applicationTokenCredentials.ts 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475
  1. // Copyright (c) Microsoft Corporation. All rights reserved.
  2. // Licensed under the MIT License. See License.txt in the project root for license information.
  3. import { ApplicationTokenCredentialsBase } from "./applicationTokenCredentialsBase";
  4. import { Environment } from "@azure/ms-rest-azure-env";
  5. import { AuthConstants, TokenAudience } from "../util/authConstants";
  6. import { TokenResponse, ErrorResponse, TokenCache } from "adal-node";
  7. export class ApplicationTokenCredentials extends ApplicationTokenCredentialsBase {
  8. readonly secret: string;
  9. /**
  10. * Creates a new ApplicationTokenCredentials object.
  11. * See {@link https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/ Active Directory Quickstart for .Net}
  12. * for detailed instructions on creating an Azure Active Directory application.
  13. * @constructor
  14. * @param {string} clientId The active directory application client id.
  15. * @param {string} domain The domain or tenant id containing this application.
  16. * @param {string} secret The authentication secret for the application.
  17. * @param {string} [tokenAudience] The audience for which the token is requested. Valid values are 'graph', 'batch', or any other resource like 'https://vault.azure.net/'.
  18. * If tokenAudience is 'graph' then domain should also be provided and its value should not be the default 'common' tenant. It must be a string (preferrably in a guid format).
  19. * @param {Environment} [environment] The azure environment to authenticate with.
  20. * @param {object} [tokenCache] The token cache. Default value is the MemoryCache object from adal.
  21. */
  22. public constructor(
  23. clientId: string,
  24. domain: string,
  25. secret: string,
  26. tokenAudience?: TokenAudience,
  27. environment?: Environment,
  28. tokenCache?: TokenCache
  29. ) {
  30. if (!secret || typeof secret.valueOf() !== "string") {
  31. throw new Error("secret must be a non empty string.");
  32. }
  33. super(clientId, domain, tokenAudience, environment, tokenCache);
  34. this.secret = secret;
  35. }
  36. /**
  37. * Tries to get the token from cache initially. If that is unsuccessfull then it tries to get the token from ADAL.
  38. * @returns {Promise<TokenResponse>} A promise that resolves to TokenResponse and rejects with an Error.
  39. */
  40. public async getToken(): Promise<TokenResponse> {
  41. try {
  42. const tokenResponse = await this.getTokenFromCache();
  43. return tokenResponse;
  44. } catch (error) {
  45. if (
  46. error.message &&
  47. error.message.startsWith(AuthConstants.SDK_INTERNAL_ERROR)
  48. ) {
  49. return Promise.reject(error);
  50. }
  51. const resource = this.getActiveDirectoryResourceId();
  52. return new Promise((resolve, reject) => {
  53. this.authContext.acquireTokenWithClientCredentials(
  54. resource,
  55. this.clientId,
  56. this.secret,
  57. (error: any, tokenResponse: TokenResponse | ErrorResponse) => {
  58. if (error) {
  59. return reject(error);
  60. }
  61. if (tokenResponse.error || tokenResponse.errorDescription) {
  62. return reject(tokenResponse);
  63. }
  64. return resolve(tokenResponse as TokenResponse);
  65. }
  66. );
  67. });
  68. }
  69. }
  70. }