AuthenticationRecord } from "../msal/types";
-import { MSALAuthCode } from "../msal/browserFlows/msalAuthCode";
-import type { MsalBrowserFlowOptions } from "../msal/browserFlows/msalBrowserCommon";
-import type { MsalFlow } from "../msal/browserFlows/flows";
-import { ensureScopes } from "../util/scopeUtils";
-import { tracingClient } from "../util/tracing";
+import type { AuthenticationRecord } from "../msal/types.js";
+import { MSALAuthCode } from "../msal/browserFlows/msalAuthCode.js";
+import type { MsalBrowserFlowOptions } from "../msal/browserFlows/msalBrowserCommon.js";
+import type { MsalFlow } from "../msal/browserFlows/flows.js";
+import { ensureScopes } from "../util/scopeUtils.js";
+import { tracingClient } from "../util/tracing.js";
 
 const logger = credentialLogger("InteractiveBrowserCredential");
 

sdk/identity/identity/src/credentials/interactiveBrowserCredential.ts

@@ -5,20 +5,20 @@ import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-
 import type {
   InteractiveBrowserCredentialInBrowserOptions,
   InteractiveBrowserCredentialNodeOptions,
-} from "./interactiveBrowserCredentialOptions";
+} from "./interactiveBrowserCredentialOptions.js";
 import {
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
   resolveTenantId,
-} from "../util/tenantIdUtils";
+} from "../util/tenantIdUtils.js";
 
-import type { AuthenticationRecord } from "../msal/types";
-import { credentialLogger } from "../util/logging";
-import { ensureScopes } from "../util/scopeUtils";
-import { tracingClient } from "../util/tracing";
-import type { MsalClient, MsalClientOptions } from "../msal/nodeFlows/msalClient";
-import { createMsalClient } from "../msal/nodeFlows/msalClient";
-import { DeveloperSignOnClientId } from "../constants";
+import type { AuthenticationRecord } from "../msal/types.js";
+import { credentialLogger } from "../util/logging.js";
+import { ensureScopes } from "../util/scopeUtils.js";
+import { tracingClient } from "../util/tracing.js";
+import type { MsalClient, MsalClientOptions } from "../msal/nodeFlows/msalClient.js";
+import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
+import { DeveloperSignOnClientId } from "../constants.js";
 
 const logger = credentialLogger("InteractiveBrowserCredential");
 

sdk/identity/identity/src/credentials/interactiveBrowserCredentialOptions.ts

@@ -1,10 +1,10 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { BrowserCustomizationOptions } from "./browserCustomizationOptions";
-import type { BrokerAuthOptions } from "./brokerAuthOptions";
-import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions";
-import type { InteractiveCredentialOptions } from "./interactiveCredentialOptions";
+import type { BrowserCustomizationOptions } from "./browserCustomizationOptions.js";
+import type { BrokerAuthOptions } from "./brokerAuthOptions.js";
+import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
+import type { InteractiveCredentialOptions } from "./interactiveCredentialOptions.js";
 
 /**
  * (Browser-only feature)

sdk/identity/identity/src/credentials/interactiveCredentialOptions.ts

@@ -1,9 +1,9 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { AuthenticationRecord } from "../msal/types";
-import type { AuthorityValidationOptions } from "./authorityValidationOptions";
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
+import type { AuthenticationRecord } from "../msal/types.js";
+import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 
 /**
  * Common constructor options for the Identity credentials that requires user interaction.

sdk/identity/identity/src/credentials/managedIdentityCredential/imdsMsi.ts

@@ -6,10 +6,10 @@ import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipel
 import { isError } from "@azure/core-util";
 
 import type { GetTokenOptions } from "@azure/core-auth";
-import { credentialLogger } from "../../util/logging";
-import { mapScopesToResource } from "./utils";
-import { tracingClient } from "../../util/tracing";
-import { IdentityClient } from "../../client/identityClient";
+import { credentialLogger } from "../../util/logging.js";
+import { mapScopesToResource } from "./utils.js";
+import { tracingClient } from "../../util/tracing.js";
+import { IdentityClient } from "../../client/identityClient.js";
 
 const msiName = "ManagedIdentityCredential - IMDS";
 const logger = credentialLogger(msiName);

sdk/identity/identity/src/credentials/managedIdentityCredential/imdsRetryPolicy.ts

@@ -4,7 +4,7 @@
 import type { PipelinePolicy } from "@azure/core-rest-pipeline";
 import { retryPolicy } from "@azure/core-rest-pipeline";
 
-import type { MSIConfiguration } from "./models";
+import type { MSIConfiguration } from "./models.js";
 import { calculateRetryDelay } from "@azure/core-util";
 
 // Matches the default retry configuration in expontentialRetryStrategy.ts

sdk/identity/identity/src/credentials/managedIdentityCredential/index-browser.mts

@@ -3,7 +3,7 @@
 
 import type { AccessToken, TokenCredential } from "@azure/core-auth";
 
-import { credentialLogger, formatError } from "../../util/logging";
+import { credentialLogger, formatError } from "../../util/logging.js";
 
 const BrowserNotSupportedError = new Error(
   "ManagedIdentityCredential is not supported in the browser.",

sdk/identity/identity/src/credentials/managedIdentityCredential/index.ts

@@ -3,20 +3,20 @@
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
 
-import type { TokenCredentialOptions } from "../../tokenCredentialOptions";
+import type { TokenCredentialOptions } from "../../tokenCredentialOptions.js";
 import { getLogLevel } from "@azure/logger";
 import { ManagedIdentityApplication } from "@azure/msal-node";
-import { IdentityClient } from "../../client/identityClient";
-import { AuthenticationRequiredError, CredentialUnavailableError } from "../../errors";
-import { getMSALLogLevel, defaultLoggerCallback } from "../../msal/utils";
-import { imdsRetryPolicy } from "./imdsRetryPolicy";
-import { MSIConfiguration } from "./models";
-import { formatSuccess, formatError, credentialLogger } from "../../util/logging";
-import { tracingClient } from "../../util/tracing";
-import { imdsMsi } from "./imdsMsi";
-import { tokenExchangeMsi } from "./tokenExchangeMsi";
-import { mapScopesToResource } from "./utils";
-import { MsalToken, ValidMsalToken } from "../../msal/types";
+import { IdentityClient } from "../../client/identityClient.js";
+import { AuthenticationRequiredError, CredentialUnavailableError } from "../../errors.js";
+import { getMSALLogLevel, defaultLoggerCallback } from "../../msal/utils.js";
+import { imdsRetryPolicy } from "./imdsRetryPolicy.js";
+import { MSIConfiguration } from "./models.js";
+import { formatSuccess, formatError, credentialLogger } from "../../util/logging.js";
+import { tracingClient } from "../../util/tracing.js";
+import { imdsMsi } from "./imdsMsi.js";
+import { tokenExchangeMsi } from "./tokenExchangeMsi.js";
+import { mapScopesToResource } from "./utils.js";
+import { MsalToken, ValidMsalToken } from "../../msal/types.js";
 
 const logger = credentialLogger("ManagedIdentityCredential");
 

sdk/identity/identity/src/credentials/managedIdentityCredential/models.ts

@@ -3,7 +3,7 @@
 
 import type { AccessToken } from "@azure/core-auth";
 
-import type { IdentityClient } from "../../client/identityClient";
+import type { IdentityClient } from "../../client/identityClient.js";
 
 /**
  * @internal

sdk/identity/identity/src/credentials/managedIdentityCredential/tokenExchangeMsi.ts

@@ -2,10 +2,10 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, GetTokenOptions } from "@azure/core-auth";
-import type { MSIConfiguration } from "./models";
-import { WorkloadIdentityCredential } from "../workloadIdentityCredential";
-import { credentialLogger } from "../../util/logging";
-import type { WorkloadIdentityCredentialOptions } from "../workloadIdentityCredentialOptions";
+import type { MSIConfiguration } from "./models.js";
+import { WorkloadIdentityCredential } from "../workloadIdentityCredential.js";
+import { credentialLogger } from "../../util/logging.js";
+import type { WorkloadIdentityCredentialOptions } from "../workloadIdentityCredentialOptions.js";
 
 const msiName = "ManagedIdentityCredential - Token Exchange";
 const logger = credentialLogger(msiName);

sdk/identity/identity/src/credentials/multiTenantTokenCredentialOptions.ts

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { TokenCredentialOptions } from "../tokenCredentialOptions";
+import type { TokenCredentialOptions } from "../tokenCredentialOptions.js";
 
 /**
  * Options for multi-tenant applications which allows for additionally allowed tenants.

sdk/identity/identity/src/credentials/onBehalfOfCredential-browser.mts

@@ -2,7 +2,7 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, TokenCredential } from "@azure/core-auth";
-import { credentialLogger, formatError } from "../util/logging";
+import { credentialLogger, formatError } from "../util/logging.js";
 
 const credentialName = "OnBehalfOfCredential";
 const BrowserNotSupportedError = new Error(`${credentialName}: Not supported in the browser.`);

sdk/identity/identity/src/credentials/onBehalfOfCredential.ts

@@ -2,29 +2,29 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import type { MsalClient } from "../msal/nodeFlows/msalClient";
-import { createMsalClient } from "../msal/nodeFlows/msalClient";
+import type { MsalClient } from "../msal/nodeFlows/msalClient.js";
+import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
 import type {
   OnBehalfOfCredentialAssertionOptions,
   OnBehalfOfCredentialCertificateOptions,
   OnBehalfOfCredentialOptions,
   OnBehalfOfCredentialSecretOptions,
-} from "./onBehalfOfCredentialOptions";
-import { credentialLogger, formatError } from "../util/logging";
+} from "./onBehalfOfCredentialOptions.js";
+import { credentialLogger, formatError } from "../util/logging.js";
 import {
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
-} from "../util/tenantIdUtils";
+} from "../util/tenantIdUtils.js";
 
-import type { CertificateParts } from "../msal/types";
-import type { ClientCertificatePEMCertificatePath } from "./clientCertificateCredential";
-import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions";
-import { CredentialUnavailableError } from "../errors";
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
+import type { CertificateParts } from "../msal/types.js";
+import type { ClientCertificatePEMCertificatePath } from "./clientCertificateCredential.js";
+import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
+import { CredentialUnavailableError } from "../errors.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 import { createHash } from "node:crypto";
-import { ensureScopes } from "../util/scopeUtils";
+import { ensureScopes } from "../util/scopeUtils.js";
 import { readFile } from "node:fs/promises";
-import { tracingClient } from "../util/tracing";
+import { tracingClient } from "../util/tracing.js";
 
 const credentialName = "OnBehalfOfCredential";
 const logger = credentialLogger(credentialName);

sdk/identity/identity/src/credentials/onBehalfOfCredentialOptions.ts

@@ -1,9 +1,9 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { AuthorityValidationOptions } from "./authorityValidationOptions";
-import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions";
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
+import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
+import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 
 /**
  * Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a secret.

sdk/identity/identity/src/credentials/usernamePasswordCredential-browser.mts

@@ -6,13 +6,13 @@ import {
   checkTenantId,
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
-} from "../util/tenantIdUtils";
+} from "../util/tenantIdUtils.js";
 import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
-import { credentialLogger, formatSuccess } from "../util/logging";
-import { IdentityClient } from "../client/identityClient";
-import type { UsernamePasswordCredentialOptions } from "./usernamePasswordCredentialOptions";
-import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint";
-import { tracingClient } from "../util/tracing";
+import { credentialLogger, formatSuccess } from "../util/logging.js";
+import { IdentityClient } from "../client/identityClient.js";
+import type { UsernamePasswordCredentialOptions } from "./usernamePasswordCredentialOptions.js";
+import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint.js";
+import { tracingClient } from "../util/tracing.js";
 
 const logger = credentialLogger("UsernamePasswordCredential");
 

sdk/identity/identity/src/credentials/usernamePasswordCredential.ts

@@ -2,18 +2,18 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import type { MsalClient } from "../msal/nodeFlows/msalClient";
-import { createMsalClient } from "../msal/nodeFlows/msalClient";
+import type { MsalClient } from "../msal/nodeFlows/msalClient.js";
+import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
 import {
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
-} from "../util/tenantIdUtils";
+} from "../util/tenantIdUtils.js";
 
-import { CredentialUnavailableError } from "../errors";
-import type { UsernamePasswordCredentialOptions } from "./usernamePasswordCredentialOptions";
-import { credentialLogger } from "../util/logging";
-import { ensureScopes } from "../util/scopeUtils";
-import { tracingClient } from "../util/tracing";
+import { CredentialUnavailableError } from "../errors.js";
+import type { UsernamePasswordCredentialOptions } from "./usernamePasswordCredentialOptions.js";
+import { credentialLogger } from "../util/logging.js";
+import { ensureScopes } from "../util/scopeUtils.js";
+import { tracingClient } from "../util/tracing.js";
 
 const logger = credentialLogger("UsernamePasswordCredential");
 

sdk/identity/identity/src/credentials/usernamePasswordCredentialOptions.ts

@@ -1,9 +1,9 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { AuthorityValidationOptions } from "./authorityValidationOptions";
-import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions";
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
+import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
+import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 
 /**
  * Defines options for the {@link UsernamePasswordCredential} class.

sdk/identity/identity/src/credentials/visualStudioCodeCredential-browser.mts

@@ -2,7 +2,7 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, TokenCredential } from "@azure/core-auth";
-import { credentialLogger, formatError } from "../util/logging";
+import { credentialLogger, formatError } from "../util/logging.js";
 
 const BrowserNotSupportedError = new Error(
   "VisualStudioCodeCredential is not supported in the browser.",

sdk/identity/identity/src/credentials/visualStudioCodeCredential.ts

@@ -2,20 +2,20 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import { credentialLogger, formatError, formatSuccess } from "../util/logging";
+import { credentialLogger, formatError, formatSuccess } from "../util/logging.js";
 import {
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
-} from "../util/tenantIdUtils";
-import { AzureAuthorityHosts } from "../constants";
-import { CredentialUnavailableError } from "../errors";
-import { IdentityClient } from "../client/identityClient";
-import type { VisualStudioCodeCredentialOptions } from "./visualStudioCodeCredentialOptions";
-import type { VSCodeCredentialFinder } from "./visualStudioCodeCredentialPlugin";
-import { checkTenantId } from "../util/tenantIdUtils";
-import fs from "fs";
-import os from "os";
-import path from "path";
+} from "../util/tenantIdUtils.js";
+import { AzureAuthorityHosts } from "../constants.js";
+import { CredentialUnavailableError } from "../errors.js";
+import { IdentityClient } from "../client/identityClient.js";
+import type { VisualStudioCodeCredentialOptions } from "./visualStudioCodeCredentialOptions.js";
+import type { VSCodeCredentialFinder } from "./visualStudioCodeCredentialPlugin.js";
+import { checkTenantId } from "../util/tenantIdUtils.js";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
 
 const CommonTenantId = "common";
 const AzureAccountClientId = "aebc6443-996d-45c2-90f0-388ff96faa56"; // VSC: 'aebc6443-996d-45c2-90f0-388ff96faa56'

sdk/identity/identity/src/credentials/visualStudioCodeCredentialOptions.ts

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 
 /**
  * Provides options to configure the Visual Studio Code credential.

sdk/identity/identity/src/credentials/workloadIdentityCredential-browser.mts

@@ -2,7 +2,7 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, TokenCredential } from "@azure/core-auth";
-import { credentialLogger, formatError } from "../util/logging";
+import { credentialLogger, formatError } from "../util/logging.js";
 
 const BrowserNotSupportedError = new Error(
   "WorkloadIdentityCredential is not supported in the browser.",

sdk/identity/identity/src/credentials/workloadIdentityCredential.ts

@@ -2,13 +2,13 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import { credentialLogger, processEnvVars } from "../util/logging";
+import { credentialLogger, processEnvVars } from "../util/logging.js";
 
-import { ClientAssertionCredential } from "./clientAssertionCredential";
-import { CredentialUnavailableError } from "../errors";
-import type { WorkloadIdentityCredentialOptions } from "./workloadIdentityCredentialOptions";
-import { checkTenantId } from "../util/tenantIdUtils";
-import { readFile } from "fs/promises";
+import { ClientAssertionCredential } from "./clientAssertionCredential.js";
+import { CredentialUnavailableError } from "../errors.js";
+import type { WorkloadIdentityCredentialOptions } from "./workloadIdentityCredentialOptions.js";
+import { checkTenantId } from "../util/tenantIdUtils.js";
+import { readFile } from "node:fs/promises";
 
 const credentialName = "WorkloadIdentityCredential";
 /**

sdk/identity/identity/src/credentials/workloadIdentityCredentialOptions.ts

@@ -1,8 +1,8 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-import type { AuthorityValidationOptions } from "./authorityValidationOptions";
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
+import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 
 /**
  * Options for the {@link WorkloadIdentityCredential}

sdk/identity/identity/src/index.ts

@@ -1,12 +1,12 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-export * from "./plugins/consumer";
+export * from "./plugins/consumer.js";
 
-export { IdentityPlugin } from "./plugins/provider";
+export { IdentityPlugin } from "./plugins/provider.js";
 
 import type { TokenCredential } from "@azure/core-auth";
-import { DefaultAzureCredential } from "./credentials/defaultAzureCredential";
+import { DefaultAzureCredential } from "./credentials/defaultAzureCredential.js";
 
 export {
   AuthenticationError,
@@ -18,97 +18,97 @@ export {
   CredentialUnavailableErrorName,
   AuthenticationRequiredError,
   AuthenticationRequiredErrorOptions,
-} from "./errors";
+} from "./errors.js";
 
-export { AuthenticationRecord } from "./msal/types";
-export { serializeAuthenticationRecord, deserializeAuthenticationRecord } from "./msal/utils";
-export { TokenCredentialOptions } from "./tokenCredentialOptions";
-export { MultiTenantTokenCredentialOptions } from "./credentials/multiTenantTokenCredentialOptions";
-export { AuthorityValidationOptions } from "./credentials/authorityValidationOptions";
+export { AuthenticationRecord } from "./msal/types.js";
+export { serializeAuthenticationRecord, deserializeAuthenticationRecord } from "./msal/utils.js";
+export { TokenCredentialOptions } from "./tokenCredentialOptions.js";
+export { MultiTenantTokenCredentialOptions } from "./credentials/multiTenantTokenCredentialOptions.js";
+export { AuthorityValidationOptions } from "./credentials/authorityValidationOptions.js";
 // TODO: Export again once we're ready to release this feature.
 // export { RegionalAuthority } from "./regionalAuthority";
 
-export { BrokerAuthOptions } from "./credentials/brokerAuthOptions";
+export { BrokerAuthOptions } from "./credentials/brokerAuthOptions.js";
 export {
   BrokerOptions,
   BrokerEnabledOptions,
   BrokerDisabledOptions,
-} from "./msal/nodeFlows/brokerOptions";
-export { InteractiveCredentialOptions } from "./credentials/interactiveCredentialOptions";
+} from "./msal/nodeFlows/brokerOptions.js";
+export { InteractiveCredentialOptions } from "./credentials/interactiveCredentialOptions.js";
 
-export { ChainedTokenCredential } from "./credentials/chainedTokenCredential";
+export { ChainedTokenCredential } from "./credentials/chainedTokenCredential.js";
 
-export { ClientSecretCredential } from "./credentials/clientSecretCredential";
-export { ClientSecretCredentialOptions } from "./credentials/clientSecretCredentialOptions";
+export { ClientSecretCredential } from "./credentials/clientSecretCredential.js";
+export { ClientSecretCredentialOptions } from "./credentials/clientSecretCredentialOptions.js";
 
-export { DefaultAzureCredential } from "./credentials/defaultAzureCredential";
+export { DefaultAzureCredential } from "./credentials/defaultAzureCredential.js";
 export {
   DefaultAzureCredentialOptions,
   DefaultAzureCredentialClientIdOptions,
   DefaultAzureCredentialResourceIdOptions,
-} from "./credentials/defaultAzureCredentialOptions";
+} from "./credentials/defaultAzureCredentialOptions.js";
 
-export { EnvironmentCredential } from "./credentials/environmentCredential";
-export { EnvironmentCredentialOptions } from "./credentials/environmentCredentialOptions";
+export { EnvironmentCredential } from "./credentials/environmentCredential.js";
+export { EnvironmentCredentialOptions } from "./credentials/environmentCredentialOptions.js";
 
 export {
   ClientCertificateCredential,
   ClientCertificateCredentialPEMConfiguration,
   ClientCertificatePEMCertificatePath,
   ClientCertificatePEMCertificate,
-} from "./credentials/clientCertificateCredential";
-export { ClientCertificateCredentialOptions } from "./credentials/clientCertificateCredentialOptions";
-export { ClientAssertionCredential } from "./credentials/clientAssertionCredential";
-export { ClientAssertionCredentialOptions } from "./credentials/clientAssertionCredentialOptions";
-export { CredentialPersistenceOptions } from "./credentials/credentialPersistenceOptions";
-export { AzureCliCredential } from "./credentials/azureCliCredential";
-export { AzureCliCredentialOptions } from "./credentials/azureCliCredentialOptions";
-export { AzureDeveloperCliCredential } from "./credentials/azureDeveloperCliCredential";
-export { AzureDeveloperCliCredentialOptions } from "./credentials/azureDeveloperCliCredentialOptions";
-export { InteractiveBrowserCredential } from "./credentials/interactiveBrowserCredential";
+} from "./credentials/clientCertificateCredential.js";
+export { ClientCertificateCredentialOptions } from "./credentials/clientCertificateCredentialOptions.js";
+export { ClientAssertionCredential } from "./credentials/clientAssertionCredential.js";
+export { ClientAssertionCredentialOptions } from "./credentials/clientAssertionCredentialOptions.js";
+export { CredentialPersistenceOptions } from "./credentials/credentialPersistenceOptions.js";
+export { AzureCliCredential } from "./credentials/azureCliCredential.js";
+export { AzureCliCredentialOptions } from "./credentials/azureCliCredentialOptions.js";
+export { AzureDeveloperCliCredential } from "./credentials/azureDeveloperCliCredential.js";
+export { AzureDeveloperCliCredentialOptions } from "./credentials/azureDeveloperCliCredentialOptions.js";
+export { InteractiveBrowserCredential } from "./credentials/interactiveBrowserCredential.js";
 export {
   InteractiveBrowserCredentialNodeOptions,
   InteractiveBrowserCredentialInBrowserOptions,
   BrowserLoginStyle,
-} from "./credentials/interactiveBrowserCredentialOptions";
+} from "./credentials/interactiveBrowserCredentialOptions.js";
 export {
   ManagedIdentityCredential,
   ManagedIdentityCredentialClientIdOptions,
   ManagedIdentityCredentialResourceIdOptions,
   ManagedIdentityCredentialObjectIdOptions,
-} from "./credentials/managedIdentityCredential";
-export { DeviceCodeCredential } from "./credentials/deviceCodeCredential";
+} from "./credentials/managedIdentityCredential/index.js";
+export { DeviceCodeCredential } from "./credentials/deviceCodeCredential.js";
 export {
   DeviceCodePromptCallback,
   DeviceCodeInfo,
-} from "./credentials/deviceCodeCredentialOptions";
-export { DeviceCodeCredentialOptions } from "./credentials/deviceCodeCredentialOptions";
-export { AzurePipelinesCredential as AzurePipelinesCredential } from "./credentials/azurePipelinesCredential";
-export { AzurePipelinesCredentialOptions as AzurePipelinesCredentialOptions } from "./credentials/azurePipelinesCredentialOptions";
-export { AuthorizationCodeCredential } from "./credentials/authorizationCodeCredential";
-export { AuthorizationCodeCredentialOptions } from "./credentials/authorizationCodeCredentialOptions";
-export { AzurePowerShellCredential } from "./credentials/azurePowerShellCredential";
-export { AzurePowerShellCredentialOptions } from "./credentials/azurePowerShellCredentialOptions";
+} from "./credentials/deviceCodeCredentialOptions.js";
+export { DeviceCodeCredentialOptions } from "./credentials/deviceCodeCredentialOptions.js";
+export { AzurePipelinesCredential as AzurePipelinesCredential } from "./credentials/azurePipelinesCredential.js";
+export { AzurePipelinesCredentialOptions as AzurePipelinesCredentialOptions } from "./credentials/azurePipelinesCredentialOptions.js";
+export { AuthorizationCodeCredential } from "./credentials/authorizationCodeCredential.js";
+export { AuthorizationCodeCredentialOptions } from "./credentials/authorizationCodeCredentialOptions.js";
+export { AzurePowerShellCredential } from "./credentials/azurePowerShellCredential.js";
+export { AzurePowerShellCredentialOptions } from "./credentials/azurePowerShellCredentialOptions.js";
 export {
   OnBehalfOfCredentialOptions,
   OnBehalfOfCredentialSecretOptions,
   OnBehalfOfCredentialCertificateOptions,
   OnBehalfOfCredentialAssertionOptions,
-} from "./credentials/onBehalfOfCredentialOptions";
-export { UsernamePasswordCredential } from "./credentials/usernamePasswordCredential";
-export { UsernamePasswordCredentialOptions } from "./credentials/usernamePasswordCredentialOptions";
-export { VisualStudioCodeCredential } from "./credentials/visualStudioCodeCredential";
-export { VisualStudioCodeCredentialOptions } from "./credentials/visualStudioCodeCredentialOptions";
-export { OnBehalfOfCredential } from "./credentials/onBehalfOfCredential";
-export { WorkloadIdentityCredential } from "./credentials/workloadIdentityCredential";
-export { WorkloadIdentityCredentialOptions } from "./credentials/workloadIdentityCredentialOptions";
-export { BrowserCustomizationOptions } from "./credentials/browserCustomizationOptions";
-export { TokenCachePersistenceOptions } from "./msal/nodeFlows/tokenCachePersistenceOptions";
+} from "./credentials/onBehalfOfCredentialOptions.js";
+export { UsernamePasswordCredential } from "./credentials/usernamePasswordCredential.js";
+export { UsernamePasswordCredentialOptions } from "./credentials/usernamePasswordCredentialOptions.js";
+export { VisualStudioCodeCredential } from "./credentials/visualStudioCodeCredential.js";
+export { VisualStudioCodeCredentialOptions } from "./credentials/visualStudioCodeCredentialOptions.js";
+export { OnBehalfOfCredential } from "./credentials/onBehalfOfCredential.js";
+export { WorkloadIdentityCredential } from "./credentials/workloadIdentityCredential.js";
+export { WorkloadIdentityCredentialOptions } from "./credentials/workloadIdentityCredentialOptions.js";
+export { BrowserCustomizationOptions } from "./credentials/browserCustomizationOptions.js";
+export { TokenCachePersistenceOptions } from "./msal/nodeFlows/tokenCachePersistenceOptions.js";
 
 export { TokenCredential, GetTokenOptions, AccessToken } from "@azure/core-auth";
-export { logger } from "./util/logging";
+export { logger } from "./util/logging.js";
 
-export { AzureAuthorityHosts } from "./constants";
+export { AzureAuthorityHosts } from "./constants.js";
 
 /**
  * Returns a new instance of the {@link DefaultAzureCredential}.
@@ -117,4 +117,4 @@ export function getDefaultAzureCredential(): TokenCredential {
   return new DefaultAzureCredential();
 }
 
-export { getBearerTokenProvider, GetBearerTokenProviderOptions } from "./tokenProvider";
+export { getBearerTokenProvider, GetBearerTokenProviderOptions } from "./tokenProvider.js";

sdk/identity/identity/src/msal/browserFlows/flows.ts

@@ -2,9 +2,9 @@
 // Licensed under the MIT License.
 
 import type { AccessToken } from "@azure/core-auth";
-import type { AuthenticationRecord } from "../types";
-import type { CredentialFlowGetTokenOptions } from "../credentials";
-import type { CredentialLogger } from "../../util/logging";
+import type { AuthenticationRecord } from "../types.js";
+import type { CredentialFlowGetTokenOptions } from "../credentials.js";
+import type { CredentialLogger } from "../../util/logging.js";
 
 /**
  * Union of the constructor parameters that all MSAL flow types take.

sdk/identity/identity/src/msal/browserFlows/msalAuthCode.ts

@@ -3,20 +3,20 @@
 
 import * as msalBrowser from "@azure/msal-browser";
 
-import type { MsalBrowserFlowOptions } from "./msalBrowserCommon";
-import { MsalBrowser } from "./msalBrowserCommon";
+import type { MsalBrowserFlowOptions } from "./msalBrowserCommon.js";
+import { MsalBrowser } from "./msalBrowserCommon.js";
 import {
   defaultLoggerCallback,
   getMSALLogLevel,
   handleMsalError,
   msalToPublic,
   publicToMsal,
-} from "../utils";
+} from "../utils.js";
 
 import type { AccessToken } from "@azure/core-auth";
-import type { AuthenticationRecord } from "../types";
-import { AuthenticationRequiredError } from "../../errors";
-import type { CredentialFlowGetTokenOptions } from "../credentials";
+import type { AuthenticationRecord } from "../types.js";
+import { AuthenticationRequiredError } from "../../errors.js";
+import type { CredentialFlowGetTokenOptions } from "../credentials.js";
 import { getLogLevel } from "@azure/logger";
 
 // We keep a copy of the redirect hash.

sdk/identity/identity/src/msal/browserFlows/msalBrowserCommon.ts

@@ -4,23 +4,23 @@
 import type * as msalBrowser from "@azure/msal-browser";
 
 import type { AccessToken, GetTokenOptions } from "@azure/core-auth";
-import type { AuthenticationRecord, MsalResult } from "../types";
-import { AuthenticationRequiredError, CredentialUnavailableError } from "../../errors";
-import type { CredentialLogger } from "../../util/logging";
-import { formatSuccess } from "../../util/logging";
-import type { MsalFlow, MsalFlowOptions } from "./flows";
-import { ensureValidMsalToken, getAuthority, getKnownAuthorities, msalToPublic } from "../utils";
+import type { AuthenticationRecord, MsalResult } from "../types.js";
+import { AuthenticationRequiredError, CredentialUnavailableError } from "../../errors.js";
+import type { CredentialLogger } from "../../util/logging.js";
+import { formatSuccess } from "../../util/logging.js";
+import type { MsalFlow, MsalFlowOptions } from "./flows.js";
+import { ensureValidMsalToken, getAuthority, getKnownAuthorities, msalToPublic } from "../utils.js";
 import {
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
   resolveTenantId,
-} from "../../util/tenantIdUtils";
+} from "../../util/tenantIdUtils.js";
 
-import type { BrowserLoginStyle } from "../../credentials/interactiveBrowserCredentialOptions";
-import type { CredentialFlowGetTokenOptions } from "../credentials";
-import { DefaultTenantId } from "../../constants";
+import type { BrowserLoginStyle } from "../../credentials/interactiveBrowserCredentialOptions.js";
+import type { CredentialFlowGetTokenOptions } from "../credentials.js";
+import { DefaultTenantId } from "../../constants.js";
 import type { LogPolicyOptions } from "@azure/core-rest-pipeline";
-import type { MultiTenantTokenCredentialOptions } from "../../credentials/multiTenantTokenCredentialOptions";
+import type { MultiTenantTokenCredentialOptions } from "../../credentials/multiTenantTokenCredentialOptions.js";
 
 /**
  * Union of the constructor parameters that all MSAL flow types take.