UNPKG

@equinor/fusion-framework-module-msal-node

Version:

Fusion Framework module for secure Azure AD authentication in Node.js using MSAL. Supports interactive, silent, and token-only authentication modes with encrypted token storage.

github.com/equinor/fusion-framework

equinor/fusion-framework

57 lines (53 loc) 2.62 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
import type { AuthenticationResult } from '@azure/msal-node'; /** * Interface for authentication providers in the Fusion MSAL Node module. * * Provides a unified API for authentication operations, including acquiring access tokens. * The actual behavior of each method depends on the configured authentication mode (interactive, silent, or token-only). * * When accessing `appModules.msal.auth`, you will interact with this interface to: * - Acquire Azure AD access tokens for specified scopes * * All methods are asynchronous and return Promises. See method documentation for details. * * @remarks * This provider assumes the user is already logged in. To support login and logout operations, the module must be configured in interactive mode. In other modes, `login` and `logout` are present for compatibility but will be no-ops or throw if called. * * @see IAuthProviderInteractive for interactive login/logout support */ export interface IAuthProvider { /** * This method is present for compatibility but will never trigger a user login flow unless interactive mode is configured. * * @param options - An object specifying the required scopes for authentication. * @returns A Promise that will always reject or be a no-op, depending on implementation. * * @remarks * This method is not supported and should not be used to initiate login unless interactive mode is enabled. */ login(options: { request: { scopes: string[] } }): Promise<AuthenticationResult>; /** * This method is present for compatibility but will never trigger a user logout flow unless interactive mode is configured. * * @returns A Promise that will always resolve immediately or be a no-op, depending on implementation. * * @remarks * This method is not supported and should not be used to initiate logout unless interactive mode is enabled. */ logout(): Promise<void>; /** * Acquires an access token for the specified scopes. * * @param options - An object specifying the required scopes and an optional `interactive` flag. * - `request.scopes`: The scopes for which the token is requested. * - `interactive`: If true, may trigger an interactive login if silent acquisition fails (not supported unless interactive mode is enabled). * @returns A Promise that resolves to a string representing the acquired access token. * * @remarks * This is the primary method for obtaining tokens for API calls or resource access. */ acquireAccessToken(options: { request: { scopes: string[] }; interactive?: boolean; }): Promise<string>; }