UNPKG

@shane32/msoauth

Version:

A React library for Azure AD authentication with PKCE (Proof Key for Code Exchange) flow support. This library provides a secure and easy-to-use solution for implementing Azure AD authentication in React applications, with support for both API and Microso

github.com/shane32/msoauth

shane32/msoauth

134 lines (133 loc) 7.29 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
var __extends = (this && this.__extends) || (function () { var extendStatics = function (d, b) { extendStatics = Object.setPrototypeOf || ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) || function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; }; return extendStatics(d, b); }; return function (d, b) { if (typeof b !== "function" && b !== null) throw new TypeError("Class extends value " + String(b) + " is not a constructor or null"); extendStatics(d, b); function __() { this.constructor = d; } d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __()); }; })(); var __assign = (this && this.__assign) || function () { __assign = Object.assign || function(t) { for (var s, i = 1, n = arguments.length; i < n; i++) { s = arguments[i]; for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p]; } return t; }; return __assign.apply(this, arguments); }; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; var __generator = (this && this.__generator) || function (thisArg, body) { var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype); return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; function verb(n) { return function (v) { return step([n, v]); }; } function step(op) { if (f) throw new TypeError("Generator is already executing."); while (g && (g = 0, op[0] && (_ = 0)), _) try { if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t; if (y = 0, t) op = [op[0] & 2, t.value]; switch (op[0]) { case 0: case 1: t = op; break; case 4: _.label++; return { value: op[1], done: false }; case 5: _.label++; y = op[1]; op = [0]; continue; case 7: op = _.ops.pop(); _.trys.pop(); continue; default: if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; } if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; } if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; } if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; } if (t[2]) _.ops.pop(); _.trys.pop(); continue; } op = body.call(thisArg, _); } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; } if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true }; } }; var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) { if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) { if (ar || !(i in from)) { if (!ar) ar = Array.prototype.slice.call(from, 0, i); ar[i] = from[i]; } } return to.concat(ar || Array.prototype.slice.call(from)); }; import AuthManager from "./AuthManager"; /** * Microsoft-specific implementation of AuthManager * Handles Microsoft-specific OAuth flows and token management * @template TPolicyNames - Enum type for policy keys */ var MsAuthManager = /** @class */ (function (_super) { __extends(MsAuthManager, _super); /** * Creates a new instance of MsAuthManager * @param {AuthManagerConfiguration} config - Configuration object for the MsAuthManager */ function MsAuthManager(config) { var _this = this; // Add Microsoft-specific scopes to the configuration var msConfig = __assign({}, config); // Split the scopes by spaces var allScopes = config.scopes.split(" ").filter(function (scope) { return scope.trim() !== ""; }); // Filter API scopes (starting with "api://") and non-API scopes var apiScopes = allScopes.filter(function (scope) { return scope.startsWith("api://"); }); var nonApiScopes = allScopes.filter(function (scope) { return !scope.startsWith("api://"); }); // Update config.scopes to only include API scopes msConfig.scopes = apiScopes.join(" "); // Create a new scopeSets array with the MS-specific scope set // Include both standard MS scopes and non-API scopes from config var msScope = { name: "ms", scopes: __spreadArray(["openid", "profile", "offline_access"], nonApiScopes, true).join(" "), }; // Add the MS scope set to the config msConfig.scopeSets = msConfig.scopeSets ? __spreadArray(__spreadArray([], msConfig.scopeSets, true), [msScope], false) : [msScope]; // Call the parent constructor with the updated config _this = _super.call(this, msConfig) || this; // Track whether we have API scopes _this.hasApiScopes = apiScopes.length > 0; return _this; } /** * Gets a valid access token for the specified scope set * If no API scopes were configured and requesting the default scope set, * returns the ID token instead of the access token * @param {string} [scopeSetName="default"] - The name of the scope set to get the token for * @returns {Promise<string>} A valid access token or ID token * @throws {Error} If not authenticated, token refresh fails, or scope set doesn't exist */ MsAuthManager.prototype.getAccessToken = function () { return __awaiter(this, arguments, void 0, function (scopeSetName) { if (scopeSetName === void 0) { scopeSetName = "default"; } return __generator(this, function (_a) { // If no API scopes were configured and requesting default scope set, // return the ID token instead if (!this.hasApiScopes && scopeSetName === "default") { return [2 /*return*/, this.getIdToken()]; } // Otherwise, use the parent implementation return [2 /*return*/, _super.prototype.getAccessToken.call(this, scopeSetName)]; }); }); }; return MsAuthManager; }(AuthManager)); export default MsAuthManager;