Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@microsoft/mgt-element
Advanced tools
The Microsoft Graph Toolkit (mgt) library is a collection of authentication providers and UI components powered by Microsoft Graph.
The @microsoft/mgt-element
package contains all base classes that enable the providers and components to work together. Use this package to set the global provider, or to create your own providers and/or components that work with Microsoft Graph.
See docs for full documentation
The @microsoft/mgt-element
package exposes the Providers
namespace that enables global usage of the authentication providers across your entire app.
This example illustrates how to instantiate a new provider (MsalProvider in this case) and use it across your app:
Install the packages
npm install @microsoft/mgt-element @microsoft/mgt-msal-provider
Create the provider
import {Providers} from '@microsoft/mgt-element';
import {MsalProvider} from '@microsoft/mgt-msal-provider';
// initialize the auth provider globally
Providers.globalProvider = new MsalProvider({clientId: 'clientId'});
Use the provider to sign in and call the graph:
import {Providers, ProviderState} from '@microsoft/mgt-element';
const handleLoginClicked = async () => {
await Providers.globalProvider.login();
if (Providers.globalProvider.state === ProviderState.SignedIn) {
let me = await Provider.globalProvider.graph.client.api('/me').get();
}
}
You can learn more about how to use the providers in the documentation.
The providers work well with the @microsoft/mgt-components
package and all components use the provider automatically when they need to call Microsoft Graph.
In scenarios where you want to use the Providers namespace and/or add Microsoft Graph Toolkit components to an application with pre-existing authentication code, you can create a custom provider that hooks into your authentication mechanism. @microsoft/mgt-element
enables two ways to create new providers:
If you already have a function that returns accessTokens
, you can use a SimpleProvider to wrap the function:
import {Providers, SimpleProvider} from '@microsoft/mgt-element';
function getAccessToken(scopes: string[]) {
// return a promise with accessToken string
}
function login() {
// login code - optional
// make sure to set the state when signed in
Providers.globalProvider.setState(ProviderState.SignedIn)
}
function logout() {
// logout code - optional
// make sure to set the state when signed out
Providers.globalProvider.setState(ProviderState.SignedOut)
}
Provider.globalProvider = new SimpleProvider(getAccessToken, login, logout);
You can extend the IProvider abstract class to create your own provider. The IProvider is similar to the SimpleProvider in that it requires the developer to implement the getAccessToken()
function.
See the custom provider documentation for more details on both ways to create custom providers.
FAQs
Microsoft Graph Toolkit base classes
The npm package @microsoft/mgt-element receives a total of 6,856 weekly downloads. As such, @microsoft/mgt-element popularity was classified as popular.
We found that @microsoft/mgt-element demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.