@redis/entraid 5.0.0-next.6 → 5.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +53 -2
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +18 -0
- package/dist/index.js.map +1 -0
- package/dist/lib/azure-identity-provider.d.ts +8 -0
- package/dist/lib/azure-identity-provider.d.ts.map +1 -0
- package/dist/lib/azure-identity-provider.js +18 -0
- package/dist/lib/azure-identity-provider.js.map +1 -0
- package/dist/lib/entra-id-credentials-provider-factory.d.ts +29 -2
- package/dist/lib/entra-id-credentials-provider-factory.d.ts.map +1 -1
- package/dist/lib/entra-id-credentials-provider-factory.js +38 -18
- package/dist/lib/entra-id-credentials-provider-factory.js.map +1 -1
- package/dist/lib/entraid-credentials-provider.d.ts +26 -5
- package/dist/lib/entraid-credentials-provider.d.ts.map +1 -1
- package/dist/lib/entraid-credentials-provider.js +58 -13
- package/dist/lib/entraid-credentials-provider.js.map +1 -1
- package/dist/lib/msal-identity-provider.d.ts.map +1 -1
- package/dist/lib/msal-identity-provider.js +7 -12
- package/dist/lib/msal-identity-provider.js.map +1 -1
- package/dist/lib/test-utils.js +3 -3
- package/dist/lib/test-utils.js.map +1 -1
- package/package.json +4 -2
package/README.md
CHANGED
|
@@ -11,13 +11,15 @@ Secure token-based authentication for Redis clients using Microsoft Entra ID (fo
|
|
|
11
11
|
- Managed identities (system-assigned and user-assigned)
|
|
12
12
|
- Service principals (with or without certificates)
|
|
13
13
|
- Authorization Code with PKCE flow
|
|
14
|
+
- DefaultAzureCredential from @azure/identity
|
|
14
15
|
- Built-in retry mechanisms for transient failures
|
|
15
16
|
|
|
16
17
|
## Installation
|
|
17
18
|
|
|
19
|
+
|
|
18
20
|
```bash
|
|
19
|
-
npm install @redis/client
|
|
20
|
-
npm install @redis/entraid
|
|
21
|
+
npm install "@redis/client@5.0.0-next.7"
|
|
22
|
+
npm install "@redis/entraid@5.0.0-next.7"
|
|
21
23
|
```
|
|
22
24
|
|
|
23
25
|
## Getting Started
|
|
@@ -29,6 +31,7 @@ The first step to using @redis/entraid is choosing the right credentials provide
|
|
|
29
31
|
- `createForClientCredentials`: Use when authenticating with a service principal using client secret
|
|
30
32
|
- `createForClientCredentialsWithCertificate`: Use when authenticating with a service principal using a certificate
|
|
31
33
|
- `createForAuthorizationCodeWithPKCE`: Use for interactive authentication flows in user applications
|
|
34
|
+
- `createForDefaultAzureCredential`: Use when you want to leverage Azure Identity's DefaultAzureCredential
|
|
32
35
|
|
|
33
36
|
## Usage Examples
|
|
34
37
|
|
|
@@ -81,6 +84,54 @@ const provider = EntraIdCredentialsProviderFactory.createForUserAssignedManagedI
|
|
|
81
84
|
});
|
|
82
85
|
```
|
|
83
86
|
|
|
87
|
+
### DefaultAzureCredential Authentication
|
|
88
|
+
|
|
89
|
+
tip: see a real sample here: [samples/interactive-browser/index.ts](./samples/interactive-browser/index.ts)
|
|
90
|
+
|
|
91
|
+
The DefaultAzureCredential from @azure/identity provides a simplified authentication experience that automatically tries different authentication methods based on the environment. This is especially useful for applications that need to work in different environments (local development, CI/CD, and production).
|
|
92
|
+
|
|
93
|
+
```typescript
|
|
94
|
+
import { createClient } from '@redis/client';
|
|
95
|
+
import { getDefaultAzureCredential } from '@azure/identity';
|
|
96
|
+
import { EntraIdCredentialsProviderFactory, REDIS_SCOPE_DEFAULT } from '@redis/entraid';
|
|
97
|
+
|
|
98
|
+
// Create a DefaultAzureCredential instance
|
|
99
|
+
const credential = getDefaultAzureCredential();
|
|
100
|
+
|
|
101
|
+
// Create a provider using DefaultAzureCredential
|
|
102
|
+
const provider = EntraIdCredentialsProviderFactory.createForDefaultAzureCredential({
|
|
103
|
+
// Use the same parameters you would pass to credential.getToken()
|
|
104
|
+
credential,
|
|
105
|
+
scopes: REDIS_SCOPE_DEFAULT, // The Redis scope
|
|
106
|
+
// Optional additional parameters for getToken
|
|
107
|
+
options: {
|
|
108
|
+
// Any options you would normally pass to credential.getToken()
|
|
109
|
+
},
|
|
110
|
+
tokenManagerConfig: {
|
|
111
|
+
expirationRefreshRatio: 0.8
|
|
112
|
+
}
|
|
113
|
+
});
|
|
114
|
+
|
|
115
|
+
const client = createClient({
|
|
116
|
+
url: 'redis://your-host',
|
|
117
|
+
credentialsProvider: provider
|
|
118
|
+
});
|
|
119
|
+
|
|
120
|
+
await client.connect();
|
|
121
|
+
```
|
|
122
|
+
|
|
123
|
+
#### Important Notes on Using DefaultAzureCredential
|
|
124
|
+
|
|
125
|
+
When using the `createForDefaultAzureCredential` method, you need to:
|
|
126
|
+
|
|
127
|
+
1. Create your own instance of `DefaultAzureCredential`
|
|
128
|
+
2. Pass the same parameters to the factory method that you would use with the `getToken()` method:
|
|
129
|
+
- `scopes`: The Redis scope (use the exported `REDIS_SCOPE_DEFAULT` constant)
|
|
130
|
+
- `options`: Any additional options for the getToken method
|
|
131
|
+
|
|
132
|
+
This factory method creates a wrapper around DefaultAzureCredential that adapts it to the Redis client's
|
|
133
|
+
authentication system, while maintaining all the flexibility of the original Azure Identity authentication.
|
|
134
|
+
|
|
84
135
|
## Important Limitations
|
|
85
136
|
|
|
86
137
|
### RESP2 PUB/SUB Limitations
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAA"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./lib/index"), exports);
|
|
18
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,8CAA2B"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import type { AccessToken } from '@azure/core-auth';
|
|
2
|
+
import { IdentityProvider, TokenResponse } from '@redis/client/dist/lib/authx';
|
|
3
|
+
export declare class AzureIdentityProvider implements IdentityProvider<AccessToken> {
|
|
4
|
+
private readonly getToken;
|
|
5
|
+
constructor(getToken: () => Promise<AccessToken>);
|
|
6
|
+
requestToken(): Promise<TokenResponse<AccessToken>>;
|
|
7
|
+
}
|
|
8
|
+
//# sourceMappingURL=azure-identity-provider.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"azure-identity-provider.d.ts","sourceRoot":"","sources":["../../lib/azure-identity-provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAEpD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAE/E,qBAAa,qBAAsB,YAAW,gBAAgB,CAAC,WAAW,CAAC;IACzE,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA6B;gBAE1C,QAAQ,EAAE,MAAM,OAAO,CAAC,WAAW,CAAC;IAI1C,YAAY,IAAI,OAAO,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;CAQ1D"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AzureIdentityProvider = void 0;
|
|
4
|
+
class AzureIdentityProvider {
|
|
5
|
+
getToken;
|
|
6
|
+
constructor(getToken) {
|
|
7
|
+
this.getToken = getToken;
|
|
8
|
+
}
|
|
9
|
+
async requestToken() {
|
|
10
|
+
const result = await this.getToken();
|
|
11
|
+
return {
|
|
12
|
+
token: result,
|
|
13
|
+
ttlMs: result.expiresOnTimestamp - Date.now()
|
|
14
|
+
};
|
|
15
|
+
}
|
|
16
|
+
}
|
|
17
|
+
exports.AzureIdentityProvider = AzureIdentityProvider;
|
|
18
|
+
//# sourceMappingURL=azure-identity-provider.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"azure-identity-provider.js","sourceRoot":"","sources":["../../lib/azure-identity-provider.ts"],"names":[],"mappings":";;;AAIA,MAAa,qBAAqB;IACf,QAAQ,CAA6B;IAEtD,YAAY,QAAoC;QAC9C,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QACrC,OAAO;YACL,KAAK,EAAE,MAAM;YACb,KAAK,EAAE,MAAM,CAAC,kBAAkB,GAAG,IAAI,CAAC,GAAG,EAAE;SAC9C,CAAC;IACJ,CAAC;CAEF;AAfD,sDAeC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
|
+
import type { GetTokenOptions, TokenCredential } from '@azure/core-auth';
|
|
1
2
|
import { AuthenticationResult, PublicClientApplication } from '@azure/msal-node';
|
|
2
|
-
import { RetryPolicy, TokenManagerConfig, ReAuthenticationError } from '@redis/client/dist/lib/authx';
|
|
3
|
-
import { EntraidCredentialsProvider } from './entraid-credentials-provider';
|
|
3
|
+
import { RetryPolicy, TokenManagerConfig, ReAuthenticationError, BasicAuth } from '@redis/client/dist/lib/authx';
|
|
4
|
+
import { AuthenticationResponse, EntraidCredentialsProvider } from './entraid-credentials-provider';
|
|
4
5
|
/**
|
|
5
6
|
* This class is used to create credentials providers for different types of authentication flows.
|
|
6
7
|
*/
|
|
@@ -38,6 +39,19 @@ export declare class EntraIdCredentialsProviderFactory {
|
|
|
38
39
|
* @param params
|
|
39
40
|
*/
|
|
40
41
|
static createForClientCredentials(params: ClientSecretCredentialsParams): EntraidCredentialsProvider;
|
|
42
|
+
/**
|
|
43
|
+
* This method is used to create a credentials provider using DefaultAzureCredential.
|
|
44
|
+
*
|
|
45
|
+
* The user needs to create a configured instance of DefaultAzureCredential ( or any other class that implements TokenCredential )and pass it to this method.
|
|
46
|
+
*
|
|
47
|
+
* The default credentials mapper for this method is OID_CREDENTIALS_MAPPER which extracts the object ID from JWT
|
|
48
|
+
* encoded token.
|
|
49
|
+
*
|
|
50
|
+
* Depending on the actual flow that DefaultAzureCredential uses, the user may need to provide different
|
|
51
|
+
* credential mapper via the credentialsMapper parameter.
|
|
52
|
+
*
|
|
53
|
+
*/
|
|
54
|
+
static createForDefaultAzureCredential({ credential, scopes, options, tokenManagerConfig, onReAuthenticationError, credentialsMapper, onRetryableError }: DefaultAzureCredentialsParams): EntraidCredentialsProvider;
|
|
41
55
|
/**
|
|
42
56
|
* This method is used to create a credentials provider for the Authorization Code Flow with PKCE.
|
|
43
57
|
* @param params
|
|
@@ -56,6 +70,8 @@ export declare class EntraIdCredentialsProviderFactory {
|
|
|
56
70
|
};
|
|
57
71
|
static getAuthority(config: AuthorityConfig): string;
|
|
58
72
|
}
|
|
73
|
+
export declare const REDIS_SCOPE_DEFAULT = "https://redis.azure.com/.default";
|
|
74
|
+
export declare const REDIS_SCOPE = "https://redis.azure.com";
|
|
59
75
|
export type AuthorityConfig = {
|
|
60
76
|
type: 'multi-tenant';
|
|
61
77
|
tenantId: string;
|
|
@@ -76,6 +92,17 @@ export type CredentialParams = {
|
|
|
76
92
|
authorityConfig?: AuthorityConfig;
|
|
77
93
|
tokenManagerConfig: TokenManagerConfig;
|
|
78
94
|
onReAuthenticationError?: (error: ReAuthenticationError) => void;
|
|
95
|
+
credentialsMapper?: (token: AuthenticationResponse) => BasicAuth;
|
|
96
|
+
onRetryableError?: (error: string) => void;
|
|
97
|
+
};
|
|
98
|
+
export type DefaultAzureCredentialsParams = {
|
|
99
|
+
scopes: string | string[];
|
|
100
|
+
options?: GetTokenOptions;
|
|
101
|
+
credential: TokenCredential;
|
|
102
|
+
tokenManagerConfig: TokenManagerConfig;
|
|
103
|
+
onReAuthenticationError?: (error: ReAuthenticationError) => void;
|
|
104
|
+
credentialsMapper?: (token: AuthenticationResponse) => BasicAuth;
|
|
105
|
+
onRetryableError?: (error: string) => void;
|
|
79
106
|
};
|
|
80
107
|
export type AuthCodePKCEParams = CredentialParams & {
|
|
81
108
|
redirectUri: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"entra-id-credentials-provider-factory.d.ts","sourceRoot":"","sources":["../../lib/entra-id-credentials-provider-factory.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"entra-id-credentials-provider-factory.d.ts","sourceRoot":"","sources":["../../lib/entra-id-credentials-provider-factory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAEzE,OAAO,EAIL,oBAAoB,EACpB,uBAAuB,EAExB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,WAAW,EAAgB,kBAAkB,EAAE,qBAAqB,EAAE,SAAS,EAAE,MAAM,8BAA8B,CAAC;AAE/H,OAAO,EAAE,sBAAsB,EAA8B,0BAA0B,EAA0B,MAAM,gCAAgC,CAAC;AAGxJ;;GAEG;AACH,qBAAa,iCAAiC;;IAE5C;;;;;;;OAOG;WACW,6BAA6B,CACzC,MAAM,EAAE,gBAAgB,EAAE,oBAAoB,CAAC,EAAE,MAAM,GACtD,0BAA0B;IAiC7B;;;OAGG;IACH,MAAM,CAAC,sCAAsC,CAC3C,MAAM,EAAE,gBAAgB,GACvB,0BAA0B;IAI7B;;;;OAIG;IACH,MAAM,CAAC,oCAAoC,CACzC,MAAM,EAAE,gBAAgB,GAAG;QAAE,oBAAoB,EAAE,MAAM,CAAA;KAAE,GAC1D,0BAA0B;IAmC7B;;;OAGG;IACH,MAAM,CAAC,yCAAyC,CAC9C,MAAM,EAAE,sCAAsC,GAC7C,0BAA0B;IAU7B;;;OAGG;IACH,MAAM,CAAC,0BAA0B,CAC/B,MAAM,EAAE,6BAA6B,GACpC,0BAA0B;IAU7B;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,+BAA+B,CACpC,EACE,UAAU,EACV,MAAM,EACN,OAAO,EACP,kBAAkB,EAClB,uBAAuB,EACvB,iBAAiB,EACjB,gBAAgB,EACjB,EAAE,6BAA6B,GAC/B,0BAA0B;IAc7B;;;OAGG;IACH,MAAM,CAAC,kCAAkC,CACvC,MAAM,EAAE,kBAAkB,GACzB;QACD,YAAY,EAAE,MAAM,OAAO,CAAC;YAC1B,QAAQ,EAAE,MAAM,CAAC;YACjB,SAAS,EAAE,MAAM,CAAC;YAClB,eAAe,EAAE,MAAM,CAAC;SACzB,CAAC,CAAC;QACH,cAAc,EAAE,CACd,SAAS,EAAE;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,eAAe,EAAE,MAAM,CAAA;SAAE,KACtD,OAAO,CAAC,MAAM,CAAC,CAAC;QACrB,yBAAyB,EAAE,CACzB,MAAM,EAAE,UAAU,KACf,0BAA0B,CAAC;KACjC;IA+CD,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,eAAe,GAAG,MAAM;CAarD;AAED,eAAO,MAAM,mBAAmB,qCAAqC,CAAC;AACtE,eAAO,MAAM,WAAW,4BAA4B,CAAA;AAEpD,MAAM,MAAM,eAAe,GACvB;IAAE,IAAI,EAAE,cAAc,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAC1C;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,GACxC;IAAE,IAAI,EAAE,SAAS,CAAA;CAAE,CAAC;AAExB,MAAM,MAAM,UAAU,GAAG;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,eAAe,CAAC,EAAE,eAAe,CAAC;IAElC,kBAAkB,EAAE,kBAAkB,CAAA;IACtC,uBAAuB,CAAC,EAAE,CAAC,KAAK,EAAE,qBAAqB,KAAK,IAAI,CAAA;IAChE,iBAAiB,CAAC,EAAE,CAAC,KAAK,EAAE,sBAAsB,KAAK,SAAS,CAAA;IAChE,gBAAgB,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAA;CAC3C,CAAA;AAED,MAAM,MAAM,6BAA6B,GAAG;IAC1C,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,OAAO,CAAC,EAAE,eAAe,CAAC;IAC1B,UAAU,EAAE,eAAe,CAAA;IAC3B,kBAAkB,EAAE,kBAAkB,CAAA;IACtC,uBAAuB,CAAC,EAAE,CAAC,KAAK,EAAE,qBAAqB,KAAK,IAAI,CAAA;IAChE,iBAAiB,CAAC,EAAE,CAAC,KAAK,EAAE,sBAAsB,KAAK,SAAS,CAAA;IAChE,gBAAgB,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAA;CAC3C,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG,gBAAgB,GAAG;IAClD,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,6BAA6B,GAAG,gBAAgB,GAAG;IAC7D,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,sCAAsC,GAAG,gBAAgB,GAAG;IACtE,WAAW,EAAE;QACX,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,CAAC;QACnB,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC;CACH,CAAC;AAUF;;;GAGG;AACH,eAAO,MAAM,oBAAoB,EAAE,WASlC,CAAC;AAEF,eAAO,MAAM,4BAA4B,EAAE,kBAG1C,CAAA;AAED;;;GAGG;AACH,qBAAa,kBAAkB;IAE3B,QAAQ,CAAC,MAAM,EAAE,uBAAuB;IACxC,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE;IACzB,QAAQ,CAAC,WAAW,EAAE,MAAM;IAH9B,OAAO;IAMD,cAAc,CAAC,SAAS,EAAE;QAC9B,SAAS,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;KACzB,GAAG,OAAO,CAAC,MAAM,CAAC;IAWb,kBAAkB,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,oBAAoB,CAAC;WAY9D,YAAY,IAAI,OAAO,CAAC;QACnC,QAAQ,EAAE,MAAM,CAAC;QACjB,SAAS,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IAUF,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE;QACpB,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAClB,eAAe,CAAC,EAAE,eAAe,CAAC;KACnC,GAAG,kBAAkB;CAiBvB"}
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.AuthCodeFlowHelper = exports.DEFAULT_TOKEN_MANAGER_CONFIG = exports.DEFAULT_RETRY_POLICY = exports.EntraIdCredentialsProviderFactory = void 0;
|
|
3
|
+
exports.AuthCodeFlowHelper = exports.DEFAULT_TOKEN_MANAGER_CONFIG = exports.DEFAULT_RETRY_POLICY = exports.REDIS_SCOPE = exports.REDIS_SCOPE_DEFAULT = exports.EntraIdCredentialsProviderFactory = void 0;
|
|
4
4
|
const msal_common_1 = require("@azure/msal-common");
|
|
5
5
|
const msal_node_1 = require("@azure/msal-node");
|
|
6
6
|
const authx_1 = require("@redis/client/dist/lib/authx");
|
|
7
|
+
const azure_identity_provider_1 = require("./azure-identity-provider");
|
|
7
8
|
const entraid_credentials_provider_1 = require("./entraid-credentials-provider");
|
|
8
9
|
const msal_identity_provider_1 = require("./msal-identity-provider");
|
|
9
10
|
/**
|
|
@@ -32,10 +33,14 @@ class EntraIdCredentialsProviderFactory {
|
|
|
32
33
|
};
|
|
33
34
|
const client = new msal_node_1.ManagedIdentityApplication(config);
|
|
34
35
|
const idp = new msal_identity_provider_1.MSALIdentityProvider(() => client.acquireToken({
|
|
35
|
-
resource: params.scopes?.[0] ?? REDIS_SCOPE,
|
|
36
|
+
resource: params.scopes?.[0] ?? exports.REDIS_SCOPE,
|
|
36
37
|
forceRefresh: true
|
|
37
38
|
}).then(x => x === null ? Promise.reject('Token is null') : x));
|
|
38
|
-
return new entraid_credentials_provider_1.EntraidCredentialsProvider(new authx_1.TokenManager(idp, params.tokenManagerConfig), idp, {
|
|
39
|
+
return new entraid_credentials_provider_1.EntraidCredentialsProvider(new authx_1.TokenManager(idp, params.tokenManagerConfig), idp, {
|
|
40
|
+
onReAuthenticationError: params.onReAuthenticationError,
|
|
41
|
+
credentialsMapper: params.credentialsMapper ?? entraid_credentials_provider_1.OID_CREDENTIALS_MAPPER,
|
|
42
|
+
onRetryableError: params.onRetryableError
|
|
43
|
+
});
|
|
39
44
|
}
|
|
40
45
|
/**
|
|
41
46
|
* This method is used to create a credentials provider for system-assigned managed identities.
|
|
@@ -65,11 +70,12 @@ class EntraIdCredentialsProviderFactory {
|
|
|
65
70
|
const client = new msal_node_1.ConfidentialClientApplication(config);
|
|
66
71
|
const idp = new msal_identity_provider_1.MSALIdentityProvider(() => client.acquireTokenByClientCredential({
|
|
67
72
|
skipCache: true,
|
|
68
|
-
scopes: params.scopes ?? [REDIS_SCOPE_DEFAULT]
|
|
73
|
+
scopes: params.scopes ?? [exports.REDIS_SCOPE_DEFAULT]
|
|
69
74
|
}).then(x => x === null ? Promise.reject('Token is null') : x));
|
|
70
75
|
return new entraid_credentials_provider_1.EntraidCredentialsProvider(new authx_1.TokenManager(idp, params.tokenManagerConfig), idp, {
|
|
71
76
|
onReAuthenticationError: params.onReAuthenticationError,
|
|
72
|
-
credentialsMapper: OID_CREDENTIALS_MAPPER
|
|
77
|
+
credentialsMapper: params.credentialsMapper ?? entraid_credentials_provider_1.OID_CREDENTIALS_MAPPER,
|
|
78
|
+
onRetryableError: params.onRetryableError
|
|
73
79
|
});
|
|
74
80
|
}
|
|
75
81
|
/**
|
|
@@ -92,6 +98,26 @@ class EntraIdCredentialsProviderFactory {
|
|
|
92
98
|
clientSecret: params.clientSecret
|
|
93
99
|
}, params);
|
|
94
100
|
}
|
|
101
|
+
/**
|
|
102
|
+
* This method is used to create a credentials provider using DefaultAzureCredential.
|
|
103
|
+
*
|
|
104
|
+
* The user needs to create a configured instance of DefaultAzureCredential ( or any other class that implements TokenCredential )and pass it to this method.
|
|
105
|
+
*
|
|
106
|
+
* The default credentials mapper for this method is OID_CREDENTIALS_MAPPER which extracts the object ID from JWT
|
|
107
|
+
* encoded token.
|
|
108
|
+
*
|
|
109
|
+
* Depending on the actual flow that DefaultAzureCredential uses, the user may need to provide different
|
|
110
|
+
* credential mapper via the credentialsMapper parameter.
|
|
111
|
+
*
|
|
112
|
+
*/
|
|
113
|
+
static createForDefaultAzureCredential({ credential, scopes, options, tokenManagerConfig, onReAuthenticationError, credentialsMapper, onRetryableError }) {
|
|
114
|
+
const idp = new azure_identity_provider_1.AzureIdentityProvider(() => credential.getToken(scopes, options).then(x => x === null ? Promise.reject('Token is null') : x));
|
|
115
|
+
return new entraid_credentials_provider_1.EntraidCredentialsProvider(new authx_1.TokenManager(idp, tokenManagerConfig), idp, {
|
|
116
|
+
onReAuthenticationError: onReAuthenticationError,
|
|
117
|
+
credentialsMapper: credentialsMapper ?? entraid_credentials_provider_1.OID_CREDENTIALS_MAPPER,
|
|
118
|
+
onRetryableError: onRetryableError
|
|
119
|
+
});
|
|
120
|
+
}
|
|
95
121
|
/**
|
|
96
122
|
* This method is used to create a credentials provider for the Authorization Code Flow with PKCE.
|
|
97
123
|
* @param params
|
|
@@ -127,7 +153,11 @@ class EntraIdCredentialsProviderFactory {
|
|
|
127
153
|
}
|
|
128
154
|
});
|
|
129
155
|
const tm = new authx_1.TokenManager(idp, params.tokenManagerConfig);
|
|
130
|
-
return new entraid_credentials_provider_1.EntraidCredentialsProvider(tm, idp, {
|
|
156
|
+
return new entraid_credentials_provider_1.EntraidCredentialsProvider(tm, idp, {
|
|
157
|
+
onReAuthenticationError: params.onReAuthenticationError,
|
|
158
|
+
credentialsMapper: params.credentialsMapper ?? entraid_credentials_provider_1.DEFAULT_CREDENTIALS_MAPPER,
|
|
159
|
+
onRetryableError: params.onRetryableError
|
|
160
|
+
});
|
|
131
161
|
}
|
|
132
162
|
};
|
|
133
163
|
}
|
|
@@ -145,8 +175,8 @@ class EntraIdCredentialsProviderFactory {
|
|
|
145
175
|
}
|
|
146
176
|
}
|
|
147
177
|
exports.EntraIdCredentialsProviderFactory = EntraIdCredentialsProviderFactory;
|
|
148
|
-
|
|
149
|
-
|
|
178
|
+
exports.REDIS_SCOPE_DEFAULT = 'https://redis.azure.com/.default';
|
|
179
|
+
exports.REDIS_SCOPE = 'https://redis.azure.com';
|
|
150
180
|
const loggerOptions = {
|
|
151
181
|
loggerCallback(loglevel, message, containsPii) {
|
|
152
182
|
if (!containsPii)
|
|
@@ -227,14 +257,4 @@ class AuthCodeFlowHelper {
|
|
|
227
257
|
}
|
|
228
258
|
}
|
|
229
259
|
exports.AuthCodeFlowHelper = AuthCodeFlowHelper;
|
|
230
|
-
const OID_CREDENTIALS_MAPPER = (token) => {
|
|
231
|
-
// Client credentials flow is app-only authentication (no user context),
|
|
232
|
-
// so only access token is provided without user-specific claims (uniqueId, idToken, ...)
|
|
233
|
-
// this means that we need to extract the oid from the access token manually
|
|
234
|
-
const accessToken = JSON.parse(Buffer.from(token.accessToken.split('.')[1], 'base64').toString());
|
|
235
|
-
return ({
|
|
236
|
-
username: accessToken.oid,
|
|
237
|
-
password: token.accessToken
|
|
238
|
-
});
|
|
239
|
-
};
|
|
240
260
|
//# sourceMappingURL=entra-id-credentials-provider-factory.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"entra-id-credentials-provider-factory.js","sourceRoot":"","sources":["../../lib/entra-id-credentials-provider-factory.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"entra-id-credentials-provider-factory.js","sourceRoot":"","sources":["../../lib/entra-id-credentials-provider-factory.ts"],"names":[],"mappings":";;;AACA,oDAAkD;AAClD,gDAO0B;AAC1B,wDAA+H;AAC/H,uEAAkE;AAClE,iFAAwJ;AACxJ,qEAAgE;AAEhE;;GAEG;AACH,MAAa,iCAAiC;IAE5C;;;;;;;OAOG;IACI,MAAM,CAAC,6BAA6B,CACzC,MAAwB,EAAE,oBAA6B;QAEvD,MAAM,MAAM,GAAiC;YAC3C,oDAAoD;YACpD,GAAG,CAAC,oBAAoB,IAAI;gBAC1B,uBAAuB,EAAE;oBACvB,oBAAoB;iBACrB;aACF,CAAC;YACF,MAAM,EAAE;gBACN,aAAa;aACd;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,IAAI,sCAA0B,CAAC,MAAM,CAAC,CAAC;QAEtD,MAAM,GAAG,GAAG,IAAI,6CAAoB,CAClC,GAAG,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC;YACxB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,IAAI,mBAAW;YAC3C,YAAY,EAAE,IAAI;SACnB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAC/D,CAAC;QAEF,OAAO,IAAI,yDAA0B,CACnC,IAAI,oBAAY,CAAC,GAAG,EAAE,MAAM,CAAC,kBAAkB,CAAC,EAChD,GAAG,EACH;YACE,uBAAuB,EAAE,MAAM,CAAC,uBAAuB;YACvD,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,IAAI,qDAAsB;YACrE,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC1C,CACF,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,sCAAsC,CAC3C,MAAwB;QAExB,OAAO,IAAI,CAAC,6BAA6B,CAAC,MAAM,CAAC,CAAC;IACpD,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,oCAAoC,CACzC,MAA2D;QAE3D,OAAO,IAAI,CAAC,6BAA6B,CAAC,MAAM,EAAE,MAAM,CAAC,oBAAoB,CAAC,CAAC;IACjF,CAAC;IAED,MAAM,CAAC,2BAA2B,CAChC,UAA2B,EAC3B,MAAwB;QAExB,MAAM,MAAM,GAAkB;YAC5B,IAAI,EAAE;gBACJ,GAAG,UAAU;gBACb,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,eAAe,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;aAC5E;YACD,MAAM,EAAE;gBACN,aAAa;aACd;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,IAAI,yCAA6B,CAAC,MAAM,CAAC,CAAC;QAEzD,MAAM,GAAG,GAAG,IAAI,6CAAoB,CAClC,GAAG,EAAE,CAAC,MAAM,CAAC,8BAA8B,CAAC;YAC1C,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,2BAAmB,CAAC;SAC/C,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAC/D,CAAC;QAEF,OAAO,IAAI,yDAA0B,CAAC,IAAI,oBAAY,CAAC,GAAG,EAAE,MAAM,CAAC,kBAAkB,CAAC,EAAE,GAAG,EACzF;YACE,uBAAuB,EAAE,MAAM,CAAC,uBAAuB;YACvD,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,IAAI,qDAAsB;YACrE,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC1C,CAAC,CAAC;IACP,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,yCAAyC,CAC9C,MAA8C;QAE9C,OAAO,IAAI,CAAC,2BAA2B,CACrC;YACE,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,iBAAiB,EAAE,MAAM,CAAC,WAAW;SACtC,EACD,MAAM,CACP,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,0BAA0B,CAC/B,MAAqC;QAErC,OAAO,IAAI,CAAC,2BAA2B,CACrC;YACE,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,YAAY,EAAE,MAAM,CAAC,YAAY;SAClC,EACD,MAAM,CACP,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,+BAA+B,CACpC,EACE,UAAU,EACV,MAAM,EACN,OAAO,EACP,kBAAkB,EAClB,uBAAuB,EACvB,iBAAiB,EACjB,gBAAgB,EACc;QAGhC,MAAM,GAAG,GAAG,IAAI,+CAAqB,CACnC,GAAG,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACvG,CAAC;QAEF,OAAO,IAAI,yDAA0B,CAAC,IAAI,oBAAY,CAAC,GAAG,EAAE,kBAAkB,CAAC,EAAE,GAAG,EAClF;YACE,uBAAuB,EAAE,uBAAuB;YAChD,iBAAiB,EAAE,iBAAiB,IAAI,qDAAsB;YAC9D,gBAAgB,EAAE,gBAAgB;SACnC,CAAC,CAAC;IACP,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,kCAAkC,CACvC,MAA0B;QAe1B,MAAM,cAAc,GAAG,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;QAE3E,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC;YACzC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,MAAM,EAAE,MAAM;YACd,eAAe,EAAE,MAAM,CAAC,eAAe;SACxC,CAAC,CAAC;QAEH,OAAO;YACL,YAAY,EAAE,kBAAkB,CAAC,YAAY;YAC7C,cAAc,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,SAAS,CAAC;YACjE,yBAAyB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAExC,mEAAmE;gBACnE,oEAAoE;gBACpE,IAAI,yBAAyB,GAAuB,IAAI,CAAC;gBAEzD,MAAM,GAAG,GAAG,IAAI,6CAAoB,CAClC,KAAK,IAAI,EAAE;oBACT,IAAI,CAAC,yBAAyB,EAAE,CAAC;wBAC/B,IAAI,UAAU,GAAG,MAAM,QAAQ,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;wBAC/D,yBAAyB,GAAG,UAAU,CAAC,OAAO,CAAC;wBAC/C,OAAO,UAAU,CAAC;oBACpB,CAAC;yBAAM,CAAC;wBACN,OAAO,QAAQ,CAAC,MAAM,CAAC,kBAAkB,CAAC;4BACxC,YAAY,EAAE,IAAI;4BAClB,OAAO,EAAE,yBAAyB;4BAClC,MAAM;yBACP,CAAC,CAAC;oBACL,CAAC;gBAEH,CAAC,CACF,CAAC;gBACF,MAAM,EAAE,GAAG,IAAI,oBAAY,CAAC,GAAG,EAAE,MAAM,CAAC,kBAAkB,CAAC,CAAC;gBAC5D,OAAO,IAAI,yDAA0B,CAAC,EAAE,EAAE,GAAG,EAAE;oBAC7C,uBAAuB,EAAE,MAAM,CAAC,uBAAuB;oBACvD,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,IAAI,yDAA0B;oBACzE,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;iBAC1C,CAAC,CAAC;YACL,CAAC;SACF,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,YAAY,CAAC,MAAuB;QACzC,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;YACpB,KAAK,cAAc;gBACjB,OAAO,qCAAqC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAChE,KAAK,QAAQ;gBACX,OAAO,MAAM,CAAC,YAAY,CAAC;YAC7B,KAAK,SAAS;gBACZ,OAAO,0CAA0C,CAAC;YACpD;gBACE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;CAEF;AAnPD,8EAmPC;AAEY,QAAA,mBAAmB,GAAG,kCAAkC,CAAC;AACzD,QAAA,WAAW,GAAG,yBAAyB,CAAA;AAkDpD,MAAM,aAAa,GAAG;IACpB,cAAc,CAAC,QAAkB,EAAE,OAAe,EAAE,WAAoB;QACtE,IAAI,CAAC,WAAW;YAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IACD,iBAAiB,EAAE,KAAK;IACxB,QAAQ,EAAE,oBAAQ,CAAC,KAAK;CACzB,CAAA;AAED;;;GAGG;AACU,QAAA,oBAAoB,GAAgB;IAC/C,yCAAyC;IACzC,WAAW,EAAE,CAAC,KAAc,EAAE,EAAE,CAAC,KAAK,YAAY,0BAAY;IAC9D,WAAW,EAAE,EAAE;IACf,cAAc,EAAE,GAAG;IACnB,UAAU,EAAE,MAAM;IAClB,iBAAiB,EAAE,CAAC;IACpB,gBAAgB,EAAE,GAAG;CAEtB,CAAC;AAEW,QAAA,4BAA4B,GAAuB;IAC9D,KAAK,EAAE,4BAAoB;IAC3B,sBAAsB,EAAE,GAAG,CAAC,kDAAkD;CAC/E,CAAA;AAED;;;GAGG;AACH,MAAa,kBAAkB;IAElB;IACA;IACA;IAHX,YACW,MAA+B,EAC/B,MAAgB,EAChB,WAAmB;QAFnB,WAAM,GAAN,MAAM,CAAyB;QAC/B,WAAM,GAAN,MAAM,CAAU;QAChB,gBAAW,GAAX,WAAW,CAAQ;IAC3B,CAAC;IAEJ,KAAK,CAAC,cAAc,CAAC,SAGpB;QACC,MAAM,qBAAqB,GAA4B;YACrD,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,aAAa,EAAE,SAAS,CAAC,SAAS;YAClC,mBAAmB,EAAE,SAAS,CAAC,eAAe;SAC/C,CAAC;QAEF,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;IAC3D,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,MAAkB;QACzC,MAAM,YAAY,GAA6B;YAC7C,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,YAAY,EAAE,MAAM,CAAC,QAAQ;YAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;SAC9B,CAAC;QAEF,OAAO,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,YAAY;QAKvB,MAAM,cAAc,GAAG,IAAI,0BAAc,EAAE,CAAC;QAC5C,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,MAAM,cAAc,CAAC,iBAAiB,EAAE,CAAC;QACzE,OAAO;YACL,QAAQ;YACR,SAAS;YACT,eAAe,EAAE,MAAM;SACxB,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,MAKb;QACC,MAAM,MAAM,GAAG;YACb,IAAI,EAAE;gBACJ,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,SAAS,EAAE,iCAAiC,CAAC,YAAY,CAAC,MAAM,CAAC,eAAe,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;aACzG;YACD,MAAM,EAAE;gBACN,aAAa;aACd;SACF,CAAC;QAEF,OAAO,IAAI,kBAAkB,CAC3B,IAAI,mCAAuB,CAAC,MAAM,CAAC,EACnC,MAAM,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,EAC9B,MAAM,CAAC,WAAW,CACnB,CAAC;IACJ,CAAC;CACF;AArED,gDAqEC"}
|
|
@@ -1,26 +1,47 @@
|
|
|
1
1
|
import { AuthenticationResult } from '@azure/msal-common/node';
|
|
2
|
+
import { AccessToken } from '@azure/core-auth';
|
|
2
3
|
import { BasicAuth, StreamingCredentialsProvider, IdentityProvider, TokenManager, ReAuthenticationError, StreamingCredentialsListener, Disposable } from '@redis/client/dist/lib/authx';
|
|
3
4
|
/**
|
|
4
5
|
* A streaming credentials provider that uses the Entraid identity provider to provide credentials.
|
|
5
6
|
* Please use one of the factory functions in `entraid-credetfactories.ts` to create an instance of this class for the different
|
|
6
7
|
* type of authentication flows.
|
|
7
8
|
*/
|
|
9
|
+
export type AuthenticationResponse = AuthenticationResult | AccessToken;
|
|
8
10
|
export declare class EntraidCredentialsProvider implements StreamingCredentialsProvider {
|
|
9
11
|
#private;
|
|
10
|
-
readonly tokenManager: TokenManager<
|
|
11
|
-
readonly idp: IdentityProvider<
|
|
12
|
+
readonly tokenManager: TokenManager<AuthenticationResponse>;
|
|
13
|
+
readonly idp: IdentityProvider<AuthenticationResponse>;
|
|
12
14
|
private readonly options;
|
|
13
15
|
readonly type = "streaming-credentials-provider";
|
|
14
|
-
constructor(tokenManager: TokenManager<
|
|
16
|
+
constructor(tokenManager: TokenManager<AuthenticationResponse>, idp: IdentityProvider<AuthenticationResponse>, options?: {
|
|
15
17
|
onReAuthenticationError?: (error: ReAuthenticationError) => void;
|
|
16
|
-
credentialsMapper?: (token:
|
|
18
|
+
credentialsMapper?: (token: AuthenticationResponse) => BasicAuth;
|
|
17
19
|
onRetryableError?: (error: string) => void;
|
|
18
20
|
});
|
|
19
21
|
subscribe(listener: StreamingCredentialsListener<BasicAuth>): Promise<[BasicAuth, Disposable]>;
|
|
20
22
|
onReAuthenticationError: (error: ReAuthenticationError) => void;
|
|
21
23
|
hasActiveSubscriptions(): boolean;
|
|
22
24
|
getSubscriptionsCount(): number;
|
|
23
|
-
getTokenManager(): TokenManager<
|
|
25
|
+
getTokenManager(): TokenManager<AuthenticationResponse>;
|
|
24
26
|
getCurrentCredentials(): BasicAuth | null;
|
|
25
27
|
}
|
|
28
|
+
export declare const DEFAULT_CREDENTIALS_MAPPER: (token: AuthenticationResponse) => BasicAuth;
|
|
29
|
+
export declare const OID_CREDENTIALS_MAPPER: (token: (AuthenticationResult | AccessToken)) => {
|
|
30
|
+
username: any;
|
|
31
|
+
password: string;
|
|
32
|
+
};
|
|
33
|
+
/**
|
|
34
|
+
* Type guard to check if a token is an MSAL AuthenticationResult
|
|
35
|
+
*
|
|
36
|
+
* @param auth - The token to check
|
|
37
|
+
* @returns true if the token is an AuthenticationResult
|
|
38
|
+
*/
|
|
39
|
+
export declare function isAuthenticationResult(auth: AuthenticationResult | AccessToken): auth is AuthenticationResult;
|
|
40
|
+
/**
|
|
41
|
+
* Type guard to check if a token is an Azure Identity AccessToken
|
|
42
|
+
*
|
|
43
|
+
* @param auth - The token to check
|
|
44
|
+
* @returns true if the token is an AccessToken
|
|
45
|
+
*/
|
|
46
|
+
export declare function isAccessToken(auth: AuthenticationResult | AccessToken): auth is AccessToken;
|
|
26
47
|
//# sourceMappingURL=entraid-credentials-provider.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"entraid-credentials-provider.d.ts","sourceRoot":"","sources":["../../lib/entraid-credentials-provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,EACL,SAAS,EAAE,4BAA4B,EAAE,gBAAgB,EAAE,YAAY,EACvE,qBAAqB,EAAE,4BAA4B,EAAmB,UAAU,EACjF,MAAM,8BAA8B,CAAC;AAEtC;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"entraid-credentials-provider.d.ts","sourceRoot":"","sources":["../../lib/entraid-credentials-provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EACL,SAAS,EAAE,4BAA4B,EAAE,gBAAgB,EAAE,YAAY,EACvE,qBAAqB,EAAE,4BAA4B,EAAmB,UAAU,EACjF,MAAM,8BAA8B,CAAC;AAEtC;;;;GAIG;AAEH,MAAM,MAAM,sBAAsB,GAAG,oBAAoB,GAAG,WAAW,CAAA;AAEvE,qBAAa,0BAA2B,YAAW,4BAA4B;;aAe3D,YAAY,EAAE,YAAY,CAAC,sBAAsB,CAAC;aAClD,GAAG,EAAE,gBAAgB,CAAC,sBAAsB,CAAC;IAC7D,OAAO,CAAC,QAAQ,CAAC,OAAO;IAhB1B,QAAQ,CAAC,IAAI,oCAAoC;gBAc/B,YAAY,EAAE,YAAY,CAAC,sBAAsB,CAAC,EAClD,GAAG,EAAE,gBAAgB,CAAC,sBAAsB,CAAC,EAC5C,OAAO,GAAE;QACxB,uBAAuB,CAAC,EAAE,CAAC,KAAK,EAAE,qBAAqB,KAAK,IAAI,CAAC;QACjE,iBAAiB,CAAC,EAAE,CAAC,KAAK,EAAE,sBAAsB,KAAK,SAAS,CAAC;QACjE,gBAAgB,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;KACvC;IAMF,SAAS,CACb,QAAQ,EAAE,4BAA4B,CAAC,SAAS,CAAC,GAChD,OAAO,CAAC,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IA6BnC,uBAAuB,EAAE,CAAC,KAAK,EAAE,qBAAqB,KAAK,IAAI,CAAC;IA6CzD,sBAAsB,IAAI,OAAO;IAIjC,qBAAqB,IAAI,MAAM;IAI/B,eAAe;IAIf,qBAAqB,IAAI,SAAS,GAAG,IAAI;CAKjD;AAED,eAAO,MAAM,0BAA0B,UAAW,sBAAsB,KAAG,SAS1E,CAAC;AAKF,eAAO,MAAM,sBAAsB,UAAW,CAAC,oBAAoB,GAAG,WAAW,CAAC;;;CAqBjF,CAAA;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,oBAAoB,GAAG,WAAW,GAAG,IAAI,IAAI,oBAAoB,CAG7G;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,oBAAoB,GAAG,WAAW,GAAG,IAAI,IAAI,WAAW,CAG3F"}
|
|
@@ -1,11 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.EntraidCredentialsProvider = void 0;
|
|
4
|
-
/**
|
|
5
|
-
* A streaming credentials provider that uses the Entraid identity provider to provide credentials.
|
|
6
|
-
* Please use one of the factory functions in `entraid-credetfactories.ts` to create an instance of this class for the different
|
|
7
|
-
* type of authentication flows.
|
|
8
|
-
*/
|
|
3
|
+
exports.isAccessToken = exports.isAuthenticationResult = exports.OID_CREDENTIALS_MAPPER = exports.DEFAULT_CREDENTIALS_MAPPER = exports.EntraidCredentialsProvider = void 0;
|
|
9
4
|
class EntraidCredentialsProvider {
|
|
10
5
|
tokenManager;
|
|
11
6
|
idp;
|
|
@@ -20,7 +15,7 @@ class EntraidCredentialsProvider {
|
|
|
20
15
|
this.idp = idp;
|
|
21
16
|
this.options = options;
|
|
22
17
|
this.onReAuthenticationError = options.onReAuthenticationError ?? DEFAULT_ERROR_HANDLER;
|
|
23
|
-
this.#credentialsMapper = options.credentialsMapper ?? DEFAULT_CREDENTIALS_MAPPER;
|
|
18
|
+
this.#credentialsMapper = options.credentialsMapper ?? exports.DEFAULT_CREDENTIALS_MAPPER;
|
|
24
19
|
}
|
|
25
20
|
async subscribe(listener) {
|
|
26
21
|
const currentToken = this.tokenManager.getCurrentToken();
|
|
@@ -76,8 +71,8 @@ class EntraidCredentialsProvider {
|
|
|
76
71
|
};
|
|
77
72
|
}
|
|
78
73
|
async #startTokenManagerAndObtainInitialToken() {
|
|
79
|
-
const
|
|
80
|
-
const token = this.tokenManager.wrapAndSetCurrentToken(
|
|
74
|
+
const { ttlMs, token: initialToken } = await this.idp.requestToken();
|
|
75
|
+
const token = this.tokenManager.wrapAndSetCurrentToken(initialToken, ttlMs);
|
|
81
76
|
this.#tokenManagerDisposable = this.tokenManager.start(this.#createTokenManagerListener(this.#listeners), this.tokenManager.calculateRefreshTime(token));
|
|
82
77
|
return token;
|
|
83
78
|
}
|
|
@@ -96,9 +91,59 @@ class EntraidCredentialsProvider {
|
|
|
96
91
|
}
|
|
97
92
|
}
|
|
98
93
|
exports.EntraidCredentialsProvider = EntraidCredentialsProvider;
|
|
99
|
-
const DEFAULT_CREDENTIALS_MAPPER = (token) =>
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
94
|
+
const DEFAULT_CREDENTIALS_MAPPER = (token) => {
|
|
95
|
+
if (isAuthenticationResult(token)) {
|
|
96
|
+
return {
|
|
97
|
+
username: token.uniqueId,
|
|
98
|
+
password: token.accessToken
|
|
99
|
+
};
|
|
100
|
+
}
|
|
101
|
+
else {
|
|
102
|
+
return (0, exports.OID_CREDENTIALS_MAPPER)(token);
|
|
103
|
+
}
|
|
104
|
+
};
|
|
105
|
+
exports.DEFAULT_CREDENTIALS_MAPPER = DEFAULT_CREDENTIALS_MAPPER;
|
|
103
106
|
const DEFAULT_ERROR_HANDLER = (error) => console.error('ReAuthenticationError', error);
|
|
107
|
+
const OID_CREDENTIALS_MAPPER = (token) => {
|
|
108
|
+
if (isAuthenticationResult(token)) {
|
|
109
|
+
// Client credentials flow is app-only authentication (no user context),
|
|
110
|
+
// so only access token is provided without user-specific claims (uniqueId, idToken, ...)
|
|
111
|
+
// this means that we need to extract the oid from the access token manually
|
|
112
|
+
const accessToken = JSON.parse(Buffer.from(token.accessToken.split('.')[1], 'base64').toString());
|
|
113
|
+
return ({
|
|
114
|
+
username: accessToken.oid,
|
|
115
|
+
password: token.accessToken
|
|
116
|
+
});
|
|
117
|
+
}
|
|
118
|
+
else {
|
|
119
|
+
const accessToken = JSON.parse(Buffer.from(token.token.split('.')[1], 'base64').toString());
|
|
120
|
+
return ({
|
|
121
|
+
username: accessToken.oid,
|
|
122
|
+
password: token.token
|
|
123
|
+
});
|
|
124
|
+
}
|
|
125
|
+
};
|
|
126
|
+
exports.OID_CREDENTIALS_MAPPER = OID_CREDENTIALS_MAPPER;
|
|
127
|
+
/**
|
|
128
|
+
* Type guard to check if a token is an MSAL AuthenticationResult
|
|
129
|
+
*
|
|
130
|
+
* @param auth - The token to check
|
|
131
|
+
* @returns true if the token is an AuthenticationResult
|
|
132
|
+
*/
|
|
133
|
+
function isAuthenticationResult(auth) {
|
|
134
|
+
return typeof auth.accessToken === 'string' &&
|
|
135
|
+
!('token' in auth);
|
|
136
|
+
}
|
|
137
|
+
exports.isAuthenticationResult = isAuthenticationResult;
|
|
138
|
+
/**
|
|
139
|
+
* Type guard to check if a token is an Azure Identity AccessToken
|
|
140
|
+
*
|
|
141
|
+
* @param auth - The token to check
|
|
142
|
+
* @returns true if the token is an AccessToken
|
|
143
|
+
*/
|
|
144
|
+
function isAccessToken(auth) {
|
|
145
|
+
return typeof auth.token === 'string' &&
|
|
146
|
+
!('accessToken' in auth);
|
|
147
|
+
}
|
|
148
|
+
exports.isAccessToken = isAccessToken;
|
|
104
149
|
//# sourceMappingURL=entraid-credentials-provider.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"entraid-credentials-provider.js","sourceRoot":"","sources":["../../lib/entraid-credentials-provider.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"entraid-credentials-provider.js","sourceRoot":"","sources":["../../lib/entraid-credentials-provider.ts"],"names":[],"mappings":";;;AAeA,MAAa,0BAA0B;IAenB;IACA;IACC;IAhBV,IAAI,GAAG,gCAAgC,CAAC;IAExC,UAAU,GAAiD,IAAI,GAAG,EAAE,CAAC;IAE9E,uBAAuB,GAAsB,IAAI,CAAC;IAClD,WAAW,GAAY,KAAK,CAAC;IAE7B,mBAAmB,GAId,EAAE,CAAC;IAER,YACkB,YAAkD,EAClD,GAA6C,EAC5C,UAIb,EAAE;QANU,iBAAY,GAAZ,YAAY,CAAsC;QAClD,QAAG,GAAH,GAAG,CAA0C;QAC5C,YAAO,GAAP,OAAO,CAIlB;QAEN,IAAI,CAAC,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,IAAI,qBAAqB,CAAC;QACxF,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,IAAI,kCAA0B,CAAC;IACpF,CAAC;IAED,KAAK,CAAC,SAAS,CACb,QAAiD;QAGjD,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;QAEzD,IAAI,YAAY,EAAE,CAAC;YACjB,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC;QACzF,CAAC;QAED,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACrC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,QAAQ,EAAE,CAAC,CAAC;YAChF,CAAC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uCAAuC,EAAE,CAAC;YAE1E,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,EAAE,OAAO,EAAE,eAAe,EAAE,EAAE,EAAE;gBAChE,OAAO,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAClG,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,mBAAmB,GAAG,EAAE,CAAC;YAE9B,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC;QACzF,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,uBAAuB,CAAyC;IAEhE,kBAAkB,CAA+C;IAEjE,2BAA2B,CAAC,WAAyD;QACnF,OAAO;YACL,OAAO,EAAE,CAAC,KAAe,EAAQ,EAAE;gBACjC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;oBACvB,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;gBAC3D,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACjD,CAAC;YACH,CAAC;YACD,MAAM,EAAE,CAAC,KAAoD,EAAQ,EAAE;gBACrE,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBACzD,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;YAChE,CAAC;SACF,CAAC;IACJ,CAAC;IAED,iBAAiB,CAAC,QAAiD;QACjE,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAE9B,OAAO;YACL,OAAO,EAAE,GAAG,EAAE;gBACZ,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBACjC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,uBAAuB,EAAE,CAAC;oBAC/D,IAAI,CAAC,uBAAuB,CAAC,OAAO,EAAE,CAAC;oBACvC,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC;gBACtC,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,uCAAuC;QAC3C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;QAErE,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,sBAAsB,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;QAC5E,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CACpD,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,UAAU,CAAC,EACjD,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAC9C,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,sBAAsB;QAC3B,OAAO,IAAI,CAAC,uBAAuB,KAAK,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,CAAC;IAC3E,CAAC;IAEM,qBAAqB;QAC1B,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;IAC9B,CAAC;IAEM,eAAe;QACpB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEM,qBAAqB;QAC1B,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;QACzD,OAAO,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC3E,CAAC;CAEF;AAxHD,gEAwHC;AAEM,MAAM,0BAA0B,GAAG,CAAC,KAA6B,EAAa,EAAE;IACrF,IAAI,sBAAsB,CAAC,KAAK,CAAC,EAAE,CAAC;QAClC,OAAO;YACL,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ,EAAE,KAAK,CAAC,WAAW;SAC5B,CAAA;IACH,CAAC;SAAM,CAAC;QACN,OAAO,IAAA,8BAAsB,EAAC,KAAK,CAAC,CAAA;IACtC,CAAC;AACH,CAAC,CAAC;AATW,QAAA,0BAA0B,8BASrC;AAEF,MAAM,qBAAqB,GAAG,CAAC,KAA4B,EAAE,EAAE,CAC7D,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;AAEzC,MAAM,sBAAsB,GAAG,CAAC,KAA2C,EAAE,EAAE;IAEpF,IAAI,sBAAsB,CAAC,KAAK,CAAC,EAAE,CAAC;QAClC,wEAAwE;QACxE,yFAAyF;QACzF,4EAA4E;QAC5E,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QAElG,OAAO,CAAC;YACN,QAAQ,EAAE,WAAW,CAAC,GAAG;YACzB,QAAQ,EAAE,KAAK,CAAC,WAAW;SAC5B,CAAC,CAAA;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QAE5F,OAAO,CAAC;YACN,QAAQ,EAAE,WAAW,CAAC,GAAG;YACzB,QAAQ,EAAE,KAAK,CAAC,KAAK;SACtB,CAAC,CAAA;IACJ,CAAC;AAEH,CAAC,CAAA;AArBY,QAAA,sBAAsB,0BAqBlC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,IAAwC;IAC7E,OAAO,OAAQ,IAA6B,CAAC,WAAW,KAAK,QAAQ;QAC9D,CAAC,CAAC,OAAO,IAAI,IAAI,CAAC,CAAA;AAC3B,CAAC;AAHD,wDAGC;AAED;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,IAAwC;IACpE,OAAO,OAAQ,IAAoB,CAAC,KAAK,KAAK,QAAQ;QAC/C,CAAC,CAAC,aAAa,IAAI,IAAI,CAAC,CAAC;AAClC,CAAC;AAHD,sCAGC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"msal-identity-provider.d.ts","sourceRoot":"","sources":["../../lib/msal-identity-provider.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACrB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAE/E,qBAAa,oBAAqB,YAAW,gBAAgB,CAAC,oBAAoB,CAAC;IACjF,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAsC;gBAEnD,QAAQ,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC;IAInD,YAAY,IAAI,OAAO,CAAC,aAAa,CAAC,oBAAoB,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"msal-identity-provider.d.ts","sourceRoot":"","sources":["../../lib/msal-identity-provider.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACrB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAE/E,qBAAa,oBAAqB,YAAW,gBAAgB,CAAC,oBAAoB,CAAC;IACjF,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAsC;gBAEnD,QAAQ,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC;IAInD,YAAY,IAAI,OAAO,CAAC,aAAa,CAAC,oBAAoB,CAAC,CAAC;CAYnE"}
|
|
@@ -7,19 +7,14 @@ class MSALIdentityProvider {
|
|
|
7
7
|
this.getToken = getToken;
|
|
8
8
|
}
|
|
9
9
|
async requestToken() {
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
throw new Error('Invalid token response');
|
|
14
|
-
}
|
|
15
|
-
return {
|
|
16
|
-
token: result,
|
|
17
|
-
ttlMs: result.expiresOn.getTime() - Date.now()
|
|
18
|
-
};
|
|
19
|
-
}
|
|
20
|
-
catch (error) {
|
|
21
|
-
throw error;
|
|
10
|
+
const result = await this.getToken();
|
|
11
|
+
if (!result?.accessToken || !result?.expiresOn) {
|
|
12
|
+
throw new Error('Invalid token response');
|
|
22
13
|
}
|
|
14
|
+
return {
|
|
15
|
+
token: result,
|
|
16
|
+
ttlMs: result.expiresOn.getTime() - Date.now()
|
|
17
|
+
};
|
|
23
18
|
}
|
|
24
19
|
}
|
|
25
20
|
exports.MSALIdentityProvider = MSALIdentityProvider;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"msal-identity-provider.js","sourceRoot":"","sources":["../../lib/msal-identity-provider.ts"],"names":[],"mappings":";;;AAKA,MAAa,oBAAoB;IACd,QAAQ,CAAsC;IAE/D,YAAY,QAA6C;QACvD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,
|
|
1
|
+
{"version":3,"file":"msal-identity-provider.js","sourceRoot":"","sources":["../../lib/msal-identity-provider.ts"],"names":[],"mappings":";;;AAKA,MAAa,oBAAoB;IACd,QAAQ,CAAsC;IAE/D,YAAY,QAA6C;QACvD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QAErC,IAAI,CAAC,MAAM,EAAE,WAAW,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO;YACL,KAAK,EAAE,MAAM;YACb,KAAK,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE;SAC/C,CAAC;IACJ,CAAC;CAEF;AAnBD,oDAmBC"}
|
package/dist/lib/test-utils.js
CHANGED
|
@@ -7,10 +7,10 @@ exports.GLOBAL = exports.testUtils = void 0;
|
|
|
7
7
|
const authx_1 = require("@redis/client/dist/lib/authx");
|
|
8
8
|
const test_utils_1 = __importDefault(require("@redis/test-utils"));
|
|
9
9
|
const entraid_credentials_provider_1 = require("./entraid-credentials-provider");
|
|
10
|
-
exports.testUtils =
|
|
11
|
-
dockerImageName: '
|
|
10
|
+
exports.testUtils = test_utils_1.default.createFromConfig({
|
|
11
|
+
dockerImageName: 'redislabs/client-libs-test',
|
|
12
12
|
dockerImageVersionArgument: 'redis-version',
|
|
13
|
-
defaultDockerVersion: '
|
|
13
|
+
defaultDockerVersion: '8.0-M05-pre'
|
|
14
14
|
});
|
|
15
15
|
const DEBUG_MODE_ARGS = exports.testUtils.isVersionGreaterThan([7]) ?
|
|
16
16
|
['--enable-debug-command', 'yes'] :
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"test-utils.js","sourceRoot":"","sources":["../../lib/test-utils.ts"],"names":[],"mappings":";;;;;;AACA,wDAA2H;AAC3H,mEAA0C;AAC1C,iFAA4E;AAE/D,QAAA,SAAS,GAAG,
|
|
1
|
+
{"version":3,"file":"test-utils.js","sourceRoot":"","sources":["../../lib/test-utils.ts"],"names":[],"mappings":";;;;;;AACA,wDAA2H;AAC3H,mEAA0C;AAC1C,iFAA4E;AAE/D,QAAA,SAAS,GAAG,oBAAS,CAAC,gBAAgB,CAAC;IAClD,eAAe,EAAE,4BAA4B;IAC7C,0BAA0B,EAAE,eAAe;IAC3C,oBAAoB,EAAE,aAAa;CACpC,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG,iBAAS,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC,CAAC;IACnC,EAAE,CAAC;AAEL,MAAM,GAAG,GAA2C;IAClD,YAAY;QACV,aAAa;QACb,OAAO,OAAO,CAAC,OAAO,CAAC;YACrB,KAAK,EAAE,MAAM;YACb,KAAK,EAAE;gBACL,WAAW,EAAE,UAAU;aACxB;SACF,CAAC,CAAA;IACJ,CAAC;CACF,CAAA;AAED,MAAM,YAAY,GAAG,IAAI,oBAAY,CAAuB,GAAG,EAAE,EAAE,sBAAsB,EAAE,GAAG,EAAE,CAAC,CAAC;AAClG,MAAM,0BAA0B,GAAiC,IAAI,yDAA0B,CAAC,YAAY,EAAE,GAAG,CAAC,CAAA;AAElH,MAAM,sBAAsB,GAAG;IAC7B,eAAe,EAAE,CAAC,eAAe,EAAE,UAAU,EAAE,GAAG,eAAe,CAAC;IAClE,eAAe,EAAE,CAAC;IAClB,gBAAgB,EAAE,CAAC;IACnB,oBAAoB,EAAE;QACpB,QAAQ,EAAE;YACR,mBAAmB,EAAE,0BAA0B;SAChD;KACF;CACF,CAAA;AAEY,QAAA,MAAM,GAAG;IACpB,QAAQ,EAAE;QACR,sBAAsB;KACvB;CACF,CAAA"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@redis/entraid",
|
|
3
|
-
"version": "5.0.0
|
|
3
|
+
"version": "5.0.0",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"types": "./dist/index.d.ts",
|
|
@@ -12,14 +12,16 @@
|
|
|
12
12
|
"clean": "rimraf dist",
|
|
13
13
|
"build": "npm run clean && tsc",
|
|
14
14
|
"start:auth-pkce": "tsx --tsconfig tsconfig.samples.json ./samples/auth-code-pkce/index.ts",
|
|
15
|
+
"start:interactive-browser": "tsx --tsconfig tsconfig.samples.json ./samples/interactive-browser/index.ts",
|
|
15
16
|
"test-integration": "mocha -r tsx --tsconfig tsconfig.integration-tests.json './integration-tests/**/*.spec.ts'",
|
|
16
17
|
"test": "nyc -r text-summary -r lcov mocha -r tsx './lib/**/*.spec.ts'"
|
|
17
18
|
},
|
|
18
19
|
"dependencies": {
|
|
20
|
+
"@azure/identity": "^4.7.0",
|
|
19
21
|
"@azure/msal-node": "^2.16.1"
|
|
20
22
|
},
|
|
21
23
|
"peerDependencies": {
|
|
22
|
-
"@redis/client": "^5.0.0
|
|
24
|
+
"@redis/client": "^5.0.0"
|
|
23
25
|
},
|
|
24
26
|
"devDependencies": {
|
|
25
27
|
"@types/express": "^4.17.21",
|