// SPDX-License-Identifier: MIT import { DefaultAzureCredential, ClientSecretCredential, DeviceCodeCredential, getBearerTokenProvider, } from "@azure/identity"; import type { TokenCredential } from "@azure/core-auth"; import { SkAzureCredential } from "./sk-credential.ts"; import { translateResourceNamesToScopes } from "./index.ts"; type CredentialType = | "d" | "default" | "cs" | "clientSecret" | "dc" | "deviceCode" | "sk" | "skCredential"; export function getCredential( credentialType: CredentialType, tenantId?: string, clientId?: string, clientSecret?: string, ): TokenCredential { switch (credentialType) { case "d": case "default": return new DefaultAzureCredential(); case "cs": case "clientSecret": if (!tenantId || !clientId || !clientSecret) { throw new Error( "tenantId, clientId, and clientSecret are required for ClientSecretCredential", ); } return new ClientSecretCredential(tenantId, clientId, clientSecret); case "dc": case "deviceCode": if (!tenantId || !clientId) { throw new Error( "tenantId and clientId are required for DeviceCodeCredential", ); } return new DeviceCodeCredential({ tenantId, clientId, userPromptCallback: (info) => { console.log(info.message); }, }); case "sk": case "skCredential": if (!tenantId || !clientId) { throw new Error( "tenantId and clientId are required for SkAzureCredential", ); } return new SkAzureCredential(tenantId, clientId); default: throw new Error(`Unsupported credential type: ${credentialType}`); } } export async function getTokenUsingAzureIdentity( tenantId: string, clientId: string, resources: string[], ): Promise { const scopes = translateResourceNamesToScopes(resources); const credential = getCredential("default", tenantId, clientId); const getBearerToken = getBearerTokenProvider(credential, scopes); const accessToken = await getBearerToken(); if (!accessToken) { throw new Error("Failed to acquire access token with Azure Identity."); } return accessToken; }