-
Notifications
You must be signed in to change notification settings - Fork 283
/
Copy pathmsalAppCredentials.ts
129 lines (111 loc) · 4.22 KB
/
msalAppCredentials.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
/**
* @module botframework-connector
*/
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
import { ConfidentialClientApplication, NodeAuthOptions } from '@azure/msal-node';
import { AppCredentials } from './appCredentials';
import { AuthenticatorResult } from './authenticatorResult';
export interface Certificate {
thumbprint: string;
privateKey: string;
}
/**
* An implementation of AppCredentials that uses @azure/msal-node to fetch tokens.
*/
export class MsalAppCredentials extends AppCredentials {
/**
* A reference used for Empty auth scenarios
*/
static Empty = new MsalAppCredentials();
/**
* Create an MsalAppCredentials instance using a confidential client application.
*
* @param clientApplication An @azure/msal-node ConfidentialClientApplication instance.
* @param appId The application ID.
* @param authority The authority to use for fetching tokens
* @param scope The oauth scope to use when fetching tokens.
*/
constructor(clientApplication: ConfidentialClientApplication, appId: string, authority: string, scope: string);
/**
* Create an MsalAppCredentials instance using a confidential client application.
*
* @param appId The application ID.
* @param appPassword The application password.
* @param authority The authority to use for fetching tokens
* @param scope The oauth scope to use when fetching tokens.
*/
constructor(appId: string, appPassword: string, authority: string, scope: string);
/**
* Create an MsalAppCredentials instance using a confidential client application.
*
* @param appId The application ID.
* @param certificate The client certificate details.
* @param authority The authority to use for fetching tokens
* @param scope The oauth scope to use when fetching tokens.
*/
constructor(appId: string, certificate: Certificate, authority: string, scope: string);
/**
* @internal
*/
constructor();
/**
* @internal
*/
constructor(
maybeClientApplicationOrAppId?: ConfidentialClientApplication | string,
maybeAppIdOrAppPasswordOrCertificate?: string | Certificate,
maybeAuthority?: string,
maybeScope?: string
) {
const appId =
typeof maybeClientApplicationOrAppId === 'string'
? maybeClientApplicationOrAppId
: typeof maybeAppIdOrAppPasswordOrCertificate === 'string'
? maybeAppIdOrAppPasswordOrCertificate
: undefined;
super(appId, undefined, maybeScope);
if (typeof maybeClientApplicationOrAppId !== 'string') {
this.clientApplication = maybeClientApplicationOrAppId;
} else {
const auth: NodeAuthOptions = {
authority: maybeAuthority,
clientId: appId,
};
auth.clientCertificate =
typeof maybeAppIdOrAppPasswordOrCertificate !== 'string'
? maybeAppIdOrAppPasswordOrCertificate
: undefined;
auth.clientSecret =
typeof maybeAppIdOrAppPasswordOrCertificate === 'string'
? maybeAppIdOrAppPasswordOrCertificate
: undefined;
this.clientApplication = new ConfidentialClientApplication({ auth });
}
}
/**
* @inheritdoc
*/
protected async refreshToken(): Promise<AuthenticatorResult> {
if (!this.clientApplication) {
throw new Error('getToken should not be called for empty credentials.');
}
const scopePostfix = '/.default';
let scope = this.oAuthScope;
if (!scope.endsWith(scopePostfix)) {
scope = `${scope}${scopePostfix}`;
}
const token = await this.clientApplication.acquireTokenByClientCredential({
scopes: [scope],
skipCache: true,
});
const { accessToken } = token ?? {};
if (typeof accessToken !== 'string') {
throw new Error('Authentication: No access token received from MSAL.');
}
return {
accessToken: token.accessToken,
expiresOn: token.expiresOn,
};
}
}