applicationTokenCredentialsBase.js 5.3 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495
  1. "use strict";
  2. // Copyright (c) Microsoft Corporation. All rights reserved.
  3. // Licensed under the MIT License. See License.txt in the project root for license information.
  4. var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
  5. return new (P || (P = Promise))(function (resolve, reject) {
  6. function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
  7. function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
  8. function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
  9. step((generator = generator.apply(thisArg, _arguments || [])).next());
  10. });
  11. };
  12. Object.defineProperty(exports, "__esModule", { value: true });
  13. const tokenCredentialsBase_1 = require("./tokenCredentialsBase");
  14. const authConstants_1 = require("../util/authConstants");
  15. class ApplicationTokenCredentialsBase extends tokenCredentialsBase_1.TokenCredentialsBase {
  16. /**
  17. * Creates a new ApplicationTokenCredentials object.
  18. * See {@link https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/ Active Directory Quickstart for .Net}
  19. * for detailed instructions on creating an Azure Active Directory application.
  20. * @constructor
  21. * @param {string} clientId The active directory application client id.
  22. * @param {string} domain The domain or tenant id containing this application.
  23. * @param {string} [tokenAudience] The audience for which the token is requested. Valid values are 'graph', 'batch', or any other resource like 'https://vault.azure.net/'.
  24. * If tokenAudience is 'graph' then domain should also be provided and its value should not be the default 'common' tenant. It must be a string (preferrably in a guid format).
  25. * @param {Environment} [environment] The azure environment to authenticate with.
  26. * @param {object} [tokenCache] The token cache. Default value is the MemoryCache object from adal.
  27. */
  28. constructor(clientId, domain, tokenAudience, environment, tokenCache) {
  29. super(clientId, domain, tokenAudience, environment, tokenCache);
  30. }
  31. getTokenFromCache() {
  32. const _super = Object.create(null, {
  33. getTokenFromCache: { get: () => super.getTokenFromCache }
  34. });
  35. return __awaiter(this, void 0, void 0, function* () {
  36. const self = this;
  37. // a thin wrapper over the base implementation. try get token from cache, additionaly clean up cache if required.
  38. try {
  39. const tokenResponse = yield _super.getTokenFromCache.call(this, undefined);
  40. return Promise.resolve(tokenResponse);
  41. }
  42. catch (error) {
  43. // Remove the stale token from the tokencache. ADAL gives the same error message "Entry not found in cache."
  44. // for entry not being present in the cache and for accessToken being expired in the cache. We do not want the token cache
  45. // to contain the expired token, we clean it up here.
  46. const status = yield self.removeInvalidItemsFromCache({
  47. _clientId: self.clientId
  48. });
  49. if (status.result) {
  50. return Promise.reject(error);
  51. }
  52. const message = status && status.details && status.details.message
  53. ? status.details.message
  54. : status.details;
  55. return Promise.reject(new Error(authConstants_1.AuthConstants.SDK_INTERNAL_ERROR +
  56. " : " +
  57. "critical failure while removing expired token for service principal from token cache. " +
  58. message));
  59. }
  60. });
  61. }
  62. /**
  63. * Removes invalid items from token cache. This method is different. Here we never reject in case of error.
  64. * Rather we resolve with an object that says the result is false and error information is provided in
  65. * the details property of the resolved object. This is done to do better error handling in the above function
  66. * where removeInvalidItemsFromCache() is called.
  67. * @param {object} query The query to be used for finding the token for service principal from the cache
  68. * @returns {result: boolean, details?: Error} resultObject with more info.
  69. */
  70. removeInvalidItemsFromCache(query) {
  71. const self = this;
  72. return new Promise(resolve => {
  73. self.tokenCache.find(query, (error, entries) => {
  74. if (error) {
  75. return resolve({ result: false, details: error });
  76. }
  77. if (entries && entries.length > 0) {
  78. return new Promise(resolve => {
  79. return self.tokenCache.remove(entries, (err) => {
  80. if (err) {
  81. return resolve({ result: false, details: err });
  82. }
  83. return resolve({ result: true });
  84. });
  85. });
  86. }
  87. else {
  88. return resolve({ result: true });
  89. }
  90. });
  91. });
  92. }
  93. }
  94. exports.ApplicationTokenCredentialsBase = ApplicationTokenCredentialsBase;
  95. //# sourceMappingURL=applicationTokenCredentialsBase.js.map