@azure/ms-rest-nodeauth

// Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT License. See License.txt in the project root for license information. import { Constants as MSRestConstants, WebResource } from "@azure/ms-rest-js"; import { Environment } from "@azure/ms-rest-azure-env"; import { TokenAudience } from "../util/authConstants"; import { TokenClientCredentials } from "./tokenClientCredentials"; import { TokenResponse, AuthenticationContext, MemoryCache, ErrorResponse, TokenCache } from "adal-node"; export abstract class TokenCredentialsBase implements TokenClientCredentials { public authContext: AuthenticationContext; public constructor( public readonly clientId: string, public domain: string, public readonly tokenAudience?: TokenAudience, public readonly environment: Environment = Environment.AzureCloud, public tokenCache: TokenCache = new MemoryCache() ) { if (!clientId || typeof clientId.valueOf() !== "string") { throw new Error("clientId must be a non empty string."); } if (!domain || typeof domain.valueOf() !== "string") { throw new Error("domain must be a non empty string."); } if (this.tokenAudience === "graph" && this.domain.toLowerCase() === "common") { throw new Error( `${'If the tokenAudience is specified as "graph" then "domain" cannot be defaulted to "common" tenant.\ It must be the actual tenant (preferably a string in a guid format).'}` ); } const authorityUrl = this.environment.activeDirectoryEndpointUrl + this.domain; this.authContext = new AuthenticationContext( authorityUrl, this.environment.validateAuthority, this.tokenCache ); } public setDomain(domain: string): void { this.domain = domain; const authorityUrl = this.environment.activeDirectoryEndpointUrl + this.domain; this.authContext = new AuthenticationContext( authorityUrl, this.environment.validateAuthority, this.tokenCache ); } protected getActiveDirectoryResourceId(): string { let resource = this.environment.activeDirectoryResourceId; if (this.tokenAudience) { resource = this.tokenAudience; if (this.tokenAudience.toLowerCase() === "graph") { resource = this.environment.activeDirectoryGraphResourceId as string; } else if (this.tokenAudience.toLowerCase() === "batch") { resource = this.environment.batchResourceId as string; } } return resource; } protected getTokenFromCache(username?: string): Promise<TokenResponse> { const self = this; const resource = this.getActiveDirectoryResourceId(); return new Promise<TokenResponse>((resolve, reject) => { self.authContext.acquireToken( resource, username!, self.clientId, (error: Error, tokenResponse: TokenResponse | ErrorResponse) => { if (error) { return reject(error); } if (tokenResponse.error || tokenResponse.errorDescription) { return reject(tokenResponse); } return resolve(tokenResponse as TokenResponse); } ); }); } /** * Tries to get the token from cache initially. If that is unsuccessful then it tries to get the token from ADAL. * * @returns The tokenResponse (tokenType and accessToken are the two important properties). */ public abstract async getToken(): Promise<TokenResponse>; /** * Signs a request with the Authentication header. * * @param webResource - The WebResource to be signed. */ public async signRequest(webResource: WebResource): Promise<WebResource> { const tokenResponse = await this.getToken(); webResource.headers.set( MSRestConstants.HeaderConstants.AUTHORIZATION, `${tokenResponse.tokenType} ${tokenResponse.accessToken}` ); return webResource; } }