86 lines
2.2 KiB
TypeScript
86 lines
2.2 KiB
TypeScript
// SPDX-License-Identifier: MIT
|
|
|
|
import {
|
|
DefaultAzureCredential,
|
|
ClientSecretCredential,
|
|
DeviceCodeCredential,
|
|
getBearerTokenProvider,
|
|
} from "@azure/identity";
|
|
import type { TokenCredential } from "@azure/core-auth";
|
|
import { SkAzureCredential } from "./sk-credential.ts";
|
|
|
|
import { translateResourceNamesToScopes } from "./index.ts";
|
|
|
|
type CredentialType =
|
|
| "d"
|
|
| "default"
|
|
| "cs"
|
|
| "clientSecret"
|
|
| "dc"
|
|
| "deviceCode"
|
|
| "sk"
|
|
| "skCredential";
|
|
|
|
export function getCredential(
|
|
credentialType: CredentialType,
|
|
tenantId?: string,
|
|
clientId?: string,
|
|
clientSecret?: string,
|
|
): TokenCredential {
|
|
switch (credentialType) {
|
|
case "d":
|
|
case "default":
|
|
return new DefaultAzureCredential();
|
|
case "cs":
|
|
case "clientSecret":
|
|
if (!tenantId || !clientId || !clientSecret) {
|
|
throw new Error(
|
|
"tenantId, clientId, and clientSecret are required for ClientSecretCredential",
|
|
);
|
|
}
|
|
return new ClientSecretCredential(tenantId, clientId, clientSecret);
|
|
case "dc":
|
|
case "deviceCode":
|
|
if (!tenantId || !clientId) {
|
|
throw new Error(
|
|
"tenantId and clientId are required for DeviceCodeCredential",
|
|
);
|
|
}
|
|
return new DeviceCodeCredential({
|
|
tenantId,
|
|
clientId,
|
|
userPromptCallback: (info) => {
|
|
console.log(info.message);
|
|
},
|
|
});
|
|
case "sk":
|
|
case "skCredential":
|
|
if (!tenantId || !clientId) {
|
|
throw new Error(
|
|
"tenantId and clientId are required for SkAzureCredential",
|
|
);
|
|
}
|
|
return new SkAzureCredential(tenantId, clientId);
|
|
|
|
default:
|
|
throw new Error(`Unsupported credential type: ${credentialType}`);
|
|
}
|
|
}
|
|
|
|
export async function getTokenUsingAzureIdentity(
|
|
tenantId: string,
|
|
clientId: string,
|
|
resources: string[],
|
|
): Promise<string> {
|
|
const scopes = translateResourceNamesToScopes(resources);
|
|
const credential = getCredential("default", tenantId, clientId);
|
|
|
|
const getBearerToken = getBearerTokenProvider(credential, scopes);
|
|
const accessToken = await getBearerToken();
|
|
if (!accessToken) {
|
|
throw new Error("Failed to acquire access token with Azure Identity.");
|
|
}
|
|
|
|
return accessToken;
|
|
}
|