Refactor of authentication code. Added configuration file selectable authentication method. Selectable from built-in Azure Identity, and custom PCA using MSAL.
Some checks failed
build / build (push) Failing after 14s
Some checks failed
build / build (push) Failing after 14s
This commit is contained in:
@@ -6,8 +6,11 @@
|
||||
* This module provides authentication functionalities for Azure services.
|
||||
*/
|
||||
|
||||
export { getCredential } from "./client-auth.ts";
|
||||
import { acquireResourceToken as acquireResourceTokenPca } from "./pca-auth.ts";
|
||||
import { getTokenUsingMsal } from "./pca-auth.ts";
|
||||
import { getTokenUsingAzureIdentity } from "./client-auth.ts";
|
||||
import { loadConfig } from "../index.ts";
|
||||
|
||||
// Reexporting functions and types from submodules
|
||||
export {
|
||||
loginInteractive,
|
||||
loginDeviceCode,
|
||||
@@ -16,10 +19,60 @@ export {
|
||||
parseResources,
|
||||
} from "./pca-auth.ts";
|
||||
|
||||
export async function acquireResourceToken(
|
||||
export { getCredential } from "./client-auth.ts";
|
||||
|
||||
export const RESOURCE_SCOPE_BY_NAME = {
|
||||
graph: "https://graph.microsoft.com/.default",
|
||||
devops: "499b84ac-1321-427f-aa17-267ca6975798/.default",
|
||||
arm: "https://management.azure.com/.default",
|
||||
openai: "https://cognitiveservices.azure.com/.default",
|
||||
} as const;
|
||||
|
||||
export type ResourceName = keyof typeof RESOURCE_SCOPE_BY_NAME;
|
||||
export const DEFAULT_RESOURCES: ResourceName[] = ["graph", "devops", "arm"];
|
||||
|
||||
// A helper function to translate short resource names to their corresponding scopes
|
||||
export function translateResourceNamesToScopes(resourceNames: string[]): string[] {
|
||||
return resourceNames.map((name) => RESOURCE_SCOPE_BY_NAME[name as ResourceName]);
|
||||
}
|
||||
|
||||
// Generic utility functions
|
||||
export type AuthMode = "azure-identity" | "msal";
|
||||
|
||||
export async function getAccessToken(
|
||||
tenantId: string,
|
||||
clientId: string,
|
||||
resource: string,
|
||||
) {
|
||||
return acquireResourceTokenPca(tenantId, clientId, resource);
|
||||
resources: string[]
|
||||
): Promise<string> {
|
||||
const config = await loadConfig();
|
||||
if (config.authMode === "msal") {
|
||||
const result = await getTokenUsingMsal(tenantId, clientId, resources);
|
||||
if (!result?.accessToken) {
|
||||
throw new Error("Failed to acquire access token with MSAL.");
|
||||
}
|
||||
return result.accessToken;
|
||||
} else {
|
||||
return getTokenUsingAzureIdentity(tenantId, clientId, resources);
|
||||
}
|
||||
}
|
||||
|
||||
// export function getAzureIdentityGraphAuthProvider(
|
||||
// tenantId: string,
|
||||
// clientId: string,
|
||||
// ) {
|
||||
// const credential = new DefaultAzureCredential({
|
||||
// tenantId,
|
||||
// managedIdentityClientId: clientId,
|
||||
// });
|
||||
|
||||
// const getBearerToken = getBearerTokenProvider(
|
||||
// credential,
|
||||
// "https://graph.microsoft.com/.default",
|
||||
// );
|
||||
|
||||
// return (done: (error: Error | null, accessToken: string | null) => void) => {
|
||||
// void getBearerToken()
|
||||
// .then((token) => done(null, token))
|
||||
// .catch((err) => done(err as Error, null));
|
||||
// };
|
||||
// }
|
||||
Reference in New Issue
Block a user