wcz-layout
Version:
1 lines • 3.26 kB
Source Map (JSON)
{"version":3,"file":"msalServer-CkNOOjjH.mjs","names":["createServerOnlyFn","ConfidentialClientApplication","scopes","definedScopes","ccaInstance","getCCA","Promise","createConfidentialClient","getTokenOnBehalfOf","userToken","scopeKey","cca","result","acquireTokenOnBehalfOf","oboAssertion","Error","accessToken","getAppToken","defaultScopes","map","scope","lastSlash","lastIndexOf","baseUri","substring","uniqueScopes","Set","acquireTokenByClientCredential"],"sources":["../src/lib/auth/msalServer.ts"],"sourcesContent":["import { createServerOnlyFn } from \"@tanstack/react-start\";\nimport type { ConfidentialClientApplication } from \"@azure/msal-node\";\nimport { scopes as definedScopes } from \"virtual:wcz-layout\";\n\nlet ccaInstance: ConfidentialClientApplication | null = null;\nconst getCCA = async (): Promise<ConfidentialClientApplication> => {\n if (!ccaInstance) {\n const { createConfidentialClient } = await import(\"./entra\");\n ccaInstance = createConfidentialClient();\n }\n return ccaInstance;\n};\n\n/**\n * On-Behalf-Of flow: Exchange user token for a token to call downstream API\n * Use when: Server needs to call microservice on behalf of the logged-in user\n */\nexport const getTokenOnBehalfOf = createServerOnlyFn(\n async (userToken: string, scopeKey: keyof typeof definedScopes): Promise<string> => {\n const cca = await getCCA();\n const scopes = [...definedScopes[scopeKey]];\n const result = await cca.acquireTokenOnBehalfOf({\n oboAssertion: userToken,\n scopes,\n });\n if (!result) throw new Error(\"Failed to acquire OBO token\");\n return result.accessToken;\n },\n);\n\n/**\n * Client Credentials flow: Get app-only token (no user context)\n * Use when: Background jobs, scheduled tasks, service-to-service calls\n */\nexport const getAppToken = createServerOnlyFn(\n async (scopeKey: keyof typeof definedScopes): Promise<string> => {\n const cca = await getCCA();\n const scopes = definedScopes[scopeKey];\n const defaultScopes = scopes.map((scope) => {\n const lastSlash = scope.lastIndexOf(\"/\");\n const baseUri = scope.substring(0, lastSlash);\n return `${baseUri}/.default`;\n });\n const uniqueScopes = [...new Set(defaultScopes)];\n const result = await cca.acquireTokenByClientCredential({ scopes: uniqueScopes });\n if (!result) throw new Error(\"Failed to acquire app token\");\n return result.accessToken;\n },\n);\n"],"mappings":";;;AAIA,IAAII,cAAoD;AACxD,MAAMC,SAAS,YAAoD;CACjE,IAAI,CAACD,aAAa;EAChB,MAAM,EAAEG,6BAA6B,MAAM,OAAO;EAClDH,cAAcG,yBAAyB;CACzC;CACA,OAAOH;AACT;;;;;AAMA,MAAaI,qBAAqBR,mBAChC,OAAOS,WAAmBC,aAA0D;CAClF,MAAMC,MAAM,MAAMN,OAAO;CACzB,MAAMH,WAAS,CAAC,GAAGC,OAAcO,SAAS;CAC1C,MAAME,SAAS,MAAMD,IAAIE,uBAAuB;EAC9CC,cAAcL;EACdP,QAAAA;CACF,CAAC;CACD,IAAI,CAACU,QAAQ,MAAM,IAAIG,MAAM,6BAA6B;CAC1D,OAAOH,OAAOI;AAChB,CACF;;;;;AAMA,MAAaC,cAAcjB,mBACzB,OAAOU,aAA0D;CAC/D,MAAMC,MAAM,MAAMN,OAAO;CAEzB,MAAMa,gBADSf,OAAcO,SACD,CAACS,KAAKC,UAAU;EAC1C,MAAMC,YAAYD,MAAME,YAAY,GAAG;EAEvC,OAAO,GADSF,MAAMI,UAAU,GAAGH,SACzBE,EAAO;CACnB,CAAC;CACD,MAAME,eAAe,CAAC,GAAG,IAAIC,IAAIR,aAAa,CAAC;CAC/C,MAAMN,SAAS,MAAMD,IAAIgB,+BAA+B,EAAEzB,QAAQuB,aAAa,CAAC;CAChF,IAAI,CAACb,QAAQ,MAAM,IAAIG,MAAM,6BAA6B;CAC1D,OAAOH,OAAOI;AAChB,CACF"}