refactor msalClient to export a context and flows directly

Exporting one client with all flows in it as a function makes it
inherently not tree shakable increasing bundle size. This commit
splits all those flows into functions taking the context as a
parameter.

This resulted in a bundle size reduction from 790kb -> 753kb on
an artifical test bundle with only ClientCertificateCredential

Author: MichielVrins

sdk/identity/identity/src/credentials/authorizationCodeCredential.ts

@@ -11,8 +11,11 @@ import { checkTenantId } from "../util/tenantIdUtils.js";
 import { credentialLogger } from "../util/logging.js";
 import { ensureScopes } from "../util/scopeUtils.js";
 import { tracingClient } from "../util/tracing.js";
-import type { MsalClient } from "../msal/nodeFlows/msalClient.js";
-import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
+import {
+  createMsalClientContext,
+  getTokenByAuthorizationCode,
+  type MsalClientContext,
+} from "../msal/nodeFlows/msalClient.js";
 
 const logger = credentialLogger("AuthorizationCodeCredential");
 
@@ -24,7 +27,7 @@ const logger = credentialLogger("AuthorizationCodeCredential");
  * https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow
  */
 export class AuthorizationCodeCredential implements TokenCredential {
-  private msalClient: MsalClient;
+  private msalContext: MsalClientContext;
   private disableAutomaticAuthentication?: boolean;
   private authorizationCode: string;
   private redirectUri: string;
@@ -124,7 +127,7 @@ export class AuthorizationCodeCredential implements TokenCredential {
       options?.additionallyAllowedTenants,
     );
 
-    this.msalClient = createMsalClient(clientId, tenantId, {
+    this.msalContext = createMsalClientContext(clientId, tenantId, {
       ...options,
       logger,
     });
@@ -151,7 +154,8 @@ export class AuthorizationCodeCredential implements TokenCredential {
         newOptions.tenantId = tenantId;
 
         const arrayScopes = ensureScopes(scopes);
-        return this.msalClient.getTokenByAuthorizationCode(
+        return getTokenByAuthorizationCode(
+          this.msalContext,
           arrayScopes,
           this.redirectUri,
           this.authorizationCode,

sdk/identity/identity/src/credentials/brokerCredential.ts

@@ -11,8 +11,12 @@ import {
 import { credentialLogger, formatError } from "../util/logging.js";
 import { ensureScopes } from "../util/scopeUtils.js";
 import { tracingClient } from "../util/tracing.js";
-import type { MsalClient, MsalClientOptions } from "../msal/nodeFlows/msalClient.js";
-import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
+import {
+  createMsalClientContext,
+  getBrokeredToken,
+  type MsalClientContext,
+  type MsalClientOptions,
+} from "../msal/nodeFlows/msalClient.js";
 import { DeveloperSignOnClientId } from "../constants.js";
 import type { TokenCredentialOptions } from "../tokenCredentialOptions.js";
 import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
@@ -25,7 +29,7 @@ const logger = credentialLogger("BrokerCredential");
  * This credential uses the default account logged into the OS via a broker.
  */
 export class BrokerCredential implements TokenCredential {
-  private brokerMsalClient: MsalClient;
+  private brokerMsalContext: MsalClientContext;
   private brokerTenantId?: string;
   private brokerAdditionallyAllowedTenantIds: string[];
 
@@ -54,7 +58,7 @@ export class BrokerCredential implements TokenCredential {
       },
     };
 
-    this.brokerMsalClient = createMsalClient(
+    this.brokerMsalContext = createMsalClientContext(
       DeveloperSignOnClientId,
       this.brokerTenantId,
       msalClientOptions,
@@ -85,7 +89,7 @@ export class BrokerCredential implements TokenCredential {
 
         const arrayScopes = ensureScopes(scopes);
         try {
-          return this.brokerMsalClient.getBrokeredToken(arrayScopes, true, {
+          return getBrokeredToken(this.brokerMsalContext, arrayScopes, true, {
             ...newOptions,
             disableAutomaticAuthentication: true,
           });

sdk/identity/identity/src/credentials/clientAssertionCredential.ts

@@ -2,8 +2,11 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import type { MsalClient } from "../msal/nodeFlows/msalClient.js";
-import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
+import {
+  createMsalClientContext,
+  getTokenByClientAssertion,
+  type MsalClientContext,
+} from "../msal/nodeFlows/msalClient.js";
 import {
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
@@ -20,7 +23,7 @@ const logger = credentialLogger("ClientAssertionCredential");
  * Authenticates a service principal with a JWT assertion.
  */
 export class ClientAssertionCredential implements TokenCredential {
-  private msalClient: MsalClient;
+  private msalContext: MsalClientContext;
   private tenantId: string;
   private additionallyAllowedTenantIds: string[];
   private getAssertion: () => Promise<string>;
@@ -66,7 +69,7 @@ export class ClientAssertionCredential implements TokenCredential {
 
     this.options = options;
     this.getAssertion = getAssertion;
-    this.msalClient = createMsalClient(clientId, tenantId, {
+    this.msalContext = createMsalClientContext(clientId, tenantId, {
       ...this.options,
       logger,
     });
@@ -93,7 +96,8 @@ export class ClientAssertionCredential implements TokenCredential {
         );
 
         const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
-        return this.msalClient.getTokenByClientAssertion(
+        return getTokenByClientAssertion(
+          this.msalContext,
           arrayScopes,
           this.getAssertion,
           newOptions,

sdk/identity/identity/src/credentials/clientCertificateCredential.ts

@@ -2,8 +2,11 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import type { MsalClient } from "../msal/nodeFlows/msalClient.js";
-import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
+import {
+  createMsalClientContext,
+  getTokenByClientCertificate,
+  type MsalClientContext,
+} from "../msal/nodeFlows/msalClient.js";
 import { createHash, createPrivateKey } from "node:crypto";
 import {
   processMultiTenantRequest,
@@ -38,7 +41,7 @@ export class ClientCertificateCredential implements TokenCredential {
   private additionallyAllowedTenantIds: string[];
   private certificateConfiguration: ClientCertificateCredentialPEMConfiguration;
   private sendCertificateChain?: boolean;
-  private msalClient: MsalClient;
+  private msalContext: MsalClientContext;
 
   /**
    * Creates an instance of the ClientCertificateCredential with the details
@@ -126,7 +129,7 @@ export class ClientCertificateCredential implements TokenCredential {
         `${credentialName}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,
       );
     }
-    this.msalClient = createMsalClient(clientId, tenantId, {
+    this.msalContext = createMsalClientContext(clientId, tenantId, {
       ...options,
       logger,
     });
@@ -151,7 +154,7 @@ export class ClientCertificateCredential implements TokenCredential {
 
       const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
       const certificate = await this.buildClientCertificate();
-      return this.msalClient.getTokenByClientCertificate(arrayScopes, certificate, newOptions);
+      return getTokenByClientCertificate(this.msalContext, arrayScopes, certificate, newOptions);
     });
   }
 

sdk/identity/identity/src/credentials/clientSecretCredential.ts

@@ -2,8 +2,11 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import type { MsalClient } from "../msal/nodeFlows/msalClient.js";
-import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
+import {
+  createMsalClientContext,
+  getTokenByClientSecret,
+  type MsalClientContext,
+} from "../msal/nodeFlows/msalClient.js";
 import {
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
@@ -28,7 +31,7 @@ const logger = credentialLogger("ClientSecretCredential");
 export class ClientSecretCredential implements TokenCredential {
   private tenantId: string;
   private additionallyAllowedTenantIds: string[];
-  private msalClient: MsalClient;
+  private msalContext: MsalClientContext;
   private clientSecret: string;
 
   /**
@@ -71,7 +74,7 @@ export class ClientSecretCredential implements TokenCredential {
       options?.additionallyAllowedTenants,
     );
 
-    this.msalClient = createMsalClient(clientId, tenantId, {
+    this.msalContext = createMsalClientContext(clientId, tenantId, {
       ...options,
       logger,
     });
@@ -98,7 +101,7 @@ export class ClientSecretCredential implements TokenCredential {
         );
 
         const arrayScopes = ensureScopes(scopes);
-        return this.msalClient.getTokenByClientSecret(arrayScopes, this.clientSecret, newOptions);
+        return getTokenByClientSecret(this.msalContext, arrayScopes, this.clientSecret, newOptions);
       },
     );
   }

sdk/identity/identity/src/credentials/deviceCodeCredential.ts

@@ -2,6 +2,11 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
+import {
+  createMsalClientContext,
+  getTokenByDeviceCode,
+  type MsalClientContext,
+} from "../msal/nodeFlows/msalClient.js";
 import {
   processMultiTenantRequest,
   resolveAdditionallyAllowedTenantIds,
@@ -16,8 +21,6 @@ import type { AuthenticationRecord } from "../msal/types.js";
 import { credentialLogger } from "../util/logging.js";
 import { ensureScopes } from "../util/scopeUtils.js";
 import { tracingClient } from "../util/tracing.js";
-import type { MsalClient } from "../msal/nodeFlows/msalClient.js";
-import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
 import { DeveloperSignOnClientId } from "../constants.js";
 
 const logger = credentialLogger("DeviceCodeCredential");
@@ -38,7 +41,7 @@ export class DeviceCodeCredential implements TokenCredential {
   private tenantId?: string;
   private additionallyAllowedTenantIds: string[];
   private disableAutomaticAuthentication?: boolean;
-  private msalClient: MsalClient;
+  private msalContext: MsalClientContext;
   private userPromptCallback: DeviceCodePromptCallback;
 
   /**
@@ -71,7 +74,7 @@ export class DeviceCodeCredential implements TokenCredential {
     const clientId = options?.clientId ?? DeveloperSignOnClientId;
     const tenantId = resolveTenantId(logger, options?.tenantId, clientId);
     this.userPromptCallback = options?.userPromptCallback ?? defaultDeviceCodePromptCallback;
-    this.msalClient = createMsalClient(clientId, tenantId, {
+    this.msalContext = createMsalClientContext(clientId, tenantId, {
       ...options,
       logger,
     });
@@ -103,7 +106,7 @@ export class DeviceCodeCredential implements TokenCredential {
         );
 
         const arrayScopes = ensureScopes(scopes);
-        return this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {
+        return getTokenByDeviceCode(this.msalContext, arrayScopes, this.userPromptCallback, {
           ...newOptions,
           disableAutomaticAuthentication: this.disableAutomaticAuthentication,
         });
@@ -130,11 +133,11 @@ export class DeviceCodeCredential implements TokenCredential {
       options,
       async (newOptions) => {
         const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
-        await this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {
+        await getTokenByDeviceCode(this.msalContext, arrayScopes, this.userPromptCallback, {
           ...newOptions,
           disableAutomaticAuthentication: false, // this method should always allow user interaction
         });
-        return this.msalClient.getActiveAccount();
+        return this.msalContext.getActiveAccount();
       },
     );
   }

sdk/identity/identity/src/credentials/interactiveBrowserCredential.ts

@@ -16,8 +16,12 @@ import type { AuthenticationRecord } from "../msal/types.js";
 import { credentialLogger } from "../util/logging.js";
 import { ensureScopes } from "../util/scopeUtils.js";
 import { tracingClient } from "../util/tracing.js";
-import type { MsalClient, MsalClientOptions } from "../msal/nodeFlows/msalClient.js";
-import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
+import {
+  createMsalClientContext,
+  getTokenByInteractiveRequest,
+  type MsalClientContext,
+  type MsalClientOptions,
+} from "../msal/nodeFlows/msalClient.js";
 import { DeveloperSignOnClientId } from "../constants.js";
 
 const logger = credentialLogger("InteractiveBrowserCredential");
@@ -29,7 +33,7 @@ const logger = credentialLogger("InteractiveBrowserCredential");
 export class InteractiveBrowserCredential implements TokenCredential {
   private tenantId?: string;
   private additionallyAllowedTenantIds: string[];
-  private msalClient: MsalClient;
+  private msalContext: MsalClientContext;
   private disableAutomaticAuthentication?: boolean;
   private browserCustomizationOptions: InteractiveBrowserCredentialNodeOptions["browserCustomizationOptions"];
   private loginHint?: string;
@@ -75,7 +79,7 @@ export class InteractiveBrowserCredential implements TokenCredential {
         };
       }
     }
-    this.msalClient = createMsalClient(
+    this.msalContext = createMsalClientContext(
       options.clientId ?? DeveloperSignOnClientId,
       this.tenantId,
       msalClientOptions,
@@ -108,7 +112,7 @@ export class InteractiveBrowserCredential implements TokenCredential {
         );
 
         const arrayScopes = ensureScopes(scopes);
-        return this.msalClient.getTokenByInteractiveRequest(arrayScopes, {
+        return getTokenByInteractiveRequest(this.msalContext, arrayScopes, {
           ...newOptions,
           disableAutomaticAuthentication: this.disableAutomaticAuthentication,
           browserCustomizationOptions: this.browserCustomizationOptions,
@@ -140,13 +144,13 @@ export class InteractiveBrowserCredential implements TokenCredential {
       options,
       async (newOptions) => {
         const arrayScopes = ensureScopes(scopes);
-        await this.msalClient.getTokenByInteractiveRequest(arrayScopes, {
+        await getTokenByInteractiveRequest(this.msalContext, arrayScopes, {
           ...newOptions,
           disableAutomaticAuthentication: false, // this method should always allow user interaction
           browserCustomizationOptions: this.browserCustomizationOptions,
           loginHint: this.loginHint,
         });
-        return this.msalClient.getActiveAccount();
+        return this.msalContext.getActiveAccount();
       },
     );
   }

sdk/identity/identity/src/credentials/onBehalfOfCredential.ts

@@ -2,8 +2,11 @@
 // Licensed under the MIT License.
 
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import type { MsalClient } from "../msal/nodeFlows/msalClient.js";
-import { createMsalClient } from "../msal/nodeFlows/msalClient.js";
+import {
+  createMsalClientContext,
+  getTokenOnBehalfOf,
+  type MsalClientContext,
+} from "../msal/nodeFlows/msalClient.js";
 import type {
   OnBehalfOfCredentialAssertionOptions,
   OnBehalfOfCredentialCertificateOptions,
@@ -35,7 +38,7 @@ const logger = credentialLogger(credentialName);
 export class OnBehalfOfCredential implements TokenCredential {
   private tenantId: string;
   private additionallyAllowedTenantIds: string[];
-  private msalClient: MsalClient;
+  private msalContext: MsalClientContext;
   private sendCertificateChain?: boolean;
   private certificatePath?: string;
   private clientSecret?: string;
@@ -178,7 +181,7 @@ export class OnBehalfOfCredential implements TokenCredential {
       additionallyAllowedTenantIds,
     );
 
-    this.msalClient = createMsalClient(clientId, this.tenantId, {
+    this.msalContext = createMsalClientContext(clientId, this.tenantId, {
       ...options,
       logger,
     });
@@ -204,21 +207,24 @@ export class OnBehalfOfCredential implements TokenCredential {
       if (this.certificatePath) {
         const clientCertificate = await this.buildClientCertificate(this.certificatePath);
 
-        return this.msalClient.getTokenOnBehalfOf(
+        return getTokenOnBehalfOf(
+          this.msalContext,
           arrayScopes,
           this.userAssertionToken,
           clientCertificate,
           newOptions,
         );
       } else if (this.clientSecret) {
-        return this.msalClient.getTokenOnBehalfOf(
+        return getTokenOnBehalfOf(
+          this.msalContext,
           arrayScopes,
           this.userAssertionToken,
           this.clientSecret,
           options,
         );
       } else if (this.clientAssertion) {
-        return this.msalClient.getTokenOnBehalfOf(
+        return getTokenOnBehalfOf(
+          this.msalContext,
           arrayScopes,
           this.userAssertionToken,
           this.clientAssertion,