@microsoft/kiota-authentication-azure/dist/es/src/azureIdentityAccessTokenProvider.js

Authentication provider for Kiota using Azure Identity

/**
 * -------------------------------------------------------------------------------------------
 * Copyright (c) Microsoft Corporation.  All Rights Reserved.  Licensed under the MIT License.
 * See License in the project root for license information.
 * -------------------------------------------------------------------------------------------
 */
import { AllowedHostsValidator, validateProtocol, inNodeEnv } from "@microsoft/kiota-abstractions";
import { trace } from "@opentelemetry/api";
import { ObservabilityOptionsImpl } from "./observabilityOptions.js";
/** Access token provider that leverages the Azure Identity library to retrieve an access token. */
export class AzureIdentityAccessTokenProvider {
    /**
     *@param credentials The tokenCredential implementation to use for authentication.
     *@param scopes The scopes to use for authentication.
     *@param options The options to use for authentication.
     *@param allowedHosts The allowed hosts to use for authentication.
     *@param observabilityOptions The observability options to use for authentication.
     *@param isCaeEnabled A flag to determine if Continuous Access Evaluation is enabled.
     */
    constructor(credentials, scopes = [], options, allowedHosts = new Set(), observabilityOptions = new ObservabilityOptionsImpl(), isCaeEnabled = true) {
        this.credentials = credentials;
        this.scopes = scopes;
        this.options = options;
        this.observabilityOptions = observabilityOptions;
        this.isCaeEnabled = isCaeEnabled;
        /**
         * @inheritdoc
         */
        this.getAuthorizationToken = (url, additionalAuthenticationContext) => {
            return trace.getTracer(this.observabilityOptions.getTracerInstrumentationName()).startActiveSpan("getAuthorizationToken", (span) => {
                try {
                    return this.getAuthorizationTokenInternal(url, additionalAuthenticationContext, span);
                }
                finally {
                    span.end();
                }
            });
        };
        this.getAuthorizationTokenInternal = async (url, additionalAuthenticationContext, span) => {
            var _a;
            if (!url || !this.allowedHostsValidator.isUrlHostValid(url)) {
                span === null || span === void 0 ? void 0 : span.setAttribute("com.microsoft.kiota.authentication.is_url_valid", false);
                return "";
            }
            validateProtocol(url);
            span === null || span === void 0 ? void 0 : span.setAttribute("com.microsoft.kiota.authentication.is_url_valid", true);
            let decodedClaims = "";
            if (additionalAuthenticationContext === null || additionalAuthenticationContext === void 0 ? void 0 : additionalAuthenticationContext[AzureIdentityAccessTokenProvider.claimsKey]) {
                const rawClaims = additionalAuthenticationContext[AzureIdentityAccessTokenProvider.claimsKey];
                decodedClaims = inNodeEnv() ? Buffer.from(rawClaims, "base64").toString() : atob(rawClaims);
            }
            span === null || span === void 0 ? void 0 : span.setAttribute("com.microsoft.kiota.authentication.additional_claims_provided", decodedClaims !== "");
            const localOptions = Object.assign({}, this.options);
            localOptions.enableCae = this.isCaeEnabled;
            if (decodedClaims) {
                localOptions.claims = decodedClaims;
            }
            if (this.scopes.length === 0) {
                const [scheme, host] = this.getSchemeAndHostFromUrl(url);
                this.scopes.push(`${scheme}://${host}/.default`);
            }
            span === null || span === void 0 ? void 0 : span.setAttribute("com.microsoft.kiota.authentication.scopes", this.scopes.join(","));
            const result = await this.credentials.getToken(this.scopes, localOptions);
            return (_a = result === null || result === void 0 ? void 0 : result.token) !== null && _a !== void 0 ? _a : "";
        };
        this.getSchemeAndHostFromUrl = (url) => {
            const urlParts = url.split("://");
            if (urlParts.length === 0) {
                // relative url
                return [this.getSchemeFromLocation(), this.getHostFromLocation()];
            }
            else if (urlParts.length === 1) {
                // protocol relative url
                return [this.getSchemeFromLocation(), urlParts[0].split("/")[0]];
            }
            else if (urlParts.length >= 2) {
                // absolute url
                return [urlParts[0], urlParts[1].split("/")[0]];
            }
            else {
                throw new Error("invalid url");
            }
        };
        this.getSchemeFromLocation = () => {
            if (!inNodeEnv()) {
                return window.location.protocol.replace(":", "");
            }
            return "";
        };
        this.getHostFromLocation = () => {
            if (!inNodeEnv()) {
                return window.location.host;
            }
            return "";
        };
        /**
         * @inheritdoc
         */
        this.getAllowedHostsValidator = () => this.allowedHostsValidator;
        if (!credentials) {
            throw new Error("parameter credentials cannot be null");
        }
        if (!scopes) {
            throw new Error("scopes cannot be null");
        }
        if (!observabilityOptions) {
            throw new Error("observabilityOptions cannot be null");
        }
        this.allowedHostsValidator = new AllowedHostsValidator(allowedHosts);
    }
}
AzureIdentityAccessTokenProvider.claimsKey = "claims";
//# sourceMappingURL=azureIdentityAccessTokenProvider.js.map