@backstage/integration/dist/azure/ManagedIdentityClientAssertion.esm.js

Helpers for managing integrations towards external systems

import { ManagedIdentityCredential } from '@azure/identity';

const fiveMinutes = 5 * 60 * 1e3;
const expiresWithinFiveMinutes = (clientAssertion) => clientAssertion.expiresOnTimestamp - Date.now() <= fiveMinutes;
class ManagedIdentityClientAssertion {
  credential;
  clientAssertion;
  /**
   * Creates an instance of ManagedIdentityClientAssertion.
   * @param options - Optional parameters for the ManagedIdentityClientAssertion.
   *                  - clientId: The client ID of the managed identity. If not provided, 'system-assigned' is used.
   */
  constructor(options) {
    let { clientId } = options || {};
    clientId ??= "system-assigned";
    this.credential = clientId === "system-assigned" ? new ManagedIdentityCredential() : new ManagedIdentityCredential(clientId);
  }
  /**
   * Gets a signed client assertion.
   * If a valid client assertion is already cached which doesn't expire soon, it returns the cached assertion.
   * Otherwise, it obtains a new access token and creates a new client assertion.
   * @returns A promise that resolves to the signed client assertion.
   */
  async getSignedAssertion() {
    if (this.clientAssertion !== void 0 && !expiresWithinFiveMinutes(this.clientAssertion)) {
      return this.clientAssertion.signedAssertion;
    }
    const accessToken = await this.credential.getToken(
      "api://AzureADTokenExchange"
    );
    this.clientAssertion = {
      signedAssertion: accessToken.token,
      expiresOnTimestamp: accessToken.expiresOnTimestamp
    };
    return accessToken.token;
  }
}

export { ManagedIdentityClientAssertion };
//# sourceMappingURL=ManagedIdentityClientAssertion.esm.js.map