110 lines
5.3 KiB
JavaScript
110 lines
5.3 KiB
JavaScript
"use strict";
|
|
// Copyright (c) Microsoft Corporation.
|
|
// Licensed under the MIT License.
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.DeviceCodeCredential = void 0;
|
|
exports.defaultDeviceCodePromptCallback = defaultDeviceCodePromptCallback;
|
|
const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
|
|
const logging_js_1 = require("../util/logging.js");
|
|
const scopeUtils_js_1 = require("../util/scopeUtils.js");
|
|
const tracing_js_1 = require("../util/tracing.js");
|
|
const msalClient_js_1 = require("../msal/nodeFlows/msalClient.js");
|
|
const constants_js_1 = require("../constants.js");
|
|
const logger = (0, logging_js_1.credentialLogger)("DeviceCodeCredential");
|
|
/**
|
|
* Method that logs the user code from the DeviceCodeCredential.
|
|
* @param deviceCodeInfo - The device code.
|
|
*/
|
|
function defaultDeviceCodePromptCallback(deviceCodeInfo) {
|
|
console.log(deviceCodeInfo.message);
|
|
}
|
|
/**
|
|
* Enables authentication to Microsoft Entra ID using a device code
|
|
* that the user can enter into https://microsoft.com/devicelogin.
|
|
*/
|
|
class DeviceCodeCredential {
|
|
tenantId;
|
|
additionallyAllowedTenantIds;
|
|
disableAutomaticAuthentication;
|
|
msalClient;
|
|
userPromptCallback;
|
|
/**
|
|
* Creates an instance of DeviceCodeCredential with the details needed
|
|
* to initiate the device code authorization flow with Microsoft Entra ID.
|
|
*
|
|
* A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin
|
|
*
|
|
* Developers can configure how this message is shown by passing a custom `userPromptCallback`:
|
|
*
|
|
* ```ts snippet:device_code_credential_example
|
|
* import { DeviceCodeCredential } from "@azure/identity";
|
|
*
|
|
* const credential = new DeviceCodeCredential({
|
|
* tenantId: process.env.AZURE_TENANT_ID,
|
|
* clientId: process.env.AZURE_CLIENT_ID,
|
|
* userPromptCallback: (info) => {
|
|
* console.log("CUSTOMIZED PROMPT CALLBACK", info.message);
|
|
* },
|
|
* });
|
|
* ```
|
|
*
|
|
* @param options - Options for configuring the client which makes the authentication requests.
|
|
*/
|
|
constructor(options) {
|
|
this.tenantId = options?.tenantId;
|
|
this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(options?.additionallyAllowedTenants);
|
|
const clientId = options?.clientId ?? constants_js_1.DeveloperSignOnClientId;
|
|
const tenantId = (0, tenantIdUtils_js_1.resolveTenantId)(logger, options?.tenantId, clientId);
|
|
this.userPromptCallback = options?.userPromptCallback ?? defaultDeviceCodePromptCallback;
|
|
this.msalClient = (0, msalClient_js_1.createMsalClient)(clientId, tenantId, {
|
|
...options,
|
|
logger,
|
|
tokenCredentialOptions: options || {},
|
|
});
|
|
this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;
|
|
}
|
|
/**
|
|
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
|
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
|
*
|
|
* If the user provided the option `disableAutomaticAuthentication`,
|
|
* once the token can't be retrieved silently,
|
|
* this method won't attempt to request user interaction to retrieve the token.
|
|
*
|
|
* @param scopes - The list of scopes for which the token will have access.
|
|
* @param options - The options used to configure any requests this
|
|
* TokenCredential implementation might make.
|
|
*/
|
|
async getToken(scopes, options = {}) {
|
|
return tracing_js_1.tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
|
|
newOptions.tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger);
|
|
const arrayScopes = (0, scopeUtils_js_1.ensureScopes)(scopes);
|
|
return this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {
|
|
...newOptions,
|
|
disableAutomaticAuthentication: this.disableAutomaticAuthentication,
|
|
});
|
|
});
|
|
}
|
|
/**
|
|
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
|
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
|
*
|
|
* If the token can't be retrieved silently, this method will always generate a challenge for the user.
|
|
*
|
|
* @param scopes - The list of scopes for which the token will have access.
|
|
* @param options - The options used to configure any requests this
|
|
* TokenCredential implementation might make.
|
|
*/
|
|
async authenticate(scopes, options = {}) {
|
|
return tracing_js_1.tracingClient.withSpan(`${this.constructor.name}.authenticate`, options, async (newOptions) => {
|
|
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
|
|
await this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {
|
|
...newOptions,
|
|
disableAutomaticAuthentication: false, // this method should always allow user interaction
|
|
});
|
|
return this.msalClient.getActiveAccount();
|
|
});
|
|
}
|
|
}
|
|
exports.DeviceCodeCredential = DeviceCodeCredential;
|
|
//# sourceMappingURL=deviceCodeCredential.js.map
|