Refactor of authentication code. Added configuration file selectable authentication method. Selectable from built-in Azure Identity, and custom PCA using MSAL.
Some checks failed
build / build (push) Failing after 14s
Some checks failed
build / build (push) Failing after 14s
This commit is contained in:
@@ -1,17 +1,32 @@
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
import { DefaultAzureCredential, ClientSecretCredential, DeviceCodeCredential } from "@azure/identity";
|
||||
import type { AuthenticationResult } from "@azure/msal-node";
|
||||
import { acquireResourceToken as acquireResourceTokenPca } from "./pca-auth.ts";
|
||||
import {
|
||||
DefaultAzureCredential,
|
||||
ClientSecretCredential,
|
||||
DeviceCodeCredential,
|
||||
getBearerTokenProvider,
|
||||
} from "@azure/identity";
|
||||
import type { TokenCredential } from "@azure/core-auth";
|
||||
import { SkAzureCredential } from "./sk-credential.ts";
|
||||
|
||||
type CredentialType = "d" | "default" | "cs" | "clientSecret" | "dc" | "deviceCode";
|
||||
import { translateResourceNamesToScopes } from "./index.ts";
|
||||
|
||||
export async function getCredential(
|
||||
type CredentialType =
|
||||
| "d"
|
||||
| "default"
|
||||
| "cs"
|
||||
| "clientSecret"
|
||||
| "dc"
|
||||
| "deviceCode"
|
||||
| "sk"
|
||||
| "skCredential";
|
||||
|
||||
export function getCredential(
|
||||
credentialType: CredentialType,
|
||||
tenantId?: string,
|
||||
clientId?: string,
|
||||
clientSecret?: string,
|
||||
): Promise<DefaultAzureCredential | ClientSecretCredential | DeviceCodeCredential> {
|
||||
): TokenCredential {
|
||||
switch (credentialType) {
|
||||
case "d":
|
||||
case "default":
|
||||
@@ -23,11 +38,7 @@ export async function getCredential(
|
||||
"tenantId, clientId, and clientSecret are required for ClientSecretCredential",
|
||||
);
|
||||
}
|
||||
return new ClientSecretCredential(
|
||||
tenantId,
|
||||
clientId,
|
||||
clientSecret,
|
||||
);
|
||||
return new ClientSecretCredential(tenantId, clientId, clientSecret);
|
||||
case "dc":
|
||||
case "deviceCode":
|
||||
if (!tenantId || !clientId) {
|
||||
@@ -42,15 +53,33 @@ export async function getCredential(
|
||||
console.log(info.message);
|
||||
},
|
||||
});
|
||||
case "sk":
|
||||
case "skCredential":
|
||||
if (!tenantId || !clientId) {
|
||||
throw new Error(
|
||||
"tenantId and clientId are required for SkAzureCredential",
|
||||
);
|
||||
}
|
||||
return new SkAzureCredential(tenantId, clientId);
|
||||
|
||||
default:
|
||||
throw new Error(`Unsupported credential type: ${credentialType}`);
|
||||
}
|
||||
}
|
||||
|
||||
export async function acquireResourceToken(
|
||||
export async function getTokenUsingAzureIdentity(
|
||||
tenantId: string,
|
||||
clientId: string,
|
||||
resource: string,
|
||||
): Promise<AuthenticationResult | null> {
|
||||
return acquireResourceTokenPca(tenantId, clientId, resource);
|
||||
resources: string[],
|
||||
): Promise<string> {
|
||||
const scopes = translateResourceNamesToScopes(resources);
|
||||
const credential = getCredential("default", tenantId, clientId);
|
||||
|
||||
const getBearerToken = getBearerTokenProvider(credential, scopes);
|
||||
const accessToken = await getBearerToken();
|
||||
if (!accessToken) {
|
||||
throw new Error("Failed to acquire access token with Azure Identity.");
|
||||
}
|
||||
|
||||
return accessToken;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user