From 0cde901ec2bfe64ac54bb8148296bcc2a6cf4e16 Mon Sep 17 00:00:00 2001
From: Slawomir Koszewski <slawek@koszewscy.waw.pl>
Date: Tue, 3 Feb 2026 21:50:32 +0100
Subject: [PATCH] Add client secret login and credential handling scripts

---
 ...{auth-test.mjs => client-secret-login.mjs} |  0
 bin/login.mjs                                 | 67 +++++++++++++++++++
 2 files changed, 67 insertions(+)
 rename bin/{auth-test.mjs => client-secret-login.mjs} (100%)
 create mode 100644 bin/login.mjs

diff --git a/bin/auth-test.mjs b/bin/client-secret-login.mjs
similarity index 100%
rename from bin/auth-test.mjs
rename to bin/client-secret-login.mjs
diff --git a/bin/login.mjs b/bin/login.mjs
new file mode 100644
index 0000000..6e05828
--- /dev/null
+++ b/bin/login.mjs
@@ -0,0 +1,67 @@
+#!/usr/bin/env node
+
+import { readFileSync } from "fs";
+import { parseArgs } from "util";
+import { getCredential } from "../src/azure.js";
+
+let config = {};
+
+async function main() {
+  // Parse command line arguments to determine which credential type to use
+  const args = parseArgs({
+    options: {
+      help: { type: "boolean", short: "h" },
+      "credential-type": { type: "string", short: "t", default: "default" },
+      "config": { type: "string", short: "c", default: "app-config.json" },
+      "tenant-id": { type: "string", default: process.env.AZURE_TENANT_ID || "" },
+      "client-id": { type: "string", default: process.env.AZURE_CLIENT_ID || "" },
+      "client-secret": { type: "string", default: process.env.AZURE_CLIENT_SECRET || "" },
+      "client-secret-file": { type: "string", default: process.env.AZURE_CLIENT_SECRET_FILE || "" },
+    },
+  });
+
+  if (args.values.help) {
+    console.log("Usage: login.mjs [options]");
+    console.log("Options:");
+    console.log("  -h, --help                Show this help message");
+    console.log("  -c, --config              Path to the configuration file (default: config.js)");
+    console.log("  --tenant-id               Azure Tenant ID");
+    console.log("  --client-id               Azure Client ID");
+    console.log("  --client-secret           Azure Client Secret");
+    console.log("  --client-secret-file      Path to file containing Azure Client Secret");
+    console.log("  -t, --credential-type     Specify the credential type to use (default: default)");
+    process.exit(0);
+  }
+
+  // First, check if configuration file is spefiedd
+  const configPath = args.values.config;
+  if (configPath) {
+    // Load the JSON configuration file using readFileSync
+    const configFile = readFileSync(configPath, "utf-8");
+    config = JSON.parse(configFile);
+  }
+
+  // Process command line overrides
+  if (args.values["tenant-id"]) {
+    config.tenantId = args.values["tenant-id"];
+  }
+  if (args.values["client-id"]) {
+    config.clientId = args.values["client-id"];
+  }
+  if (args.values["client-secret"]) {
+    config.clientSecret = args.values["client-secret"];
+  } else if (args.values["client-secret-file"]) {
+    // Read client secret from file
+    config.clientSecret = readFileSync(args.values["client-secret-file"], "utf-8").trim();
+  }
+
+  // Create the appropriate credential based on the specified type
+  const credential = await getCredential(args.values["credential-type"], config);
+
+  console.log("Successfully obtained credential:", credential);
+}
+
+main().catch((error) => {
+  console.error("An error occurred:", error);
+  process.exit(1);
+});