UNPKG

@sphereon/ssi-sdk.ms-authenticator

Version:

94 lines (90 loc) 4.95 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
import { ConfidentialClientApplication, AuthenticationResult, LogLevel, Configuration } from '@azure/msal-node'; declare const MS_DID_ENDPOINT_NON_EU = "https://beta.did.msidentity.com/v1.0/"; declare const MS_DID_ENDPOINT_EU = "https://beta.eu.did.msidentity.com/v1.0/"; declare function getMSOpenIDClientRegion(azTenantId: string): Promise<string>; declare function getEntraDIDEndpoint(opts: { region?: string; azTenantId: string; }): Promise<"https://beta.did.msidentity.com/v1.0/" | "https://beta.eu.did.msidentity.com/v1.0/">; declare function assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<string>; /** * necessary fields are: * azClientId: clientId of the application you're trying to login * azClientSecret: secret of the application you're trying to login * azTenantId: your MS Azure tenantId * optional fields: * credentialManifest: address of your credential manifest. usually in following format: * https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema> * @param authenticationArgs * @constructor */ declare function getMSClientCredentialAccessToken(authenticationArgs: IMsAuthenticationClientCredentialArgs, opts?: { confidentialClient?: ConfidentialClientApplication; }): Promise<AuthenticationResult>; declare function newMSClientCredentialAuthenticator(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<IMSClientCredentialAuthInfo>; /** * Logs in with provided authenticationArgs and returns access token * @param authenticationArgs * @constructor */ declare function UsernamePasswordAuthenticator(authenticationArgs: IMsAuthenticationUsernamePasswordArgs): Promise<string>; declare function determineMSAuthId(authenticationArgs: IMsAuthenticationClientCredentialArgs | IMsAuthenticationUsernamePasswordArgs): string; /** * azClientId: clientId of the application you're trying to login * azClientSecret: secret of the application you're trying to login * azTenantId: your MS Azure tenantId * credentialManifestUrl: url of your credential manifest. usually in following format: * https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema> * authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: * - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. * - Work and school accounts: https://login.microsoftonline.com/organizations/. * region?: if present will use the provided, if not will make a request to determine the region * scopes?: scopes that you want to access via this authentication * skipCache?: whether to skip cache * piiLoggingEnabled?: if not provided defaults to false * logLevel?: can be one of these values: * Error = 0, * Warning = 1, * Info = 2, * Verbose = 3, * Trace = 4 * if not provided defaults to LogLevel.Verbose */ interface IMsAuthenticationClientCredentialArgs { azClientId: string; azTenantId: string; azClientSecret: string; credentialManifestUrl?: string; authority?: string; region?: string; scopes?: string[]; skipCache?: boolean; piiLoggingEnabled?: boolean; logLevel?: LogLevel; } /** * azClientId: clientId of the application you're trying to login * azTenantId: your MS Azure tenantId * username: username of the user * password: password of the user * scopes: scopes that you want to access via this authentication * authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: * - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. * - Work and school accounts: https://login.microsoftonline.com/organizations/. */ interface IMsAuthenticationUsernamePasswordArgs { azClientId: string; azTenantId: string; password: string; scopes: string[]; username: string; authority?: string; } interface IMSClientCredentialAuthInfo { id: string; confidentialClient: ConfidentialClientApplication; msalConfig: Configuration; authenticationArgs: IMsAuthenticationClientCredentialArgs; didEndpoint?: string; } export { type IMSClientCredentialAuthInfo, type IMsAuthenticationClientCredentialArgs, type IMsAuthenticationUsernamePasswordArgs, MS_DID_ENDPOINT_EU, MS_DID_ENDPOINT_NON_EU, UsernamePasswordAuthenticator, assertEntraCredentialManifestUrlInCorrectRegion, determineMSAuthId, getEntraDIDEndpoint, getMSClientCredentialAccessToken, getMSOpenIDClientRegion, newMSClientCredentialAuthenticator };