[Identity] OnBehalfOfCredential

[sadasant]

This PR implements the OnBehalfOfCredential. This design to a while to figure out. You can read more about previous ideas through:

• Issue: Feature: Add On-Behalf-Of (OBO) Auth Flow for the Microsoft Graph Team.
• Some design ideas: gist.
• First PR: Proposal: TokenCredentialRefresher and authenticationOptions.
• Second PR: Identity: OnBehalfOfCredential, credential-only approach.

After careful consideration of the possible impacts of all the options, we arrived back at the design originally proposed by @schaabs : To pass the userAssertion as an object besides the tracing parameters on the ServiceClient methods.

This approach looks as follows:

const tokenCredential = new OnBehalfOfCredential(tenantId, clientId, clientSecret);
const client = new KeyClient("vault-url", tokenCredential);

const userAssertions = createUserAssertion("access-token");
await client.getKey("key-name", { authenticationOptions: { userAssertion } });

Related to #15804
Fixes #17133

---

Work on a separate PR:

• For this milestone: Ensure all of the JS SDK LRO pollers pass the OperationOptions to all of their internal requests.
• For the next milestone: Add a sample.

[xirzec]

I think this is shaping up nicely! I wish there was an easy way to avoid sprinkling AuthenticationOptions in so many places, but maybe this is the simplest solution and at least we'll have a place for other auth-related properties in the future

[sadasant]

Tests are failing on Node12 on Windows. I’ll investigate

[ghost]

Hi @sadasant. Thank you for your interest in helping to improve the Azure SDK experience and for your contribution. We've noticed that there hasn't been recent engagement on this pull request. If this is still an active work stream, please let us know by pushing some changes or leaving a comment. Otherwise, we'll close this out in 7 days.

[sadasant]

More complex designs of the OBO credential are not on the table for the foreseeable future. Closing this PR.