diff --git a/packages/ms-authenticator/__tests__/authenticators.test.ts b/packages/ms-authenticator/__tests__/authenticators.test.ts index 4a6a7fae6..06ccba641 100644 --- a/packages/ms-authenticator/__tests__/authenticators.test.ts +++ b/packages/ms-authenticator/__tests__/authenticators.test.ts @@ -1,6 +1,6 @@ -import {ClientCredentialAuthenticator, UsernamePasswordAuthenticator} from "../src/authenticators"; +import { ClientCredentialAuthenticator, UsernamePasswordAuthenticator } from "../src"; -describe('@sphereon/ms-authenticator', ()=>{ +describe('@sphereon/ms-authenticator', () => { it('should authenticate using clientCredential', async () => { diff --git a/packages/ms-authenticator/src/authenticators/MsAuthenticator.ts b/packages/ms-authenticator/src/authenticators/MsAuthenticator.ts index 166b662a2..65a9fbb9d 100644 --- a/packages/ms-authenticator/src/authenticators/MsAuthenticator.ts +++ b/packages/ms-authenticator/src/authenticators/MsAuthenticator.ts @@ -1,31 +1,8 @@ import { ConfidentialClientApplication, LogLevel, PublicClientApplication, UsernamePasswordRequest } from '@azure/msal-node' -import { - IMsAuthenticationAuthorizationCodeArgs, - IMsAuthenticationClientCredentialArgs, - IMsAuthenticationOnBehalfOfArgs, IMsAuthenticationSilentFlowArgs, - IMsAuthenticationUsernamePasswordArgs, -} from '../index' +import { IMsAuthenticationClientCredentialArgs, IMsAuthenticationUsernamePasswordArgs } from '../index' import { fetch } from 'cross-fetch' -/** - * Not implemented yet - * @param authenticationArgs - * @constructor - */ -export async function AuthorizationCodeAuthenticator(authenticationArgs: IMsAuthenticationAuthorizationCodeArgs): Promise { - throw new Error("This authentication method is not implemented yet.") -} - -/** - * Not implemented yet - * @param authenticationArgs - * @constructor - */ -export async function BehalfOfAuthenticator(authenticationArgs: IMsAuthenticationOnBehalfOfArgs): Promise { - throw new Error("This authentication method is not implemented yet.") -} - /** * necessary fields are: * azClientId: clientId of the application you're trying to login @@ -37,10 +14,10 @@ export async function BehalfOfAuthenticator(authenticationArgs: IMsAuthenticatio * @constructor */ export async function ClientCredentialAuthenticator(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise { - var msalConfig = { + const msalConfig = { auth: { clientId: authenticationArgs.azClientId, - authority: 'https://login.microsoftonline.com/' + authenticationArgs.azTenantId, + authority: authenticationArgs.authority ? authenticationArgs.authority : 'https://login.microsoftonline.com/' + authenticationArgs.azTenantId, clientSecret: authenticationArgs.azClientSecret, }, system: { @@ -53,13 +30,12 @@ export async function ClientCredentialAuthenticator(authenticationArgs: IMsAuthe const cca = new ConfidentialClientApplication(msalConfig) const msalClientCredentialRequest = { - scopes: ['3db474b9-6a0c-4840-96ac-1fceb342124f/.default'], - skipCache: false, + scopes: authenticationArgs.scopes ? authenticationArgs.scopes : ['3db474b9-6a0c-4840-96ac-1fceb342124f/.default'], + skipCache: authenticationArgs.skipCache ? authenticationArgs.skipCache : false } await fetch('https://login.microsoftonline.com/' + authenticationArgs.azTenantId + '/v2.0/.well-known/openid-configuration', {method: 'GET'}) .then((res) => res.json()) .then(async (resp) => { - console.log(`tenant_region_scope = ${resp.tenant_region_scope}`) let msIdentityHostName = 'https://beta.did.msidentity.com/v1.0/' if (resp.tenant_region_scope == 'EU') { msIdentityHostName = 'https://beta.eu.did.msidentity.com/v1.0/' @@ -72,15 +48,13 @@ export async function ClientCredentialAuthenticator(authenticationArgs: IMsAuthe // get the Access Token try { const result = await cca.acquireTokenByClientCredential(msalClientCredentialRequest) - if (result) { + if (result && result.accessToken) { return result.accessToken } } catch { - console.log('failed to get access token') - resp.status(401).json({ - error: 'Could not acquire credentials to access your Azure Key Vault', - }) - return + throw { + error: 'Could not acquire credentials to access your Azure Key Vault:\n' + JSON.stringify(resp), + } } return '' }) @@ -88,21 +62,7 @@ export async function ClientCredentialAuthenticator(authenticationArgs: IMsAuthe } /** - * Not implemented yet - * @param authenticationArgs - * @constructor - */ -export async function SilentFlowAuthenticator(authenticationArgs: IMsAuthenticationSilentFlowArgs): Promise { - throw new Error("This authentication method is not implemented yet.") -} - -/** - * necessary fields are: - * azClientId: clientId of the application you're trying to login - * azTenantId: your MS Azure tenantId - * username: username of the user - * password: password of the user - * scopes: scopes that you want to access via this authentication + * Logs in with provided authenticationArgs and returns access token * @param authenticationArgs * @constructor */ @@ -110,17 +70,16 @@ export async function UsernamePasswordAuthenticator(authenticationArgs: IMsAuthe const msalConfig = { auth: { clientId: authenticationArgs.azClientId, - authority: 'https://login.microsoftonline.com/' + authenticationArgs.azTenantId, + authority: authenticationArgs.authority ? authenticationArgs.authority : 'https://login.microsoftonline.com/' + authenticationArgs.azTenantId, }, } const pca = new PublicClientApplication(msalConfig) return await pca .acquireTokenByUsernamePassword(authenticationArgs as UsernamePasswordRequest) .then((response: any) => { - console.log('acquired token by password grant', response) return response }) .catch((error: any) => { - console.log(error) + throw new Error("failed to authenticate: " + error) }) } diff --git a/packages/ms-authenticator/src/authenticators/index.ts b/packages/ms-authenticator/src/authenticators/index.ts index e8c98c358..8ae6382a2 100644 --- a/packages/ms-authenticator/src/authenticators/index.ts +++ b/packages/ms-authenticator/src/authenticators/index.ts @@ -1,5 +1 @@ -export { AuthorizationCodeAuthenticator } from './MsAuthenticator' -export { BehalfOfAuthenticator } from './MsAuthenticator' -export { ClientCredentialAuthenticator } from './MsAuthenticator' -export { SilentFlowAuthenticator } from './MsAuthenticator' -export { UsernamePasswordAuthenticator } from './MsAuthenticator' \ No newline at end of file +export * from './MsAuthenticator' \ No newline at end of file diff --git a/packages/ms-authenticator/src/types/IMsAuthenticator.ts b/packages/ms-authenticator/src/types/IMsAuthenticator.ts index 3f0bb0081..2e82eac2f 100644 --- a/packages/ms-authenticator/src/types/IMsAuthenticator.ts +++ b/packages/ms-authenticator/src/types/IMsAuthenticator.ts @@ -1,56 +1,44 @@ -import { IAgentContext, IPluginMethodMap } from '@veramo/core' -import { AccountInfo } from '@azure/msal-common' - -export interface IMsAuthenticator extends IPluginMethodMap { - authenticateMsVcApi(): Promise -} - -export interface IMsAuthenticationWrapperArgs { - authenticationType: MsAuthenticationTypeEnum - authenticationArgs: - | IMsAuthenticationClientCredentialArgs - | IMsAuthenticationUsernamePasswordArgs - | IMsAuthenticationAuthorizationCodeArgs - | IMsAuthenticationOnBehalfOfArgs -} - -export interface IMsAuthenticationArgs { +import { IAgentContext } from '@veramo/core' + +/** + * azClientId: clientId of the application you're trying to login + * azClientSecret: secret of the application you're trying to login + * azTenantId: your MS Azure tenantId + * credentialManifest: address of your credential manifest. usually in following format: + * https://beta.eu.did.msidentity.com/v1.0//verifiableCredential/contracts/ + * authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: + * - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. + * - Work and school accounts: https://login.microsoftonline.com/organizations/. + * scopes?: scopes that you want to access via this authentication + * skipCache?: whether to skip cache + */ +export interface IMsAuthenticationClientCredentialArgs { azClientId: string azTenantId: string -} -export interface IMsAuthenticationClientCredentialArgs extends IMsAuthenticationArgs { azClientSecret: string credentialManifest: string -} -export interface IMsAuthenticationUsernamePasswordArgs extends IMsAuthenticationArgs { - password: string, - scopes: string[], + authority?: string + scopes?: string[] + skipCache?: boolean +} + +/** + * azClientId: clientId of the application you're trying to login + * azTenantId: your MS Azure tenantId + * username: username of the user + * password: password of the user + * scopes: scopes that you want to access via this authentication + * authority: optional. if not provided, we'll use the azClientId to create the Tenanted format if provided should be one of these two formats: + * - Tenanted: https://login.microsoftonline.com/{tenant}/, where {tenant} is either the GUID representing the tenant ID or a domain name associated with the tenant. + * - Work and school accounts: https://login.microsoftonline.com/organizations/. + */ +export interface IMsAuthenticationUsernamePasswordArgs { + azClientId: string + azTenantId: string + password: string + scopes: string[] username: string -} - -export interface IMsAuthenticationAuthorizationCodeArgs extends IMsAuthenticationArgs { - redirectUri: string - code: string -} - -export interface IMsAuthenticationOnBehalfOfArgs extends IMsAuthenticationArgs { - oboAssertion: string -} - -export interface IMsAuthenticationSilentFlowArgs extends IMsAuthenticationArgs { - account: AccountInfo -} - -export enum events { - AUTHENTICATED = 'authenticated', -} - -export enum MsAuthenticationTypeEnum { - ClientCredential= 'ClientCredential', - AuthorizationCode = 'AuthorizationCode', - UsernamePassword = 'UsernamePassword', - BehalfOf = 'BehalfOf', - Silent = 'Silent', + authority?: string } export type IRequiredContext = IAgentContext>