userTokenCredentials.js 4.9 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
  1. "use strict";
  2. // Copyright (c) Microsoft Corporation. All rights reserved.
  3. // Licensed under the MIT License. See License.txt in the project root for license information.
  4. var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
  5. return new (P || (P = Promise))(function (resolve, reject) {
  6. function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
  7. function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
  8. function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
  9. step((generator = generator.apply(thisArg, _arguments || [])).next());
  10. });
  11. };
  12. Object.defineProperty(exports, "__esModule", { value: true });
  13. const tokenCredentialsBase_1 = require("./tokenCredentialsBase");
  14. class UserTokenCredentials extends tokenCredentialsBase_1.TokenCredentialsBase {
  15. /**
  16. * Creates a new UserTokenCredentials object.
  17. *
  18. * @constructor
  19. * @param {string} clientId The active directory application client id.
  20. * See {@link https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/ Active Directory Quickstart for .Net}
  21. * for an example.
  22. * @param {string} domain The domain or tenant id containing this application.
  23. * @param {string} username The user name for the Organization Id account.
  24. * @param {string} password The password for the Organization Id account.
  25. * @param {string} [tokenAudience] The audience for which the token is requested. Valid values are 'graph', 'batch', or any other resource like 'https://vault.azure.net/'.
  26. * If tokenAudience is 'graph' then domain should also be provided and its value should not be the default 'common' tenant. It must be a string (preferrably in a guid format).
  27. * @param {Environment} [environment] The azure environment to authenticate with.
  28. * @param {object} [tokenCache] The token cache. Default value is the MemoryCache object from adal.
  29. */
  30. constructor(clientId, domain, username, password, tokenAudience, environment, tokenCache) {
  31. if (!clientId || typeof clientId.valueOf() !== "string") {
  32. throw new Error("clientId must be a non empty string.");
  33. }
  34. if (!domain || typeof domain.valueOf() !== "string") {
  35. throw new Error("domain must be a non empty string.");
  36. }
  37. if (!username || typeof username.valueOf() !== "string") {
  38. throw new Error("username must be a non empty string.");
  39. }
  40. if (!password || typeof password.valueOf() !== "string") {
  41. throw new Error("password must be a non empty string.");
  42. }
  43. super(clientId, domain, tokenAudience, environment, tokenCache);
  44. this.username = username;
  45. this.password = password;
  46. }
  47. crossCheckUserNameWithToken(username, userIdFromToken) {
  48. // to maintain the casing consistency between "azureprofile.json" and token cache. (RD 1996587)
  49. // use the "userId" here, which should be the same with "username" except the casing.
  50. return (username.toLowerCase() === userIdFromToken.toLowerCase());
  51. }
  52. /**
  53. * Tries to get the token from cache initially. If that is unsuccessful then it tries to get the token from ADAL.
  54. * @returns {Promise<TokenResponse>}
  55. * {object} [tokenResponse] The tokenResponse (tokenType and accessToken are the two important properties).
  56. * @memberof UserTokenCredentials
  57. */
  58. getToken() {
  59. return __awaiter(this, void 0, void 0, function* () {
  60. try {
  61. return yield this.getTokenFromCache(this.username);
  62. }
  63. catch (error) {
  64. const self = this;
  65. const resource = this.getActiveDirectoryResourceId();
  66. return new Promise((resolve, reject) => {
  67. self.authContext.acquireTokenWithUsernamePassword(resource, self.username, self.password, self.clientId, (error, tokenResponse) => {
  68. if (error) {
  69. return reject(error);
  70. }
  71. if (tokenResponse.error || tokenResponse.errorDescription) {
  72. return reject(tokenResponse);
  73. }
  74. tokenResponse = tokenResponse;
  75. if (self.crossCheckUserNameWithToken(self.username, tokenResponse.userId)) {
  76. return resolve(tokenResponse);
  77. }
  78. else {
  79. return reject(`The userId "${tokenResponse.userId}" in access token doesn"t match the username "${self.username}" provided during authentication.`);
  80. }
  81. });
  82. });
  83. }
  84. });
  85. }
  86. }
  87. exports.UserTokenCredentials = UserTokenCredentials;
  88. //# sourceMappingURL=userTokenCredentials.js.map