@pnp/cli-microsoft365/dist/utils/accessToken.js

Manage Microsoft 365 and SharePoint Framework projects on any platform

import auth from "../Auth.js";
import { CommandError } from "../Command.js";
export const accessToken = {
    isAppOnlyAccessToken(accessToken) {
        let isAppOnlyAccessToken;
        if (!accessToken || accessToken.length === 0) {
            return isAppOnlyAccessToken;
        }
        const chunks = accessToken.split('.');
        if (chunks.length !== 3) {
            return isAppOnlyAccessToken;
        }
        const tokenString = Buffer.from(chunks[1], 'base64').toString();
        try {
            const token = JSON.parse(tokenString);
            isAppOnlyAccessToken = token.idtyp === 'app';
        }
        catch {
        }
        return isAppOnlyAccessToken;
    },
    getTenantIdFromAccessToken(accessToken) {
        let tenantId = '';
        if (!accessToken || accessToken.length === 0) {
            return tenantId;
        }
        const chunks = accessToken.split('.');
        if (chunks.length !== 3) {
            return tenantId;
        }
        const tokenString = Buffer.from(chunks[1], 'base64').toString();
        try {
            const token = JSON.parse(tokenString);
            tenantId = token.tid;
        }
        catch {
        }
        return tenantId;
    },
    getUserNameFromAccessToken(accessToken) {
        let userName = '';
        if (!accessToken || accessToken.length === 0) {
            return userName;
        }
        const chunks = accessToken.split('.');
        if (chunks.length !== 3) {
            return userName;
        }
        const tokenString = Buffer.from(chunks[1], 'base64').toString();
        try {
            const token = JSON.parse(tokenString);
            // if authenticated using certificate, there is no upn so use
            // app display name instead
            userName = token.upn || token.app_displayname;
        }
        catch {
        }
        return userName;
    },
    getUserIdFromAccessToken(accessToken) {
        let userId = '';
        if (!accessToken || accessToken.length === 0) {
            return userId;
        }
        const chunks = accessToken.split('.');
        if (chunks.length !== 3) {
            return userId;
        }
        const tokenString = Buffer.from(chunks[1], 'base64').toString();
        try {
            const token = JSON.parse(tokenString);
            userId = token.oid;
        }
        catch {
        }
        return userId;
    },
    getDecodedAccessToken(accessToken) {
        const chunks = accessToken.split('.');
        const headerString = Buffer.from(chunks[0], 'base64').toString();
        const payloadString = Buffer.from(chunks[1], 'base64').toString();
        const header = JSON.parse(headerString);
        const payload = JSON.parse(payloadString);
        return { header, payload };
    },
    /**
     * Asserts the presence of a delegated access token.
     * @throws {CommandError} Will throw an error if the access token is not available.
     * @throws {CommandError} Will throw an error if the access token is an application-only access token.
     */
    assertDelegatedAccessToken() {
        const accessToken = auth?.connection?.accessTokens?.[auth.defaultResource]?.accessToken;
        if (!accessToken) {
            throw new CommandError('No access token found.');
        }
        if (this.isAppOnlyAccessToken(accessToken)) {
            throw new CommandError('This command does not support application-only permissions.');
        }
    }
};
//# sourceMappingURL=accessToken.js.map