botframework-connector
Version:
Bot Connector is autorest generated connector client.
86 lines • 4.25 kB
JavaScript
;
/**
* @module botframework-connector
*/
/**
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.FederatedAppCredentials = void 0;
const msal_node_1 = require("@azure/msal-node");
const assert_1 = require("assert");
const appCredentials_1 = require("./appCredentials");
const msalAppCredentials_1 = require("./msalAppCredentials");
/**
* Federated Credentials auth implementation.
*/
class FederatedAppCredentials extends appCredentials_1.AppCredentials {
/**
* Initializes a new instance of the [FederatedAppCredentials](xref:botframework-connector.FederatedAppCredentials) class.
*
* @param {string} appId App ID for the Application.
* @param {string} clientId Client ID for the managed identity assigned to the bot.
* @param {string} channelAuthTenant Tenant ID of the Azure AD tenant where the bot is created.
* - **Required** for SingleTenant app types.
* - **Optional** for MultiTenant app types. **Note**: '_botframework.com_' is the default tenant when no value is provided.
*
* More information: https://learn.microsoft.com/en-us/security/zero-trust/develop/identity-supported-account-types.
* @param {string} oAuthScope **Optional**. The scope for the token.
* @param {string} clientAudience **Optional**. The Audience used in the Client's Federated Credential. **Default** (_api://AzureADTokenExchange_).
*/
constructor(appId, clientId, channelAuthTenant, oAuthScope, clientAudience) {
super(appId, channelAuthTenant, oAuthScope);
(0, assert_1.ok)(appId === null || appId === void 0 ? void 0 : appId.trim(), 'FederatedAppCredentials.constructor(): missing appId.');
this.clientAudience = clientAudience !== null && clientAudience !== void 0 ? clientAudience : 'api://AzureADTokenExchange';
this.managedIdentityClientAssertion = new msal_node_1.ManagedIdentityApplication({
managedIdentityIdParams: { userAssignedClientId: clientId },
});
}
/**
* @inheritdoc
*/
getToken(forceRefresh = false) {
var _a;
return __awaiter(this, void 0, void 0, function* () {
(_a = this.credentials) !== null && _a !== void 0 ? _a : (this.credentials = new msalAppCredentials_1.MsalAppCredentials(this.createClientApplication(yield this.fetchExternalToken(forceRefresh)), this.oAuthEndpoint, this.oAuthEndpoint, this.oAuthScope));
return this.credentials.getToken(forceRefresh);
});
}
/**
* @inheritdoc
*/
refreshToken() {
// This will never be executed because we are using MsalAppCredentials.getToken underneath.
throw new Error('Method not implemented.');
}
createClientApplication(clientAssertion) {
return new msal_node_1.ConfidentialClientApplication({
auth: {
clientId: this.appId,
authority: this.oAuthEndpoint,
clientAssertion,
},
});
}
fetchExternalToken(forceRefresh = false) {
return __awaiter(this, void 0, void 0, function* () {
const response = yield this.managedIdentityClientAssertion.acquireToken({
resource: this.clientAudience,
forceRefresh,
});
return response.accessToken;
});
}
}
exports.FederatedAppCredentials = FederatedAppCredentials;
//# sourceMappingURL=federatedAppCredentials.js.map