| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 |
- // Copyright (c) Microsoft Corporation. All rights reserved.
- // Licensed under the MIT License. See License.txt in the project root for license information.
- import { TokenCredentialsBase } from "./tokenCredentialsBase";
- import { Environment } from "@azure/ms-rest-azure-env";
- import { AuthConstants, TokenAudience } from "../util/authConstants";
- import { TokenCache, TokenResponse } from "adal-node";
- export abstract class ApplicationTokenCredentialsBase extends TokenCredentialsBase {
- /**
- * Creates a new ApplicationTokenCredentials object.
- * See {@link https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/ Active Directory Quickstart for .Net}
- * for detailed instructions on creating an Azure Active Directory application.
- * @constructor
- * @param {string} clientId The active directory application client id.
- * @param {string} domain The domain or tenant id containing this application.
- * @param {string} [tokenAudience] The audience for which the token is requested. Valid values are 'graph', 'batch', or any other resource like 'https://vault.azure.net/'.
- * If tokenAudience is 'graph' then domain should also be provided and its value should not be the default 'common' tenant. It must be a string (preferrably in a guid format).
- * @param {Environment} [environment] The azure environment to authenticate with.
- * @param {object} [tokenCache] The token cache. Default value is the MemoryCache object from adal.
- */
- public constructor(
- clientId: string,
- domain: string,
- tokenAudience?: TokenAudience,
- environment?: Environment,
- tokenCache?: TokenCache
- ) {
- super(clientId, domain, tokenAudience, environment, tokenCache);
- }
- protected async getTokenFromCache(): Promise<TokenResponse> {
- const self = this;
- // a thin wrapper over the base implementation. try get token from cache, additionaly clean up cache if required.
- try {
- const tokenResponse = await super.getTokenFromCache(undefined);
- return Promise.resolve(tokenResponse);
- } catch (error) {
- // Remove the stale token from the tokencache. ADAL gives the same error message "Entry not found in cache."
- // for entry not being present in the cache and for accessToken being expired in the cache. We do not want the token cache
- // to contain the expired token, we clean it up here.
- const status = await self.removeInvalidItemsFromCache({
- _clientId: self.clientId
- });
- if (status.result) {
- return Promise.reject(error);
- }
- const message =
- status && status.details && status.details.message
- ? status.details.message
- : status.details;
- return Promise.reject(
- new Error(
- AuthConstants.SDK_INTERNAL_ERROR +
- " : " +
- "critical failure while removing expired token for service principal from token cache. " +
- message
- )
- );
- }
- }
- /**
- * Removes invalid items from token cache. This method is different. Here we never reject in case of error.
- * Rather we resolve with an object that says the result is false and error information is provided in
- * the details property of the resolved object. This is done to do better error handling in the above function
- * where removeInvalidItemsFromCache() is called.
- * @param {object} query The query to be used for finding the token for service principal from the cache
- * @returns {result: boolean, details?: Error} resultObject with more info.
- */
- private removeInvalidItemsFromCache(
- query: object
- ): Promise<{ result: boolean; details?: Error }> {
- const self = this;
- return new Promise<{ result: boolean; details?: Error }>(resolve => {
- self.tokenCache.find(query, (error: Error, entries: any[]) => {
- if (error) {
- return resolve({ result: false, details: error });
- }
- if (entries && entries.length > 0) {
- return new Promise(resolve => {
- return self.tokenCache.remove(entries, (err: Error) => {
- if (err) {
- return resolve({ result: false, details: err });
- }
- return resolve({ result: true });
- });
- });
- } else {
- return resolve({ result: true });
- }
- });
- });
- }
- }
|