@sphereon/ssi-sdk.ms-authenticator - npm Package Compare versions

Comparing version 0.13.1-unstable.15 to 0.14.0

dist/authenticators/MsAuthenticator.d.ts

@@ -1,5 +0,11 @@
-import { IMsAuthenticationClientCredentialArgs, IMsAuthenticationUsernamePasswordArgs } from '../index';
-export declare const MS_IDENTITY_HOST_NAME_NONE_EU = "https://beta.did.msidentity.com/v1.0/";
-export declare const MS_IDENTITY_HOST_NAME_EU = "https://beta.eu.did.msidentity.com/v1.0/";
-export declare function checkMsIdentityHostname(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<string>;
+import { AuthenticationResult, ConfidentialClientApplication } from '@azure/msal-node';
+import { IMSClientCredentialAuthInfo, IMsAuthenticationClientCredentialArgs, IMsAuthenticationUsernamePasswordArgs } from '../index';
+export declare const MS_DID_ENDPOINT_NON_EU = "https://beta.did.msidentity.com/v1.0/";
+export declare const MS_DID_ENDPOINT_EU = "https://beta.eu.did.msidentity.com/v1.0/";
+export declare function getMSOpenIDClientRegion(azTenantId: string): Promise<string>;
+export declare function getEntraDIDEndpoint(opts: {
+    region?: string;
+    azTenantId: string;
+}): Promise<"https://beta.did.msidentity.com/v1.0/" | "https://beta.eu.did.msidentity.com/v1.0/">;
+export declare function assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<string>;
 /**
@@ -10,2 +16,3 @@ * necessary fields are:
  *   azTenantId: your MS Azure tenantId
+ * optional fields:
  *   credentialManifest: address of your credential manifest. usually in following format:
@@ -16,3 +23,6 @@ *    https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema>
  */
-export declare function ClientCredentialAuthenticator(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<string>;
+export declare function getMSClientCredentialAccessToken(authenticationArgs: IMsAuthenticationClientCredentialArgs, opts?: {
+    confidentialClient?: ConfidentialClientApplication;
+}): Promise<AuthenticationResult>;
+export declare function newMSClientCredentialAuthenticator(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<IMSClientCredentialAuthInfo>;
 /**
@@ -24,2 +34,3 @@ * Logs in with provided authenticationArgs and returns access token
 export declare function UsernamePasswordAuthenticator(authenticationArgs: IMsAuthenticationUsernamePasswordArgs): Promise<string>;
+export declare function determineMSAuthId(authenticationArgs: IMsAuthenticationClientCredentialArgs | IMsAuthenticationUsernamePasswordArgs): string;
 //# sourceMappingURL=MsAuthenticator.d.ts.map

dist/authenticators/MsAuthenticator.js

@@ -11,12 +11,16 @@ "use strict";
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.UsernamePasswordAuthenticator = exports.ClientCredentialAuthenticator = exports.checkMsIdentityHostname = exports.MS_IDENTITY_HOST_NAME_EU = exports.MS_IDENTITY_HOST_NAME_NONE_EU = void 0;
+exports.determineMSAuthId = exports.UsernamePasswordAuthenticator = exports.newMSClientCredentialAuthenticator = exports.getMSClientCredentialAccessToken = exports.assertEntraCredentialManifestUrlInCorrectRegion = exports.getEntraDIDEndpoint = exports.getMSOpenIDClientRegion = exports.MS_DID_ENDPOINT_EU = exports.MS_DID_ENDPOINT_NON_EU = void 0;
 const msal_node_1 = require("@azure/msal-node");
 const cross_fetch_1 = require("cross-fetch");
+const object_hash_1 = __importDefault(require("object-hash"));
 const EU = 'EU';
 const HTTP_METHOD_GET = 'GET';
-// Event though there are many regions, MS has only 2 identity host names (EU and NONE_EU)
+// Event though there are many regions, MS has only 2 DID identity host names (EU and NON_EU)
 // https://docs.microsoft.com/en-us/azure/active-directory/verifiable-credentials/whats-new#are-there-any-changes-to-the-way-that-we-use-the-request-api-as-a-result-of-this-move
-exports.MS_IDENTITY_HOST_NAME_NONE_EU = 'https://beta.did.msidentity.com/v1.0/';
-exports.MS_IDENTITY_HOST_NAME_EU = 'https://beta.eu.did.msidentity.com/v1.0/';
+exports.MS_DID_ENDPOINT_NON_EU = 'https://beta.did.msidentity.com/v1.0/';
+exports.MS_DID_ENDPOINT_EU = 'https://beta.eu.did.msidentity.com/v1.0/';
 const MS_LOGIN_PREFIX = 'https://login.microsoftonline.com/';
@@ -28,25 +32,34 @@ const MS_LOGIN_OPENID_CONFIG_POSTFIX = '/v2.0/.well-known/openid-configuration';
 const ERROR_FAILED_AUTHENTICATION = 'failed to authenticate: ';
-function getClientRegion(azTenantId) {
+// todo: This is a pretty heavy operation. Getting all the OIDC discovery data from a fetch only to return the region. Probably wise to add some caching and refactor so we can do more with the other OIDC info as well
+function getMSOpenIDClientRegion(azTenantId) {
     return __awaiter(this, void 0, void 0, function* () {
-        let region = EU;
-        yield (0, cross_fetch_1.fetch)(MS_LOGIN_PREFIX + azTenantId + MS_LOGIN_OPENID_CONFIG_POSTFIX, { method: HTTP_METHOD_GET })
+        return (0, cross_fetch_1.fetch)(MS_LOGIN_PREFIX + azTenantId + MS_LOGIN_OPENID_CONFIG_POSTFIX, { method: HTTP_METHOD_GET })
             .then((res) => res.json())
             .then((resp) => __awaiter(this, void 0, void 0, function* () {
-            region = resp.tenant_region_scope;
+            var _a;
+            return (_a = resp.tenant_region_scope) !== null && _a !== void 0 ? _a : EU;
         }));
-        return region;
     });
 }
-function checkMsIdentityHostname(authenticationArgs) {
+exports.getMSOpenIDClientRegion = getMSOpenIDClientRegion;
+function getEntraDIDEndpoint(opts) {
+    var _a;
     return __awaiter(this, void 0, void 0, function* () {
-        const region = authenticationArgs.region ? authenticationArgs.region : yield getClientRegion(authenticationArgs.azTenantId);
-        const msIdentityHostName = region === EU ? exports.MS_IDENTITY_HOST_NAME_EU : exports.MS_IDENTITY_HOST_NAME_NONE_EU;
+        const region = (_a = opts === null || opts === void 0 ? void 0 : opts.region) !== null && _a !== void 0 ? _a : (yield getMSOpenIDClientRegion(opts.azTenantId));
+        return region === EU ? exports.MS_DID_ENDPOINT_EU : exports.MS_DID_ENDPOINT_NON_EU;
+    });
+}
+exports.getEntraDIDEndpoint = getEntraDIDEndpoint;
+function assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs) {
+    var _a;
+    return __awaiter(this, void 0, void 0, function* () {
+        const msDIDEndpoint = yield getEntraDIDEndpoint(authenticationArgs);
         // Check that the Credential Manifest URL is in the same tenant Region and throw an error if it's not
-        if (!authenticationArgs.credentialManifestUrl.startsWith(msIdentityHostName)) {
-            throw new Error(ERROR_CREDENTIAL_MANIFEST_REGION + msIdentityHostName + `. value: ${authenticationArgs.credentialManifestUrl}`);
+        if (!((_a = authenticationArgs.credentialManifestUrl) === null || _a === void 0 ? void 0 : _a.startsWith(msDIDEndpoint))) {
+            throw new Error(ERROR_CREDENTIAL_MANIFEST_REGION + msDIDEndpoint + `. value: ${authenticationArgs.credentialManifestUrl}`);
         }
-        return msIdentityHostName;
+        return msDIDEndpoint;
     });
 }
-exports.checkMsIdentityHostname = checkMsIdentityHostname;
+exports.assertEntraCredentialManifestUrlInCorrectRegion = assertEntraCredentialManifestUrlInCorrectRegion;
 /**
@@ -57,2 +70,3 @@ * necessary fields are:
  *   azTenantId: your MS Azure tenantId
+ * optional fields:
  *   credentialManifest: address of your credential manifest. usually in following format:
@@ -63,28 +77,21 @@ *    https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema>
  */
-function ClientCredentialAuthenticator(authenticationArgs) {
+function getMSClientCredentialAccessToken(authenticationArgs, opts) {
+    var _a, _b, _c;
     return __awaiter(this, void 0, void 0, function* () {
-        const msalConfig = {
-            auth: {
-                clientId: authenticationArgs.azClientId,
-                authority: authenticationArgs.authority ? authenticationArgs.authority : MS_LOGIN_PREFIX + authenticationArgs.azTenantId,
-                clientSecret: authenticationArgs.azClientSecret,
-            },
-            system: {
-                loggerOptions: {
-                    piiLoggingEnabled: authenticationArgs.piiLoggingEnabled ? authenticationArgs.piiLoggingEnabled : false,
-                    logLevel: authenticationArgs.logLevel ? authenticationArgs.logLevel : msal_node_1.LogLevel.Verbose,
-                },
-            },
-        };
-        const cca = new msal_node_1.ConfidentialClientApplication(msalConfig);
+        const confidentialClient = (_a = opts === null || opts === void 0 ? void 0 : opts.confidentialClient) !== null && _a !== void 0 ? _a : (yield newMSClientCredentialAuthenticator(authenticationArgs).then((cca) => cca.confidentialClient));
+        if (!confidentialClient) {
+            throw Error('No Credential Client Authenticator could be constructed');
+        }
+        if (authenticationArgs === null || authenticationArgs === void 0 ? void 0 : authenticationArgs.credentialManifestUrl) {
+            yield assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs);
+        }
         const msalClientCredentialRequest = {
-            scopes: authenticationArgs.scopes ? authenticationArgs.scopes : [MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE],
-            skipCache: authenticationArgs.skipCache ? authenticationArgs.skipCache : false,
+            scopes: (_b = authenticationArgs.scopes) !== null && _b !== void 0 ? _b : ((authenticationArgs === null || authenticationArgs === void 0 ? void 0 : authenticationArgs.credentialManifestUrl) ? [MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE] : []),
+            skipCache: (_c = authenticationArgs.skipCache) !== null && _c !== void 0 ? _c : false,
         };
-        checkMsIdentityHostname(authenticationArgs);
         // get the Access Token
         try {
-            const result = yield cca.acquireTokenByClientCredential(msalClientCredentialRequest);
-            if (result && result.accessToken) {
-                return result.accessToken;
+            const result = yield confidentialClient.acquireTokenByClientCredential(msalClientCredentialRequest);
+            if (result) {
+                return result;
             }
@@ -97,6 +104,29 @@ }
         }
-        return '';
+        throw {
+            error: ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT,
+        };
     });
 }
-exports.ClientCredentialAuthenticator = ClientCredentialAuthenticator;
+exports.getMSClientCredentialAccessToken = getMSClientCredentialAccessToken;
+function newMSClientCredentialAuthenticator(authenticationArgs) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const didEndpoint = (authenticationArgs === null || authenticationArgs === void 0 ? void 0 : authenticationArgs.credentialManifestUrl)
+            ? yield assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs)
+            : undefined;
+        const auth = authOptions(authenticationArgs);
+        const id = (0, object_hash_1.default)(auth);
+        const msalConfig = {
+            auth,
+            system: {
+                loggerOptions: {
+                    piiLoggingEnabled: authenticationArgs.piiLoggingEnabled ? authenticationArgs.piiLoggingEnabled : false,
+                    logLevel: authenticationArgs.logLevel ? authenticationArgs.logLevel : msal_node_1.LogLevel.Verbose,
+                },
+            },
+        };
+        const confidentialClientApp = new msal_node_1.ConfidentialClientApplication(msalConfig);
+        return { confidentialClient: confidentialClientApp, msalConfig, authenticationArgs, didEndpoint, id };
+    });
+}
+exports.newMSClientCredentialAuthenticator = newMSClientCredentialAuthenticator;
 /**
@@ -110,6 +140,3 @@ * Logs in with provided authenticationArgs and returns access token
         const msalConfig = {
-            auth: {
-                clientId: authenticationArgs.azClientId,
-                authority: authenticationArgs.authority ? authenticationArgs.authority : MS_LOGIN_PREFIX + authenticationArgs.azTenantId,
-            },
+            auth: authOptions(authenticationArgs),
         };
@@ -128,2 +155,9 @@ const pca = new msal_node_1.PublicClientApplication(msalConfig);
 exports.UsernamePasswordAuthenticator = UsernamePasswordAuthenticator;
+function authOptions(authenticationArgs) {
+    return Object.assign({ clientId: authenticationArgs.azClientId, authority: authenticationArgs.authority ? authenticationArgs.authority : MS_LOGIN_PREFIX + authenticationArgs.azTenantId }, (authenticationArgs && 'azClientSecret' in authenticationArgs && { clientSecret: authenticationArgs.azClientSecret }));
+}
+function determineMSAuthId(authenticationArgs) {
+    return (0, object_hash_1.default)(authOptions(authenticationArgs));
+}
+exports.determineMSAuthId = determineMSAuthId;
 //# sourceMappingURL=MsAuthenticator.js.map

dist/types/IMsAuthenticator.d.ts

@@ -1,3 +0,2 @@
-import { IAgentContext } from '@veramo/core';
-import { LogLevel } from '@azure/msal-node';
+import { ConfidentialClientApplication, Configuration, LogLevel } from '@azure/msal-node';
 /**
@@ -28,3 +27,3 @@ *   azClientId: clientId of the application you're trying to login
     azClientSecret: string;
-    credentialManifestUrl: string;
+    credentialManifestUrl?: string;
     authority?: string;
@@ -55,4 +54,9 @@ region?: string;
 }
-export type IRequiredContext = IAgentContext<Record<string, never>>;
-export type IMsAuthenticationResponse = String;
+export interface IMSClientCredentialAuthInfo {
+    id: string;
+    confidentialClient: ConfidentialClientApplication;
+    msalConfig: Configuration;
+    authenticationArgs: IMsAuthenticationClientCredentialArgs;
+    didEndpoint?: string;
+}
 //# sourceMappingURL=IMsAuthenticator.d.ts.map

package.json

 {
   "name": "@sphereon/ssi-sdk.ms-authenticator",
-  "version": "0.13.1-unstable.15+99fa57b",
+  "version": "0.14.0",
   "source": "src/index.ts",
@@ -12,13 +12,17 @@ "main": "dist/index.js",
   "dependencies": {
-    "@azure/msal-common": "^11.0.0",
-    "@azure/msal-node": "^1.16.0",
-    "@veramo/core": "4.2.0",
-    "cross-fetch": "^3.1.5"
+    "@azure/msal-common": "^13.2.0",
+    "@azure/msal-node": "^1.18.0",
+    "cross-fetch": "^3.1.5",
+    "object-hash": "^3.0.0"
   },
   "devDependencies": {
     "@types/jest": "^27.5.2",
-    "jest": "^27.5.1",
-    "prettier": "^2.4.1",
-    "ts-jest": "^27.1.5"
+    "@types/object-hash": "^3.0.2",
+    "jest": "^29.6.1",
+    "prettier": "^2.8.8",
+    "ts-jest": "^29.1.1"
   },
+  "engines": {
+    "node": ">= 16.0"
+  },
   "files": [
@@ -46,3 +50,3 @@ "dist/**/*",
   ],
-  "gitHead": "99fa57b705cbb40934b2ec61d2ea18e2007fe683"
+  "gitHead": "bf86b361a5e77883294ca1e4cecca616eb51633f"
 }

README.md

@@ -11,3 +11,3 @@ <!--suppress HtmlDeprecatedAttribute -->
 
-**Warning: This package still is in every early development. Breaking changes without notice will happen at this point!**
+**Warning: This package still is in early development. Breaking changes without notice will happen at this point!**
 
@@ -23,3 +23,3 @@ ---
 ```shell
-yarn add @sphereon/ssi-sdk.ms-authenticator
+pnpm add @sphereon/ssi-sdk.ms-authenticator
 ```
@@ -30,3 +30,3 @@
 ```shell
-yarn build
+pnpm build
 ```

src/authenticators/MsAuthenticator.ts

@@ -1,5 +0,15 @@
-import { ConfidentialClientApplication, LogLevel, PublicClientApplication, UsernamePasswordRequest } from '@azure/msal-node'
-import { IMsAuthenticationClientCredentialArgs, IMsAuthenticationUsernamePasswordArgs } from '../index'
+import {
+  AuthenticationResult,
+  ConfidentialClientApplication,
+  Configuration,
+  LogLevel,
+  NodeAuthOptions,
+  PublicClientApplication,
+  UsernamePasswordRequest,
+} from '@azure/msal-node'
 import { fetch } from 'cross-fetch'
+import { IMSClientCredentialAuthInfo, IMsAuthenticationClientCredentialArgs, IMsAuthenticationUsernamePasswordArgs } from '../index'
 
+import hash from 'object-hash'
+
 const EU = 'EU'
@@ -9,6 +19,6 @@
 
-// Event though there are many regions, MS has only 2 identity host names (EU and NONE_EU)
+// Event though there are many regions, MS has only 2 DID identity host names (EU and NON_EU)
 // https://docs.microsoft.com/en-us/azure/active-directory/verifiable-credentials/whats-new#are-there-any-changes-to-the-way-that-we-use-the-request-api-as-a-result-of-this-move
-export const MS_IDENTITY_HOST_NAME_NONE_EU = 'https://beta.did.msidentity.com/v1.0/'
-export const MS_IDENTITY_HOST_NAME_EU = 'https://beta.eu.did.msidentity.com/v1.0/'
+export const MS_DID_ENDPOINT_NON_EU = 'https://beta.did.msidentity.com/v1.0/'
+export const MS_DID_ENDPOINT_EU = 'https://beta.eu.did.msidentity.com/v1.0/'
 const MS_LOGIN_PREFIX = 'https://login.microsoftonline.com/'
@@ -22,20 +32,23 @@ const MS_LOGIN_OPENID_CONFIG_POSTFIX = '/v2.0/.well-known/openid-configuration'
 
-async function getClientRegion(azTenantId: string): Promise<string> {
-  let region = EU
-  await fetch(MS_LOGIN_PREFIX + azTenantId + MS_LOGIN_OPENID_CONFIG_POSTFIX, { method: HTTP_METHOD_GET })
+// todo: This is a pretty heavy operation. Getting all the OIDC discovery data from a fetch only to return the region. Probably wise to add some caching and refactor so we can do more with the other OIDC info as well
+export async function getMSOpenIDClientRegion(azTenantId: string): Promise<string> {
+  return fetch(MS_LOGIN_PREFIX + azTenantId + MS_LOGIN_OPENID_CONFIG_POSTFIX, { method: HTTP_METHOD_GET })
     .then((res) => res.json())
     .then(async (resp) => {
-      region = resp.tenant_region_scope
+      return resp.tenant_region_scope ?? EU
     })
-  return region
 }
 
-export async function checkMsIdentityHostname(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<string> {
-  const region = authenticationArgs.region ? authenticationArgs.region : await getClientRegion(authenticationArgs.azTenantId)
-  const msIdentityHostName = region === EU ? MS_IDENTITY_HOST_NAME_EU : MS_IDENTITY_HOST_NAME_NONE_EU
+export async function getEntraDIDEndpoint(opts: { region?: string; azTenantId: string }) {
+  const region = opts?.region ?? (await getMSOpenIDClientRegion(opts.azTenantId))
+  return region === EU ? MS_DID_ENDPOINT_EU : MS_DID_ENDPOINT_NON_EU
+}
+
+export async function assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<string> {
+  const msDIDEndpoint = await getEntraDIDEndpoint(authenticationArgs)
   // Check that the Credential Manifest URL is in the same tenant Region and throw an error if it's not
-  if (!authenticationArgs.credentialManifestUrl.startsWith(msIdentityHostName)) {
-    throw new Error(ERROR_CREDENTIAL_MANIFEST_REGION + msIdentityHostName + `. value: ${authenticationArgs.credentialManifestUrl}`)
+  if (!authenticationArgs.credentialManifestUrl?.startsWith(msDIDEndpoint)) {
+    throw new Error(ERROR_CREDENTIAL_MANIFEST_REGION + msDIDEndpoint + `. value: ${authenticationArgs.credentialManifestUrl}`)
   }
-  return msIdentityHostName
+  return msDIDEndpoint
 }
@@ -48,2 +61,3 @@
  *   azTenantId: your MS Azure tenantId
+ * optional fields:
  *   credentialManifest: address of your credential manifest. usually in following format:
@@ -54,30 +68,27 @@ *    https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema>
  */
-export async function ClientCredentialAuthenticator(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<string> {
-  const msalConfig = {
-    auth: {
-      clientId: authenticationArgs.azClientId,
-      authority: authenticationArgs.authority ? authenticationArgs.authority : MS_LOGIN_PREFIX + authenticationArgs.azTenantId,
-      clientSecret: authenticationArgs.azClientSecret,
-    },
-    system: {
-      loggerOptions: {
-        piiLoggingEnabled: authenticationArgs.piiLoggingEnabled ? authenticationArgs.piiLoggingEnabled : false,
-        logLevel: authenticationArgs.logLevel ? authenticationArgs.logLevel : LogLevel.Verbose,
-      },
-    },
+export async function getMSClientCredentialAccessToken(
+  authenticationArgs: IMsAuthenticationClientCredentialArgs,
+  opts?: {
+    confidentialClient?: ConfidentialClientApplication
   }
+): Promise<AuthenticationResult> {
+  const confidentialClient =
+    opts?.confidentialClient ?? (await newMSClientCredentialAuthenticator(authenticationArgs).then((cca) => cca.confidentialClient))
+  if (!confidentialClient) {
+    throw Error('No Credential Client Authenticator could be constructed')
+  }
+  if (authenticationArgs?.credentialManifestUrl) {
+    await assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs)
+  }
 
-  const cca = new ConfidentialClientApplication(msalConfig)
   const msalClientCredentialRequest = {
-    scopes: authenticationArgs.scopes ? authenticationArgs.scopes : [MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE],
-    skipCache: authenticationArgs.skipCache ? authenticationArgs.skipCache : false,
+    scopes: authenticationArgs.scopes ?? (authenticationArgs?.credentialManifestUrl ? [MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE] : []),
+    skipCache: authenticationArgs.skipCache ?? false,
   }
 
-  checkMsIdentityHostname(authenticationArgs)
-
   // get the Access Token
   try {
-    const result = await cca.acquireTokenByClientCredential(msalClientCredentialRequest)
-    if (result && result.accessToken) {
-      return result.accessToken
+    const result = await confidentialClient.acquireTokenByClientCredential(msalClientCredentialRequest)
+    if (result) {
+      return result
     }
@@ -89,5 +100,29 @@ } catch (err) {
   }
-  return ''
+  throw {
+    error: ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT,
+  }
 }
 
+export async function newMSClientCredentialAuthenticator(
+  authenticationArgs: IMsAuthenticationClientCredentialArgs
+): Promise<IMSClientCredentialAuthInfo> {
+  const didEndpoint = authenticationArgs?.credentialManifestUrl
+    ? await assertEntraCredentialManifestUrlInCorrectRegion(authenticationArgs)
+    : undefined
+  const auth = authOptions(authenticationArgs)
+  const id = hash(auth)
+  const msalConfig: Configuration = {
+    auth,
+    system: {
+      loggerOptions: {
+        piiLoggingEnabled: authenticationArgs.piiLoggingEnabled ? authenticationArgs.piiLoggingEnabled : false,
+        logLevel: authenticationArgs.logLevel ? authenticationArgs.logLevel : LogLevel.Verbose,
+      },
+    },
+  }
+  const confidentialClientApp = new ConfidentialClientApplication(msalConfig)
+
+  return { confidentialClient: confidentialClientApp, msalConfig, authenticationArgs, didEndpoint, id }
+}
+
 /**
@@ -100,6 +135,3 @@ * Logs in with provided authenticationArgs and returns access token
   const msalConfig = {
-    auth: {
-      clientId: authenticationArgs.azClientId,
-      authority: authenticationArgs.authority ? authenticationArgs.authority : MS_LOGIN_PREFIX + authenticationArgs.azTenantId,
-    },
+    auth: authOptions(authenticationArgs),
   }
@@ -116,1 +148,13 @@ const pca = new PublicClientApplication(msalConfig)
 }
+
+function authOptions(authenticationArgs: IMsAuthenticationClientCredentialArgs | IMsAuthenticationUsernamePasswordArgs): NodeAuthOptions {
+  return {
+    clientId: authenticationArgs.azClientId,
+    authority: authenticationArgs.authority ? authenticationArgs.authority : MS_LOGIN_PREFIX + authenticationArgs.azTenantId,
+    ...(authenticationArgs && 'azClientSecret' in authenticationArgs && { clientSecret: authenticationArgs.azClientSecret }),
+  }
+}
+
+export function determineMSAuthId(authenticationArgs: IMsAuthenticationClientCredentialArgs | IMsAuthenticationUsernamePasswordArgs): string {
+  return hash(authOptions(authenticationArgs))
+}

src/types/IMsAuthenticator.ts

@@ -1,4 +0,2 @@
-import { IAgentContext } from '@veramo/core'
-import { LogLevel } from '@azure/msal-node'
-
+import { ConfidentialClientApplication, Configuration, LogLevel } from '@azure/msal-node'
 /**
@@ -29,3 +27,3 @@ *   azClientId: clientId of the application you're trying to login
   azClientSecret: string
-  credentialManifestUrl: string
+  credentialManifestUrl?: string
   authority?: string
@@ -58,3 +56,8 @@ region?: string
 
-export type IRequiredContext = IAgentContext<Record<string, never>>
-export type IMsAuthenticationResponse = String
+export interface IMSClientCredentialAuthInfo {
+  id: string
+  confidentialClient: ConfidentialClientApplication
+  msalConfig: Configuration
+  authenticationArgs: IMsAuthenticationClientCredentialArgs
+  didEndpoint?: string
+}

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

46296

increased by17.18%

Lines of code

506

increased by22.82%

Number of medium supply chain risk alerts

0

decreased by-100%

Published versions last week

7

increased by16.67%

Worsened metrics

Dev dependency count

5

increased by25%

Dependency changes

• + Addedobject-hash@^3.0.0

• + Added@azure/msal-common@13.3.3(transitive)

• + Addedobject-hash@3.0.0(transitive)

• - Removed@veramo/core@4.2.0

• - Removed@azure/msal-common@11.0.0(transitive)

• - Removed@multiformats/base-x@4.0.1(transitive)

• - Removed@noble/ciphers@0.4.1(transitive)

• - Removed@noble/curves@1.7.0(transitive)

• - Removed@noble/hashes@1.6.01.6.1(transitive)

• - Removed@scure/base@1.2.1(transitive)

• - Removed@stablelib/aead@1.0.1(transitive)

• - Removed@stablelib/binary@1.0.1(transitive)

• - Removed@stablelib/bytes@1.0.1(transitive)

• - Removed@stablelib/chacha@1.0.1(transitive)

• - Removed@stablelib/chacha20poly1305@1.0.1(transitive)

• - Removed@stablelib/constant-time@1.0.1(transitive)

• - Removed@stablelib/ed25519@1.0.3(transitive)

• - Removed@stablelib/hash@1.0.1(transitive)

• - Removed@stablelib/int@1.0.1(transitive)

• - Removed@stablelib/keyagreement@1.0.1(transitive)

• - Removed@stablelib/poly1305@1.0.1(transitive)

• - Removed@stablelib/random@1.0.2(transitive)

• - Removed@stablelib/sha256@1.0.1(transitive)

• - Removed@stablelib/sha512@1.0.1(transitive)

• - Removed@stablelib/wipe@1.0.1(transitive)

• - Removed@stablelib/x25519@1.0.3(transitive)

• - Removed@stablelib/xchacha20@1.0.1(transitive)

• - Removed@stablelib/xchacha20poly1305@1.0.1(transitive)

• - Removed@veramo/core@4.2.0(transitive)

• - Removedbech32@2.0.0(transitive)

• - Removedbn.js@4.12.1(transitive)

• - Removedbrorand@1.1.0(transitive)

• - Removedcanonicalize@2.0.0(transitive)

• - Removedcommander@10.0.1(transitive)

• - Removedcredential-status@2.0.6(transitive)

• - Removeddebug@4.4.0(transitive)

• - Removeddid-jwt@6.11.67.4.7(transitive)

• - Removeddid-jwt-vc@3.2.15(transitive)

• - Removeddid-resolver@4.1.0(transitive)

• - Removedelliptic@6.6.1(transitive)

• - Removedevents@3.3.0(transitive)

• - Removedhash.js@1.1.7(transitive)

• - Removedhmac-drbg@1.0.1(transitive)

• - Removedinherits@2.0.4(transitive)

• - Removedjs-sha3@0.8.0(transitive)

• - Removedlodash.get@4.4.2(transitive)

• - Removedlodash.isequal@4.5.0(transitive)

• - Removedminimalistic-assert@1.0.1(transitive)

• - Removedminimalistic-crypto-utils@1.0.1(transitive)

• - Removedmultibase@4.0.6(transitive)

• - Removedmultiformats@9.9.0(transitive)

• - Removeduint8arrays@3.1.1(transitive)

• - Removedvalidator@13.12.0(transitive)

• - Removedz-schema@5.0.6(transitive)

• Updated@azure/msal-common@^13.2.0

• Updated@azure/msal-node@^1.18.0