feat(auth): add Entra ID identity provider integration

Introduces Entra ID (former Azure AD) authentication support with multiple authentication flows
and automated token lifecycle management.

Key additions:
- Add EntraIdCredentialsProvider for handling Entra ID authentication flows
- Implement MSALIdentityProvider to integrate with MSAL/EntraID authentication library
- Add support for multiple authentication methods:
  - Managed identities (system and user-assigned)
  - Client credentials with certificate
  - Client credentials with secret
  - Authorization Code flow with PKCE
- Add factory class with builder methods for each authentication flow
- Include sample Express server implementation for Authorization Code flow
- Add comprehensive configuration options for authority and token management

Author: bobymicroby

package-lock.json

@@ -35,7 +35,6 @@ export interface TokenManagerConfig {
   retry?: RetryPolicy;
 }
 
-
 /**
  * IDPError is an error that occurs while calling the underlying IdentityProvider.
  *
@@ -88,7 +87,7 @@ export class TokenManager<T> {
 
   constructor(
     private readonly identityProvider: IdentityProvider<T>,
-    private readonly config: TokenManagerConfig,
+    private readonly config: TokenManagerConfig
   ) {
     if (this.config.expirationRefreshRatio > 1) {
       throw new Error('expirationRefreshRatio must be less than or equal to 1');
@@ -186,25 +185,29 @@ export class TokenManager<T> {
     if (!this.listener) {
       throw new Error('TokenManager is not running, but a new token was received');
     }
-    const token = this.wrapNativeToken(nativeToken, ttlMs);
-    this.currentToken = token;
+    const token = this.wrapAndSetCurrentToken(nativeToken, ttlMs);
     this.listener.onNext(token);
 
     this.scheduleNextRefresh(this.calculateRefreshTime(token));
   }
 
   /**
-   * Wraps a native token obtained from identity provider.
-   * @param nativeToken
-   * @param ttlMs
+   * Creates a Token object from a native token and sets it as the current token.
+   *
+   * @param nativeToken - The raw token received from the identity provider
+   * @param ttlMs - Time-to-live in milliseconds for the token
+   *
+   * @returns A new Token instance containing the wrapped native token and expiration details
+   *
    */
-  public wrapNativeToken(nativeToken: T, ttlMs: number): Token<T> {
+  public wrapAndSetCurrentToken(nativeToken: T, ttlMs: number): Token<T> {
     const now = Date.now();
     const token = new Token(
       nativeToken,
       now + ttlMs,
       now
     );
+    this.currentToken = token;
     return token;
   }
 
@@ -228,7 +231,7 @@ export class TokenManager<T> {
    * @param token The token to calculate the refresh time for.
    * @param now The current time in milliseconds. Defaults to Date.now().
    */
-  public calculateRefreshTime(token: Token<T>, now:number = Date.now()): number {
+  public calculateRefreshTime(token: Token<T>, now: number = Date.now()): number {
     const ttlMs = token.getTtlMs(now);
     return Math.floor(ttlMs * this.config.expirationRefreshRatio);
   }

packages/authx/lib/token-manager.ts

@@ -380,11 +380,18 @@ export default class RedisClient<
   }
 
   /**
-   * TODO: Implement re-authentication to support refreshing credentials without reconnecting
    * @param credentials
    */
   private reAuthenticate = async (credentials: BasicAuth) => {
-    throw new Error('Not implemented');
+    // Re-authentication is not supported on RESP2 with PubSub active
+    if (!(this.isPubSubActive && !this.#options?.RESP)) {
+      await this.sendCommand(
+        parseArgs(COMMANDS.AUTH, {
+          username: credentials.username,
+          password: credentials.password ?? ''
+        })
+      );
+    }
   }
 
   private subscribeForStreamingCredentials(cp: StreamingCredentialsProvider): Promise<[BasicAuth, Disposable]> {