botframework-connector/lib/auth/certificateAppCredentials.js

Bot Connector is autorest generated connector client.

"use strict";
/**
 * @module botframework-connector
 */
/**
 * Copyright (c) Microsoft Corporation. All rights reserved.
 * Licensed under the MIT License.
 */
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.CertificateAppCredentials = void 0;
const msal_node_1 = require("@azure/msal-node");
const appCredentials_1 = require("./appCredentials");
const msalAppCredentials_1 = require("./msalAppCredentials");
/**
 * CertificateAppCredentials auth implementation
 */
class CertificateAppCredentials extends appCredentials_1.AppCredentials {
    /**
     * Initializes a new instance of the [CertificateAppCredentials](xref:botframework-connector.CertificateAppCredentials) class.
     *
     * @param appId Microsoft application Id related to the certificate.
     * @param certificateThumbprint A hex encoded thumbprint of the certificate.
     * @param certificatePrivateKey A PEM encoded certificate private key.
     * @param channelAuthTenant Tenant ID of the Azure AD tenant where the bot is created.
     *   - Required for SingleTenant app types.
     *   - Optional for MultiTenant app types. **Note**: '_botframework.com_' is the default tenant when no value is provided.
     *
     * More information: https://learn.microsoft.com/en-us/security/zero-trust/develop/identity-supported-account-types.
     * @param oAuthScope Optional. The scope for the token.
     * @param x5c Optional. Enables application developers to achieve easy certificates roll-over in Azure AD:
     * set this parameter to send the public certificate (BEGIN CERTIFICATE) to Azure AD, so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
     */
    constructor(appId, certificateThumbprint, certificatePrivateKey, channelAuthTenant, oAuthScope, x5c) {
        super(appId, channelAuthTenant, oAuthScope);
        this.certificateThumbprint = certificateThumbprint;
        this.certificatePrivateKey = certificatePrivateKey;
        this.x5c = x5c;
    }
    /**
     * @inheritdoc
     */
    getToken(forceRefresh = false) {
        var _a;
        return __awaiter(this, void 0, void 0, function* () {
            (_a = this.credentials) !== null && _a !== void 0 ? _a : (this.credentials = new msalAppCredentials_1.MsalAppCredentials(this.createClientApplication(), this.appId, this.oAuthEndpoint, this.oAuthScope));
            return this.credentials.getToken(forceRefresh);
        });
    }
    /**
     * @inheritdoc
     */
    refreshToken() {
        // This will never be executed because we are using MsalAppCredentials.getToken underneath.
        throw new Error('Method not implemented.');
    }
    createClientApplication() {
        return new msal_node_1.ConfidentialClientApplication({
            auth: {
                clientId: this.appId,
                authority: this.oAuthEndpoint,
                clientCertificate: {
                    thumbprint: this.certificateThumbprint,
                    privateKey: this.certificatePrivateKey,
                    x5c: this.x5c,
                },
            },
        });
    }
}
exports.CertificateAppCredentials = CertificateAppCredentials;
//# sourceMappingURL=certificateAppCredentials.js.map