fix: fixed and refactored some pr notes

Sphereon-Opensource · Jun 21, 2022 · 2ff95b9 · 2ff95b9
1 parent 5821454
commit 2ff95b9
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 108 deletions.
diff --git a/packages/ms-authenticator/__tests__/authenticators.test.ts b/packages/ms-authenticator/__tests__/authenticators.test.ts
@@ -1,6 +1,6 @@
-import {ClientCredentialAuthenticator, UsernamePasswordAuthenticator} from "../src/authenticators";
+import { ClientCredentialAuthenticator, UsernamePasswordAuthenticator } from "../src";
 
-describe('@sphereon/ms-authenticator', ()=>{
+describe('@sphereon/ms-authenticator', () => {
 
   it('should authenticate using clientCredential', async () => {
 

diff --git a/packages/ms-authenticator/src/authenticators/MsAuthenticator.ts b/packages/ms-authenticator/src/authenticators/MsAuthenticator.ts
@@ -1,31 +1,8 @@
 import { ConfidentialClientApplication, LogLevel, PublicClientApplication, UsernamePasswordRequest } from '@azure/msal-node'
-import {
-  IMsAuthenticationAuthorizationCodeArgs,
-  IMsAuthenticationClientCredentialArgs,
-  IMsAuthenticationOnBehalfOfArgs, IMsAuthenticationSilentFlowArgs,
-  IMsAuthenticationUsernamePasswordArgs,
-} from '../index'
+import { IMsAuthenticationClientCredentialArgs, IMsAuthenticationUsernamePasswordArgs } from '../index'
 
 import { fetch } from 'cross-fetch'
 
-/**
- * Not implemented yet
- * @param authenticationArgs
- * @constructor
- */
-export async function AuthorizationCodeAuthenticator(authenticationArgs: IMsAuthenticationAuthorizationCodeArgs): Promise<string> {
-  throw new Error("This authentication method is not implemented yet.")
-}
-
-/**
- * Not implemented yet
- * @param authenticationArgs
- * @constructor
- */
-export async function BehalfOfAuthenticator(authenticationArgs: IMsAuthenticationOnBehalfOfArgs): Promise<string> {
-  throw new Error("This authentication method is not implemented yet.")
-}
-
 /**
  * necessary fields are:
  *   azClientId: clientId of the application you're trying to login
@@ -37,10 +14,10 @@ export async function BehalfOfAuthenticator(authenticationArgs: IMsAuthenticatio
  * @constructor
  */
 export async function ClientCredentialAuthenticator(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<string> {
-  var msalConfig = {
+  const msalConfig = {
     auth: {
       clientId: authenticationArgs.azClientId,
-      authority: 'https://login.microsoftonline.com/' + authenticationArgs.azTenantId,
+      authority: authenticationArgs.authority ? authenticationArgs.authority : 'https://login.microsoftonline.com/' + authenticationArgs.azTenantId,
       clientSecret: authenticationArgs.azClientSecret,
     },
     system: {
@@ -53,13 +30,12 @@ export async function ClientCredentialAuthenticator(authenticationArgs: IMsAuthe
 
   const cca = new ConfidentialClientApplication(msalConfig)
   const msalClientCredentialRequest = {
-    scopes: ['3db474b9-6a0c-4840-96ac-1fceb342124f/.default'],
-    skipCache: false,
+    scopes: authenticationArgs.scopes ? authenticationArgs.scopes : ['3db474b9-6a0c-4840-96ac-1fceb342124f/.default'],
+    skipCache: authenticationArgs.skipCache ? authenticationArgs.skipCache : false
   }
   await fetch('https://login.microsoftonline.com/' + authenticationArgs.azTenantId + '/v2.0/.well-known/openid-configuration', {method: 'GET'})
   .then((res) => res.json())
   .then(async (resp) => {
-    console.log(`tenant_region_scope = ${resp.tenant_region_scope}`)
     let msIdentityHostName = 'https://beta.did.msidentity.com/v1.0/'
     if (resp.tenant_region_scope == 'EU') {
       msIdentityHostName = 'https://beta.eu.did.msidentity.com/v1.0/'
@@ -72,55 +48,38 @@ export async function ClientCredentialAuthenticator(authenticationArgs: IMsAuthe
     // get the Access Token
     try {
       const result = await cca.acquireTokenByClientCredential(msalClientCredentialRequest)
-      if (result) {
+      if (result && result.accessToken) {
         return result.accessToken
       }
     } catch {
-      console.log('failed to get access token')
-      resp.status(401).json({
-        error: 'Could not acquire credentials to access your Azure Key Vault',
-      })
-      return
+      throw {
+        error: 'Could not acquire credentials to access your Azure Key Vault:\n' + JSON.stringify(resp),
+      }
     }
     return ''
   })
   return ''
 }
 
 /**
- * Not implemented yet
- * @param authenticationArgs
- * @constructor
- */
-export async function SilentFlowAuthenticator(authenticationArgs: IMsAuthenticationSilentFlowArgs): Promise<string> {
-  throw new Error("This authentication method is not implemented yet.")
-}
-
-/**
- * necessary fields are:
- *   azClientId: clientId of the application you're trying to login
- *   azTenantId: your MS Azure tenantId
- *   username: username of the user
- *   password: password of the user
- *   scopes: scopes that you want to access via this authentication
+ * Logs in with provided authenticationArgs and returns access token
  * @param authenticationArgs
  * @constructor
  */
 export async function UsernamePasswordAuthenticator(authenticationArgs: IMsAuthenticationUsernamePasswordArgs): Promise<string> {
   const msalConfig = {
     auth: {
       clientId: authenticationArgs.azClientId,
-      authority: 'https://login.microsoftonline.com/' + authenticationArgs.azTenantId,
+      authority: authenticationArgs.authority ? authenticationArgs.authority : 'https://login.microsoftonline.com/' + authenticationArgs.azTenantId,
     },
   }
   const pca = new PublicClientApplication(msalConfig)
   return await pca
   .acquireTokenByUsernamePassword(authenticationArgs as UsernamePasswordRequest)
   .then((response: any) => {
-    console.log('acquired token by password grant', response)
     return response
   })
   .catch((error: any) => {
-    console.log(error)
+    throw new Error("failed to authenticate: " + error)
   })
 }
diff --git a/packages/ms-authenticator/src/authenticators/index.ts b/packages/ms-authenticator/src/authenticators/index.ts
@@ -1,5 +1 @@
-export { AuthorizationCodeAuthenticator } from './MsAuthenticator'
-export { BehalfOfAuthenticator } from './MsAuthenticator'
-export { ClientCredentialAuthenticator } from './MsAuthenticator'
-export { SilentFlowAuthenticator } from './MsAuthenticator'
-export { UsernamePasswordAuthenticator } from './MsAuthenticator'
+export * from './MsAuthenticator'
diff --git a/packages/ms-authenticator/src/types/IMsAuthenticator.ts b/packages/ms-authenticator/src/types/IMsAuthenticator.ts
@@ -1,56 +1,44 @@
-import { IAgentContext, IPluginMethodMap } from '@veramo/core'
-import { AccountInfo } from '@azure/msal-common'
-
-export interface IMsAuthenticator extends IPluginMethodMap {
-  authenticateMsVcApi(): Promise<IMsAuthenticationResponse>
-}
-
-export interface IMsAuthenticationWrapperArgs {
-  authenticationType: MsAuthenticationTypeEnum
-  authenticationArgs:
-    | IMsAuthenticationClientCredentialArgs
-    | IMsAuthenticationUsernamePasswordArgs
-    | IMsAuthenticationAuthorizationCodeArgs
-    | IMsAuthenticationOnBehalfOfArgs
-}
-
-export interface IMsAuthenticationArgs {
+import { IAgentContext } from '@veramo/core'
+
+/**
+ *   azClientId: clientId of the application you're trying to login
+ *   azClientSecret: secret of the application you're trying to login
+ *   azTenantId: your MS Azure tenantId
+ *   credentialManifest: address of your credential manifest. usually in following format:
+ *    https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema>
+ *   authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats:
+ *    - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant.
+ *    - Work and school accounts: https://login.microsoftonline.com/organizations/.
+ *   scopes?: scopes that you want to access via this authentication
+ *   skipCache?: whether to skip cache
+ */
+export interface IMsAuthenticationClientCredentialArgs {
   azClientId: string
   azTenantId: string
-}
-export interface IMsAuthenticationClientCredentialArgs extends IMsAuthenticationArgs {
   azClientSecret: string
   credentialManifest: string
-}
-export interface IMsAuthenticationUsernamePasswordArgs extends IMsAuthenticationArgs {
-  password: string,
-  scopes: string[],
+  authority?: string
+  scopes?: string[]
+  skipCache?: boolean
+}
+
+/**
+ *   azClientId: clientId of the application you're trying to login
+ *   azTenantId: your MS Azure tenantId
+ *   username: username of the user
+ *   password: password of the user
+ *   scopes: scopes that you want to access via this authentication
+ *   authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats:
+ *    - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant.
+ *    - Work and school accounts: https://login.microsoftonline.com/organizations/.
+ */
+export interface IMsAuthenticationUsernamePasswordArgs {
+  azClientId: string
+  azTenantId: string
+  password: string
+  scopes: string[]
   username: string
-}
-
-export interface IMsAuthenticationAuthorizationCodeArgs extends IMsAuthenticationArgs {
-  redirectUri: string
-  code: string
-}
-
-export interface IMsAuthenticationOnBehalfOfArgs extends IMsAuthenticationArgs {
-  oboAssertion: string
-}
-
-export interface IMsAuthenticationSilentFlowArgs extends IMsAuthenticationArgs {
-  account: AccountInfo
-}
-
-export enum events {
-  AUTHENTICATED = 'authenticated',
-}
-
-export enum MsAuthenticationTypeEnum {
-  ClientCredential= 'ClientCredential',
-  AuthorizationCode = 'AuthorizationCode',
-  UsernamePassword = 'UsernamePassword',
-  BehalfOf = 'BehalfOf',
-  Silent = 'Silent',
+  authority?: string
 }
 
 export type IRequiredContext = IAgentContext<Record<string, never>>