@adobe/helix-onedrive-support 11.4.0 → 11.5.0

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+# [11.5.0](https://github.com/adobe/helix-onedrive-support/compare/v11.4.1...v11.5.0) (2024-07-09)
+
+
+### Features
+
+* support custom client id (as appName) in metadata ([#553](https://github.com/adobe/helix-onedrive-support/issues/553)) ([eebff24](https://github.com/adobe/helix-onedrive-support/commit/eebff24e8d2160f0133bebde21b779b16bbe832e))
+
+## [11.4.1](https://github.com/adobe/helix-onedrive-support/compare/v11.4.0...v11.4.1) (2024-07-06)
+
+
+### Bug Fixes
+
+* **deps:** update dependency @adobe/helix-shared-tokencache to v1.4.17 ([3b2249e](https://github.com/adobe/helix-onedrive-support/commit/3b2249ecce99084058fd073ae4e25260d6056d97))
+
 # [11.4.0](https://github.com/adobe/helix-onedrive-support/compare/v11.3.38...v11.4.0) (2024-07-02)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-onedrive-support",
-  "version": "11.4.0",
+  "version": "11.5.0",
   "description": "Helix OneDrive Support",
   "main": "src/index.js",
   "exports": {
@@ -29,13 +29,13 @@
   "homepage": "https://github.com/adobe/helix-onedrive-support#readme",
   "dependencies": {
     "@adobe/fetch": "4.1.8",
-    "@adobe/helix-shared-tokencache": "1.4.16",
-    "@azure/msal-node": "2.9.2",
-    "jose": "5.6.2"
+    "@adobe/helix-shared-tokencache": "1.4.17",
+    "@azure/msal-node": "2.10.0",
+    "jose": "5.6.3"
   },
   "devDependencies": {
     "@adobe/eslint-config-helix": "2.0.6",
-    "@aws-sdk/client-s3": "3.606.0",
+    "@aws-sdk/client-s3": "3.609.0",
     "@semantic-release/changelog": "6.0.3",
     "@semantic-release/git": "10.0.1",
     "ajv": "8.16.0",
@@ -51,7 +51,7 @@
     "jsdoc-tsimport-plugin": "1.0.5",
     "junit-report-builder": "3.2.1",
     "lint-staged": "15.2.7",
-    "mocha": "10.5.2",
+    "mocha": "10.6.0",
     "mocha-multi-reporters": "1.5.1",
     "mocha-suppress-logs": "0.5.1",
     "nock": "13.5.4",

package/src/OneDriveAuth.js

@@ -46,11 +46,24 @@ export const AcquireMethod = {
  */
 const globalTenantCache = new Map();
 
+/**
+ * Return client id and secret stored in the process, matching an application name given.
+ * @param {String} appName application name, e.g. `HELIX_SERVICE`, or undefined
+ * @returns {Object} containing `clientId` and `clientSecret` or an empty object
+ */
+function getClientIdAndSecret(appName) {
+  if (appName) {
+    const clientId = process.env[`AZURE_${appName.toUpperCase()}_CLIENT_ID`];
+    const clientSecret = process.env[`AZURE_${appName.toUpperCase()}_CLIENT_SECRET`];
+    if (clientId && clientSecret) {
+      return { clientId, clientSecret };
+    }
+  }
+  return {};
+}
+
 /**
  * Helper class that facilitates accessing one drive.
- *
- * @class
- * @field {ConfidentialClientApplication|PublicClientApplication} app
  */
 export class OneDriveAuth {
   /**
@@ -73,6 +86,8 @@ export class OneDriveAuth {
     this.clientSecret = opts.clientSecret || '';
     this._log = opts.log || console;
     this.tenant = opts.tenant;
+
+    /** @type {import('@adobe/helix-shared-tokencache/src/CachePlugin.js').CachePlugin} */
     this.cachePlugin = opts.cachePlugin;
     this.scopes = opts.scopes || DEFAULT_SCOPES;
     this.onCode = opts.onCode;
@@ -110,16 +125,25 @@ export class OneDriveAuth {
     }
   }
 
-  get app() {
+  /**
+   * Gets the client application, creating it if necessary.
+   *
+   * @returns {import("@azure/msal-node").ClientApplication} client application
+   */
+  async getApp() {
     if (!this._app) {
-      const {
-        log,
-        cachePlugin,
-      } = this;
+      const { log, cachePlugin } = this;
+
+      const metadata = await cachePlugin.getPluginMetadata();
+      if (metadata?.useClientCredentials) {
+        this.pluginUseClientCredentials = true;
+      }
+
+      const { clientId, clientSecret } = getClientIdAndSecret(metadata?.appName);
       const msalConfig = {
         auth: {
-          clientId: this.clientId,
-          clientSecret: this.clientSecret,
+          clientId: clientId ?? this.clientId,
+          clientSecret: clientSecret ?? this.clientSecret,
           authority: this.getAuthorityUrl(),
         },
         system: {
@@ -241,7 +265,8 @@ export class OneDriveAuth {
    * @returns {boolean}
    */
   async isAuthenticated() {
-    const accounts = await this.app.getTokenCache().getAllAccounts();
+    const app = await this.getApp();
+    const accounts = await app.getTokenCache().getAllAccounts();
     return accounts.length > 0;
   }
 
@@ -286,8 +311,9 @@ export class OneDriveAuth {
    * @returns {Promise<null|AuthenticationResult>}
    */
   async doAuthenticate(silentOnly) {
-    const { log, app } = this;
+    const { log } = this;
 
+    const app = await this.getApp();
     let accounts = await app.getTokenCache().getAllAccounts();
     if (accounts.length > 0) {
       let account = accounts[0];
@@ -334,8 +360,7 @@ export class OneDriveAuth {
         });
       }
       if (this.acquireMethod === AcquireMethod.BY_CLIENT_CREDENTIAL
-          // check if plugin wants us to use client credentials
-          || (await this.cachePlugin.getPluginMetadata() || {}).useClientCredentials) {
+          || this.pluginUseClientCredentials) {
         log.debug('acquire token with client credentials.');
         return await app.acquireTokenByClientCredential({
           scopes: this.scopes,