UNPKG

botframework-connector

Version:

Bot Connector is autorest generated connector client.

github.com/Microsoft/botbuilder-js

Microsoft/botbuilder-js

215 lines (190 loc) 7.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
/** * @module botframework-connector */ /** * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ import { ConfidentialClientApplication } from '@azure/msal-node'; import { ServiceClientCredentials, WebResourceLike as WebResource } from 'botbuilder-stdlib/lib/azureCoreHttpCompat'; import { TokenCredentials } from './tokenCredentials'; import { AuthenticationConstants } from './authenticationConstants'; import { AuthenticatorResult } from './authenticatorResult'; /** * General AppCredentials auth implementation and cache. * Subclasses can implement refreshToken to acquire the token. */ export abstract class AppCredentials implements ServiceClientCredentials { private static readonly cache: Map<string, AuthenticatorResult> = new Map<string, AuthenticatorResult>(); appId: string; private _oAuthEndpoint: string; private _oAuthScope: string; private _tenant: string; tokenCacheKey: string; protected clientApplication: ConfidentialClientApplication; // Protects against JSON.stringify leaking secrets private toJSON(): unknown { return { name: this.constructor.name, appId: this.appId, tenant: this.tenant, oAuthEndpoint: this.oAuthEndpoint, oAuthScope: this.oAuthScope, }; } /** * Initializes a new instance of the [AppCredentials](xref:botframework-connector.AppCredentials) class. * * @param appId The App ID. * @param channelAuthTenant Tenant ID of the Azure AD tenant where the bot is created. * - Required for SingleTenant app types. * - Optional for MultiTenant app types. **Note**: '_botframework.com_' is the default tenant when no value is provided. * * More information: https://learn.microsoft.com/en-us/security/zero-trust/develop/identity-supported-account-types. * @param oAuthScope The scope for the token. */ constructor(appId: string, channelAuthTenant?: string, oAuthScope: string = null) { this.appId = appId; this.tenant = channelAuthTenant; this.oAuthEndpoint = this.GetToChannelFromBotLoginUrlPrefix() + this.tenant; this.oAuthScope = oAuthScope && oAuthScope.length > 0 ? oAuthScope : this.GetToChannelFromBotOAuthScope(); } /** * Gets tenant to be used for channel authentication. * * @returns The channel auth token tenant for this credential. */ private get tenant(): string { return this._tenant; } /** * Sets tenant to be used for channel authentication. */ private set tenant(value: string) { this._tenant = value && value.length > 0 ? value : this.GetDefaultChannelAuthTenant(); } /** * Gets the OAuth scope to use. * * @returns The OAuth scope to use. */ get oAuthScope(): string { return this._oAuthScope; } /** * Sets the OAuth scope to use. */ set oAuthScope(value: string) { this._oAuthScope = value; this.tokenCacheKey = `${this.appId}${this.oAuthScope}-cache`; } /** * Gets the OAuth endpoint to use. * * @returns The OAuthEndpoint to use. */ get oAuthEndpoint(): string { return this._oAuthEndpoint; } /** * Sets the OAuth endpoint to use. */ set oAuthEndpoint(value: string) { // aadApiVersion is set to '1.5' to avoid the "spn:" concatenation on the audience claim // For more info, see https://github.com/AzureAD/azure-activedirectory-library-for-nodejs/issues/128 this._oAuthEndpoint = value; } /** * Adds the host of service url to trusted hosts. * If expiration time is not provided, the expiration date will be current (utc) date + 1 day. * * @deprecated * * @param {string} serviceUrl The service url * @param {Date} expiration? The expiration date after which this service url is not trusted anymore */ static trustServiceUrl(serviceUrl: string, expiration?: Date): void; /** * Adds the host of service url to trusted hosts. * If expiration time is not provided, the expiration date will be current (utc) date + 1 day. */ static trustServiceUrl(): void { // no-op } /** * Checks if the service url is for a trusted host or not. * * @deprecated * * @param {string} serviceUrl The service url * @returns {boolean} True if the host of the service url is trusted; False otherwise. */ static isTrustedServiceUrl(serviceUrl: string): boolean; /** * Checks if the service url is for a trusted host or not. * * @returns {boolean} True if the host of the service url is trusted; False otherwise. */ static isTrustedServiceUrl(): boolean { return true; } /** * Apply the credentials to the HTTP request. * * @param webResource The WebResource HTTP request. * @returns A Promise representing the asynchronous operation. */ async signRequest(webResource: WebResource): Promise<WebResource> { if (this.shouldSetToken()) { return new TokenCredentials(await this.getToken()).signRequest(webResource); } return webResource; } /** * Gets an OAuth access token. * * @param forceRefresh True to force a refresh of the token; or false to get * a cached token if it exists. * @returns A Promise that represents the work queued to execute. * @remarks If the promise is successful, the result contains the access token string. */ async getToken(forceRefresh = false): Promise<string> { if (!forceRefresh) { // check the global cache for the token. If we have it, and it's valid, we're done. const oAuthToken = AppCredentials.cache.get(this.tokenCacheKey); // Check if the token is not expired. if (oAuthToken && oAuthToken.expiresOn > new Date()) { return oAuthToken.accessToken; } } // We need to refresh the token, because: // 1. The user requested it via the forceRefresh parameter // 2. We have it, but it's expired // 3. We don't have it in the cache. const res = await this.refreshToken(); if (res && res.accessToken) { // Subtract 5 minutes from expiresOn so they'll we'll get a new token before it expires. res.expiresOn.setMinutes(res.expiresOn.getMinutes() - 5); AppCredentials.cache.set(this.tokenCacheKey, res); return res.accessToken; } else { throw new Error('Authentication: No response or error received from MSAL.'); } } protected GetToChannelFromBotOAuthScope(): string { return AuthenticationConstants.ToChannelFromBotOAuthScope; } protected GetToChannelFromBotLoginUrlPrefix(): string { return AuthenticationConstants.ToChannelFromBotLoginUrlPrefix; } protected GetDefaultChannelAuthTenant(): string { return AuthenticationConstants.DefaultChannelAuthTenant; } protected abstract refreshToken(): Promise<AuthenticatorResult>; /** * @private */ private shouldSetToken(): boolean { return this.appId && this.appId !== AuthenticationConstants.AnonymousSkillAppId; } }