npm - @microsoft/teamsfx - Versions diffs - 0.4.2-alpha.4f9464b2.0 → 0.4.2-alpha.e84c0d19.0 - Mend

@microsoft/teamsfx 0.4.2-alpha.4f9464b2.0 → 0.4.2-alpha.e84c0d19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.esm2017.js +116 -224
package/dist/index.esm2017.js.map +1 -1
package/dist/index.esm2017.mjs.map +1 -1
package/dist/index.esm5.js +167 -311
package/dist/index.esm5.js.map +1 -1
package/dist/index.node.cjs.js.map +1 -1
package/package.json +3 -2
package/types/teamsfx.d.ts +1 -1

package/dist/index.esm2017.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import jwt_decode from 'jwt-decode';
 import * as microsoftTeams from '@microsoft/teams-js';
-import axios from 'axios';
+import { PublicClientApplication } from '@azure/msal-browser';
 import { Client } from '@microsoft/microsoft-graph-client';
 // Copyright (c) Microsoft Corporation.
@@ -309,6 +309,57 @@ function getUserInfoFromSsoToken(ssoToken) {
     }
     return userInfo;
 }
+/**
+ * @internal
+ */
+function getTenantIdAndLoginHintFromSsoToken(ssoToken) {
+    if (!ssoToken) {
+        const errorMsg = "SSO token is undefined.";
+        internalLogger.error(errorMsg);
+        throw new ErrorWithCode(errorMsg, ErrorCode.InvalidParameter);
+    }
+    const tokenObject = parseJwt(ssoToken);
+    const userInfo = {
+        tid: tokenObject.tid,
+        loginHint: tokenObject.ver === "2.0"
+            ? tokenObject.preferred_username
+            : tokenObject.upn,
+    };
+    return userInfo;
+}
+/**
+ * @internal
+ */
+function parseAccessTokenFromAuthCodeTokenResponse(tokenResponse) {
+    try {
+        const tokenResponseObject = typeof tokenResponse == "string"
+            ? JSON.parse(tokenResponse)
+            : tokenResponse;
+        if (!tokenResponseObject || !tokenResponseObject.accessToken) {
+            const errorMsg = "Get empty access token from Auth Code token response.";
+            internalLogger.error(errorMsg);
+            throw new Error(errorMsg);
+        }
+        const token = tokenResponseObject.accessToken;
+        const tokenObject = parseJwt(token);
+        if (tokenObject.ver !== "1.0" && tokenObject.ver !== "2.0") {
+            const errorMsg = "SSO token is not valid with an unknown version: " + tokenObject.ver;
+            internalLogger.error(errorMsg);
+            throw new Error(errorMsg);
+        }
+        const accessToken = {
+            token: token,
+            expiresOnTimestamp: tokenObject.exp * 1000,
+        };
+        return accessToken;
+    }
+    catch (error) {
+        const errorMsg = "Parse access token failed from Auth Code token response in node env with error: " +
+            error.message;
+        internalLogger.error(errorMsg);
+        throw new ErrorWithCode(errorMsg, ErrorCode.InternalError);
+    }
+}
 /**
  * Format string template with replacements
  *
@@ -548,43 +599,10 @@ class OnBehalfOfUserCredential {
 }
 // Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-/**
- * Configuration used in initialization.
- * @internal
- */
-class Cache {
-    static get(key) {
-        return sessionStorage.getItem(key);
-    }
-    static set(key, value) {
-        sessionStorage.setItem(key, value);
-    }
-    static remove(key) {
-        sessionStorage.removeItem(key);
-    }
-}
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-/**
- * @internal
- */
-var GrantType;
-(function (GrantType) {
-    GrantType["authCode"] = "authorization_code";
-    GrantType["ssoToken"] = "sso_token";
-})(GrantType || (GrantType = {}));
-// Copyright (c) Microsoft Corporation.
-const accessTokenCacheKeyPrefix = "accessToken";
-const separator = "-";
 const tokenRefreshTimeSpanInMillisecond = 5 * 60 * 1000;
 const initializeTeamsSdkTimeoutInMillisecond = 5000;
 const loginPageWidth = 600;
 const loginPageHeight = 535;
-const maxRetryCount = 3;
-const retryTimeSpanInMillisecond = 3000;
 /**
  * Represent Teams current user's identity, and it is used within Teams tab application.
  *
@@ -602,7 +620,6 @@ class TeamsUserCredential {
      * ```typescript
      * const config = {
      *  authentication: {
-     *    runtimeConnectorEndpoint: "https://xxx.xxx.com",
      *    initiateLoginEndpoint: "https://localhost:3000/auth-start.html",
      *    clientId: "xxx"
      *   }
@@ -620,6 +637,7 @@ class TeamsUserCredential {
         internalLogger.info("Create teams user credential");
         this.config = this.loadAndValidateConfig();
         this.ssoToken = null;
+        this.initialized = false;
     }
     /**
      * Popup login page to get user's access token with specific scopes.
@@ -637,7 +655,6 @@ class TeamsUserCredential {
      * @param scopes - The list of scopes for which the token will have access, before that, we will request user to consent.
      *
      * @throws {@link ErrorCode|InternalError} when failed to login with unknown error.
-     * @throws {@link ErrorCode|ServiceError} when simple auth server failed to exchange access token.
      * @throws {@link ErrorCode|ConsentFailed} when user canceled or failed to consent.
      * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
@@ -648,26 +665,28 @@ class TeamsUserCredential {
         validateScopesType(scopes);
         const scopesStr = typeof scopes === "string" ? scopes : scopes.join(" ");
         internalLogger.info(`Popup login page to get user's access token with scopes: ${scopesStr}`);
+        if (!this.initialized) {
+            await this.init();
+        }
         return new Promise((resolve, reject) => {
             microsoftTeams.initialize(() => {
                 microsoftTeams.authentication.authenticate({
-                    url: `${this.config.initiateLoginEndpoint}?clientId=${this.config.clientId}&scope=${encodeURI(scopesStr)}`,
+                    url: `${this.config.initiateLoginEndpoint}?clientId=${this.config.clientId}&scope=${encodeURI(scopesStr)}&loginHint=${this.loginHint}`,
                     width: loginPageWidth,
                     height: loginPageHeight,
                     successCallback: async (result) => {
                         if (!result) {
-                            const errorMsg = "Get empty authentication result from Teams";
+                            const errorMsg = "Get empty authentication result from MSAL";
                             internalLogger.error(errorMsg);
                             reject(new ErrorWithCode(errorMsg, ErrorCode.InternalError));
                             return;
                         }
-                        const authCodeResult = JSON.parse(result);
                         try {
-                            await this.exchangeAccessTokenFromSimpleAuthServer(scopesStr, authCodeResult);
-                            resolve();
+                            const accessToken = parseAccessTokenFromAuthCodeTokenResponse(result);
+                            resolve(accessToken);
                         }
-                        catch (err) {
-                            reject(this.generateAuthServerError(err));
+                        catch (error) {
+                            reject(error);
                         }
                     },
                     failureCallback: (reason) => {
@@ -703,7 +722,6 @@ class TeamsUserCredential {
      *
      * @throws {@link ErrorCode|InternalError} when failed to get access token with unknown error.
      * @throws {@link ErrorCode|UiRequiredError} when need user consent to get access token.
-     * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
      * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
      *
@@ -724,21 +742,47 @@ class TeamsUserCredential {
         }
         else {
             internalLogger.info("Get access token with scopes: " + scopeStr);
-            const cachedKey = await this.getAccessTokenCacheKey(scopeStr);
-            const cachedToken = this.getTokenCache(cachedKey);
-            if (cachedToken) {
-                if (!this.isAccessTokenNearExpired(cachedToken)) {
-                    internalLogger.verbose("Get access token from cache");
-                    return cachedToken;
+            if (!this.initialized) {
+                await this.init();
+            }
+            let tokenResponse;
+            const scopesArray = typeof scopes === "string" ? scopes.split(" ") : scopes;
+            const domain = window.location.origin;
+            // First try to get Access Token from cache.
+            try {
+                const account = this.msalInstance.getAccountByUsername(this.loginHint);
+                const scopesRequestForAcquireTokenSilent = {
+                    scopes: scopesArray,
+                    account: account !== null && account !== void 0 ? account : undefined,
+                    redirectUri: `${domain}/blank-auth-end.html`,
+                };
+                tokenResponse = await this.msalInstance.acquireTokenSilent(scopesRequestForAcquireTokenSilent);
+            }
+            catch (error) {
+                const acquireTokenSilentFailedMessage = `Failed to call acquireTokenSilent. Reason: ${error === null || error === void 0 ? void 0 : error.message}. `;
+                internalLogger.verbose(acquireTokenSilentFailedMessage);
+            }
+            if (!tokenResponse) {
+                // If fail to get Access Token from cache, try to get Access token by silent login.
+                try {
+                    const scopesRequestForSsoSilent = {
+                        scopes: scopesArray,
+                        loginHint: this.loginHint,
+                        redirectUri: `${domain}/blank-auth-end.html`,
+                    };
+                    tokenResponse = await this.msalInstance.ssoSilent(scopesRequestForSsoSilent);
                 }
-                else {
-                    internalLogger.verbose("Cached access token is expired");
+                catch (error) {
+                    const ssoSilentFailedMessage = `Failed to call ssoSilent. Reason: ${error === null || error === void 0 ? void 0 : error.message}. `;
+                    internalLogger.verbose(ssoSilentFailedMessage);
                 }
             }
-            else {
-                internalLogger.verbose("No cached access token");
+            if (!tokenResponse) {
+                const errorMsg = `Failed to get access token cache silently, please login first: you need login first before get access token.`;
+                internalLogger.error(errorMsg);
+                throw new ErrorWithCode(errorMsg, ErrorCode.UiRequiredError);
             }
-            const accessToken = await this.getAndCacheAccessTokenFromSimpleAuthServer(scopeStr);
+            const accessToken = parseAccessTokenFromAuthCodeTokenResponse(tokenResponse);
             return accessToken;
         }
     }
@@ -763,65 +807,22 @@ class TeamsUserCredential {
         const ssoToken = await this.getSSOToken();
         return getUserInfoFromSsoToken(ssoToken.token);
     }
-    async exchangeAccessTokenFromSimpleAuthServer(scopesStr, authCodeResult) {
-        var _a, _b;
-        const axiosInstance = await this.getAxiosInstance();
-        let retryCount = 0;
-        while (true) {
-            try {
-                const response = await axiosInstance.post("/auth/token", {
-                    scope: scopesStr,
-                    code: authCodeResult.code,
-                    code_verifier: authCodeResult.codeVerifier,
-                    redirect_uri: authCodeResult.redirectUri,
-                    grant_type: GrantType.authCode,
-                });
-                const tokenResult = response.data;
-                const key = await this.getAccessTokenCacheKey(scopesStr);
-                // Important: tokens are stored in sessionStorage, read more here: https://aka.ms/teamsfx-session-storage-notice
-                this.setTokenCache(key, {
-                    token: tokenResult.access_token,
-                    expiresOnTimestamp: tokenResult.expires_on,
-                });
-                return;
-            }
-            catch (err) {
-                if (((_b = (_a = err.response) === null || _a === void 0 ? void 0 : _a.data) === null || _b === void 0 ? void 0 : _b.type) && err.response.data.type === "AadUiRequiredException") {
-                    internalLogger.warn("Exchange access token failed, retry...");
-                    if (retryCount < maxRetryCount) {
-                        await this.sleep(retryTimeSpanInMillisecond);
-                        retryCount++;
-                        continue;
-                    }
-                }
-                throw err;
-            }
-        }
-    }
-    /**
-     * Get access token cache from authentication server
-     * @returns Access token
-     */
-    async getAndCacheAccessTokenFromSimpleAuthServer(scopesStr) {
-        try {
-            internalLogger.verbose("Get access token from authentication server with scopes: " + scopesStr);
-            const axiosInstance = await this.getAxiosInstance();
-            const response = await axiosInstance.post("/auth/token", {
-                scope: scopesStr,
-                grant_type: GrantType.ssoToken,
-            });
-            const accessTokenResult = response.data;
-            const accessToken = {
-                token: accessTokenResult.access_token,
-                expiresOnTimestamp: accessTokenResult.expires_on,
-            };
-            const cacheKey = await this.getAccessTokenCacheKey(scopesStr);
-            this.setTokenCache(cacheKey, accessToken);
-            return accessToken;
-        }
-        catch (err) {
-            throw this.generateAuthServerError(err);
-        }
+    async init() {
+        const ssoToken = await this.getSSOToken();
+        const info = getTenantIdAndLoginHintFromSsoToken(ssoToken.token);
+        this.loginHint = info.loginHint;
+        this.tid = info.tid;
+        const msalConfig = {
+            auth: {
+                clientId: this.config.clientId,
+                authority: `https://login.microsoftonline.com/${this.tid}`,
+            },
+            cache: {
+                cacheLocation: "sessionStorage",
+            },
+        };
+        this.msalInstance = new PublicClientApplication(msalConfig);
+        this.initialized = true;
     }
     /**
      * Get SSO token using teams SDK
@@ -891,16 +892,13 @@ class TeamsUserCredential {
             internalLogger.error(ErrorMessage.AuthenticationConfigurationNotExists);
             throw new ErrorWithCode(ErrorMessage.AuthenticationConfigurationNotExists, ErrorCode.InvalidConfiguration);
         }
-        if (config.initiateLoginEndpoint && config.simpleAuthEndpoint && config.clientId) {
+        if (config.initiateLoginEndpoint && config.clientId) {
             return config;
         }
         const missingValues = [];
         if (!config.initiateLoginEndpoint) {
             missingValues.push("initiateLoginEndpoint");
         }
-        if (!config.simpleAuthEndpoint) {
-            missingValues.push("simpleAuthEndpoint");
-        }
         if (!config.clientId) {
             missingValues.push("clientId");
         }
@@ -908,112 +906,6 @@ class TeamsUserCredential {
         internalLogger.error(errorMsg);
         throw new ErrorWithCode(errorMsg, ErrorCode.InvalidConfiguration);
     }
-    /**
-     * Get axios instance with sso token bearer header
-     * @returns AxiosInstance
-     */
-    async getAxiosInstance() {
-        const ssoToken = await this.getSSOToken();
-        const axiosInstance = axios.create({
-            baseURL: this.config.simpleAuthEndpoint,
-        });
-        axiosInstance.interceptors.request.use((config) => {
-            config.headers.Authorization = "Bearer " + ssoToken.token;
-            return config;
-        });
-        return axiosInstance;
-    }
-    /**
-     * Set access token to cache
-     * @param key
-     * @param token
-     */
-    setTokenCache(key, token) {
-        Cache.set(key, JSON.stringify(token));
-    }
-    /**
-     * Get access token from cache.
-     * If there is no cache or cannot be parsed, then it will return null
-     * @param key
-     * @returns Access token or null
-     */
-    getTokenCache(key) {
-        const value = Cache.get(key);
-        if (value === null) {
-            return null;
-        }
-        const accessToken = this.validateAndParseJson(value);
-        return accessToken;
-    }
-    /**
-     * Parses passed value as JSON access token, if value is not a valid json string JSON.parse() will throw an error.
-     * @param jsonValue
-     */
-    validateAndParseJson(jsonValue) {
-        try {
-            const parsedJson = JSON.parse(jsonValue);
-            /**
-             * There are edge cases in which JSON.parse will successfully parse a non-valid JSON object
-             * (e.g. JSON.parse will parse an escaped string into an unescaped string), so adding a type check
-             * of the parsed value is necessary in order to be certain that the string represents a valid JSON object.
-             *
-             */
-            return parsedJson && typeof parsedJson === "object" ? parsedJson : null;
-        }
-        catch (error) {
-            return null;
-        }
-    }
-    /**
-     * Generate cache key
-     * @param scopesStr
-     * @returns Access token cache key, a key example: accessToken-userId-clientId-tenantId-scopes
-     */
-    async getAccessTokenCacheKey(scopesStr) {
-        const ssoToken = await this.getSSOToken();
-        const ssoTokenObj = parseJwt(ssoToken.token);
-        const clientId = this.config.clientId;
-        const userObjectId = ssoTokenObj.oid;
-        const tenantId = ssoTokenObj.tid;
-        const key = [accessTokenCacheKeyPrefix, userObjectId, clientId, tenantId, scopesStr]
-            .join(separator)
-            .replace(/" "/g, "_");
-        return key;
-    }
-    /**
-     * Check whether the token is about to expire (within 5 minutes)
-     * @returns Boolean value indicate whether the token is about to expire
-     */
-    isAccessTokenNearExpired(token) {
-        const expireDate = new Date(token.expiresOnTimestamp);
-        if (expireDate.getTime() - Date.now() > tokenRefreshTimeSpanInMillisecond) {
-            return false;
-        }
-        return true;
-    }
-    generateAuthServerError(err) {
-        var _a, _b;
-        let errorMessage = err.message;
-        if ((_b = (_a = err.response) === null || _a === void 0 ? void 0 : _a.data) === null || _b === void 0 ? void 0 : _b.type) {
-            errorMessage = err.response.data.detail;
-            if (err.response.data.type === "AadUiRequiredException") {
-                const fullErrorMsg = "Failed to get access token from authentication server, please login first: " +
-                    errorMessage;
-                internalLogger.warn(fullErrorMsg);
-                return new ErrorWithCode(fullErrorMsg, ErrorCode.UiRequiredError);
-            }
-            else {
-                const fullErrorMsg = "Failed to get access token from authentication server: " + errorMessage;
-                internalLogger.error(fullErrorMsg);
-                return new ErrorWithCode(fullErrorMsg, ErrorCode.ServiceError);
-            }
-        }
-        const fullErrorMsg = "Failed to get access token with error: " + errorMessage;
-        return new ErrorWithCode(fullErrorMsg, ErrorCode.InternalError);
-    }
-    sleep(ms) {
-        return new Promise((resolve) => setTimeout(resolve, ms));
-    }
 }
 // Copyright (c) Microsoft Corporation.