msiAppServiceTokenCredentials.js 5.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596
  1. "use strict";
  2. // Copyright (c) Microsoft Corporation. All rights reserved.
  3. // Licensed under the MIT License. See License.txt in the project root for license information.
  4. var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
  5. return new (P || (P = Promise))(function (resolve, reject) {
  6. function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
  7. function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
  8. function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
  9. step((generator = generator.apply(thisArg, _arguments || [])).next());
  10. });
  11. };
  12. Object.defineProperty(exports, "__esModule", { value: true });
  13. const msiTokenCredentials_1 = require("./msiTokenCredentials");
  14. const ms_rest_js_1 = require("@azure/ms-rest-js");
  15. /**
  16. * @class MSIAppServiceTokenCredentials
  17. */
  18. class MSIAppServiceTokenCredentials extends msiTokenCredentials_1.MSITokenCredentials {
  19. /**
  20. * Creates an instance of MSIAppServiceTokenCredentials.
  21. * @param {string} [options.msiEndpoint] - The local URL from which your app can request tokens.
  22. * Either provide this parameter or set the environment variable `MSI_ENDPOINT`.
  23. * For example: `MSI_ENDPOINT="http://127.0.0.1:41741/MSI/token/"`
  24. * @param {string} [options.msiSecret] - The secret used in communication between your code and the local MSI agent.
  25. * Either provide this parameter or set the environment variable `MSI_SECRET`.
  26. * For example: `MSI_SECRET="69418689F1E342DD946CB82994CDA3CB"`
  27. * @param {string} [options.resource] - The resource uri or token audience for which the token is needed.
  28. * For e.g. it can be:
  29. * - resource management endpoint "https://management.azure.com/" (default)
  30. * - management endpoint "https://management.core.windows.net/"
  31. * @param {string} [options.msiApiVersion] - The api-version of the local MSI agent. Default value is "2017-09-01".
  32. */
  33. constructor(options) {
  34. if (!options)
  35. options = {};
  36. super(options);
  37. options.msiEndpoint = options.msiEndpoint || process.env["MSI_ENDPOINT"];
  38. options.msiSecret = options.msiSecret || process.env["MSI_SECRET"];
  39. if (!options.msiEndpoint || (options.msiEndpoint && typeof options.msiEndpoint.valueOf() !== "string")) {
  40. throw new Error('Either provide "msiEndpoint" as a property of the "options" object ' +
  41. 'or set the environment variable "MSI_ENDPOINT" and it must be of type "string".');
  42. }
  43. if (!options.msiSecret || (options.msiSecret && typeof options.msiSecret.valueOf() !== "string")) {
  44. throw new Error('Either provide "msiSecret" as a property of the "options" object ' +
  45. 'or set the environment variable "MSI_SECRET" and it must be of type "string".');
  46. }
  47. if (!options.msiApiVersion) {
  48. options.msiApiVersion = "2017-09-01";
  49. }
  50. else if (typeof options.msiApiVersion.valueOf() !== "string") {
  51. throw new Error("msiApiVersion must be a uri.");
  52. }
  53. this.msiEndpoint = options.msiEndpoint;
  54. this.msiSecret = options.msiSecret;
  55. this.msiApiVersion = options.msiApiVersion;
  56. }
  57. /**
  58. * Prepares and sends a GET request to a service endpoint indicated by the app service, which responds with the access token.
  59. * @return {Promise<MSITokenResponse>} Promise with the tokenResponse (tokenType and accessToken are the two important properties).
  60. */
  61. getToken() {
  62. return __awaiter(this, void 0, void 0, function* () {
  63. const reqOptions = this.prepareRequestOptions();
  64. let opRes;
  65. let result;
  66. opRes = yield this._httpClient.sendRequest(reqOptions);
  67. if (opRes.bodyAsText === undefined || opRes.bodyAsText.indexOf("ExceptionMessage") !== -1) {
  68. throw new Error(`MSI: Failed to retrieve a token from "${reqOptions.url}" with an error: ${opRes.bodyAsText}`);
  69. }
  70. result = this.parseTokenResponse(opRes.bodyAsText);
  71. if (!result.tokenType) {
  72. throw new Error(`Invalid token response, did not find tokenType. Response body is: ${opRes.bodyAsText}`);
  73. }
  74. else if (!result.accessToken) {
  75. throw new Error(`Invalid token response, did not find accessToken. Response body is: ${opRes.bodyAsText}`);
  76. }
  77. return result;
  78. });
  79. }
  80. prepareRequestOptions() {
  81. const endpoint = this.msiEndpoint.endsWith("/") ? this.msiEndpoint : `${this.msiEndpoint}/`;
  82. const resource = encodeURIComponent(this.resource);
  83. const getUrl = `${endpoint}?resource=${resource}&api-version=${this.msiApiVersion}`;
  84. const reqOptions = {
  85. url: getUrl,
  86. headers: {
  87. "secret": this.msiSecret
  88. },
  89. method: "GET"
  90. };
  91. const webResource = new ms_rest_js_1.WebResource();
  92. return webResource.prepare(reqOptions);
  93. }
  94. }
  95. exports.MSIAppServiceTokenCredentials = MSIAppServiceTokenCredentials;
  96. //# sourceMappingURL=msiAppServiceTokenCredentials.js.map