slawek/sk-az-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Authentication refactoring.

Browse Source
This commit is contained in:
Sławek Koszewski
2026-03-11 10:41:42 +01:00
parent d69402a33d
commit b678dd5ace
12 changed files with 214 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
src/azure/index.ts
View File

@@ -8,7 +8,10 @@
import { getTokenUsingMsal } from "./pca-auth.ts";
import { getTokenUsingAzureIdentity } from "./client-auth.ts";
import { loadConfig } from "../index.ts";
import { loadAuthConfig, loadConfig } from "../index.ts";
import { SkAzureCredential } from "./sk-credential.ts";
import { DefaultAzureCredential } from "@azure/identity";
import type { TokenCredential } from "@azure/core-auth";
// Reexporting functions and types from submodules
export {
@@ -24,21 +27,42 @@ export { getCredential } from "./client-auth.ts";
export const RESOURCE_SCOPE_BY_NAME = {
graph: "https://graph.microsoft.com/.default",
devops: "499b84ac-1321-427f-aa17-267ca6975798/.default",
arm: "https://management.azure.com/.default",
azurerm: "https://management.azure.com/.default",
openai: "https://cognitiveservices.azure.com/.default",
} as const;
export type ResourceName = keyof typeof RESOURCE_SCOPE_BY_NAME;
export const DEFAULT_RESOURCES: ResourceName[] = ["graph", "devops", "arm"];
export const DEFAULT_RESOURCES: ResourceName[] = ["graph", "devops", "azurerm"];
// A helper function to translate short resource names to their corresponding scopes
export function translateResourceNamesToScopes(resourceNames: string[]): string[] {
return resourceNames.map((name) => RESOURCE_SCOPE_BY_NAME[name as ResourceName]);
}
export function supportedResourceNames(): ResourceName[] {
return Object.keys(RESOURCE_SCOPE_BY_NAME) as ResourceName[];
}
// Generic utility functions
export type AuthMode = "azure-identity" | "msal";
export async function getTokenCredential(
tenantId?: string,
clientId?: string,
): Promise<TokenCredential> {
const config = await loadConfig();
if (config.authMode === "azure-identity") {
return new DefaultAzureCredential();
}
const authConfig = await loadAuthConfig("public-config");
return new SkAzureCredential(
tenantId || authConfig.tenantId,
clientId || authConfig.clientId,
);
}
export async function getAccessToken(
tenantId: string,
clientId: string,
@@ -55,24 +79,3 @@ export async function getAccessToken(
return getTokenUsingAzureIdentity(tenantId, clientId, resources);
}
}
// export function getAzureIdentityGraphAuthProvider(
// tenantId: string,
// clientId: string,
// ) {
// const credential = new DefaultAzureCredential({
// tenantId,
// managedIdentityClientId: clientId,
// });
// const getBearerToken = getBearerTokenProvider(
// credential,
// "https://graph.microsoft.com/.default",
// );
// return (done: (error: Error | null, accessToken: string | null) => void) => {
// void getBearerToken()
// .then((token) => done(null, token))
// .catch((err) => done(err as Error, null));
// };
// }