Refactor of authentication code. Added configuration file selectable authentication method. Selectable from built-in Azure Identity, and custom PCA using MSAL.
Some checks failed
build / build (push) Failing after 14s
Some checks failed
build / build (push) Failing after 14s
This commit is contained in:
@@ -1,24 +1,54 @@
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
import { Client } from "@microsoft/microsoft-graph-client";
|
||||
import { acquireResourceToken } from "../azure/index.ts";
|
||||
import { getAccessToken } from "../azure/index.ts";
|
||||
import { DefaultAzureCredential, getBearerTokenProvider } from "@azure/identity";
|
||||
|
||||
type GraphApiToken = {
|
||||
accessToken: string;
|
||||
[key: string]: unknown;
|
||||
};
|
||||
// export async function getGraphClientUsingMsal(
|
||||
// tenantId: string,
|
||||
// clientId: string,
|
||||
// ): Promise<Client> {
|
||||
// const graphApiToken = await getAccessToken(tenantId, clientId, ["graph"]);
|
||||
|
||||
export async function getGraphClient(
|
||||
// return Client.init({
|
||||
// authProvider: (done) => {
|
||||
// done(null, graphApiToken);
|
||||
// },
|
||||
// });
|
||||
// }
|
||||
|
||||
type GraphAuthProvider = (
|
||||
done: (error: Error | null, accessToken: string | null) => void
|
||||
) => void;
|
||||
|
||||
export function getMsalAuthProvider(
|
||||
tenantId: string,
|
||||
clientId: string,
|
||||
): Promise<{ graphApiToken: GraphApiToken; client: any }> {
|
||||
const graphApiToken = await acquireResourceToken(tenantId, clientId, "graph") as GraphApiToken;
|
||||
): GraphAuthProvider {
|
||||
return (done) => {
|
||||
void getAccessToken(tenantId, clientId, ["graph"])
|
||||
.then((accessToken) => done(null, accessToken))
|
||||
.catch((err) => done(err as Error, null));
|
||||
};
|
||||
}
|
||||
|
||||
const client = Client.init({
|
||||
authProvider: (done) => {
|
||||
done(null, graphApiToken.accessToken);
|
||||
},
|
||||
export function getAzureIdentityAuthProvider(
|
||||
tenantId: string,
|
||||
clientId: string,
|
||||
) {
|
||||
const credential = new DefaultAzureCredential({
|
||||
tenantId,
|
||||
managedIdentityClientId: clientId,
|
||||
});
|
||||
|
||||
return { graphApiToken, client };
|
||||
const getBearerToken = getBearerTokenProvider(
|
||||
credential,
|
||||
"https://graph.microsoft.com/.default",
|
||||
);
|
||||
|
||||
return (done: (error: Error | null, accessToken: string | null) => void) => {
|
||||
void getBearerToken()
|
||||
.then((token) => done(null, token))
|
||||
.catch((err) => done(err as Error, null));
|
||||
};
|
||||
}
|
||||
|
||||
@@ -3,3 +3,22 @@
|
||||
export * from "./auth.ts";
|
||||
export * from "./app.ts";
|
||||
export * from "./sp.ts";
|
||||
|
||||
import { loadAuthConfig, loadConfig } from "../index.ts";
|
||||
import { Client } from "@microsoft/microsoft-graph-client";
|
||||
|
||||
import { getMsalAuthProvider, getAzureIdentityAuthProvider } from "./auth.ts";
|
||||
|
||||
export async function getGraphClient(): Promise<Client> {
|
||||
const config = await loadConfig();
|
||||
|
||||
const authConfig = await loadAuthConfig("public-config");
|
||||
const authProvider =
|
||||
config.authMode === "azure-identity"
|
||||
? getAzureIdentityAuthProvider(authConfig.tenantId, authConfig.clientId)
|
||||
: getMsalAuthProvider(authConfig.tenantId, authConfig.clientId);
|
||||
|
||||
return Client.init({
|
||||
authProvider: authProvider,
|
||||
});
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user