Skip to content

Commit

Permalink
currently no consumers of finance api so making is solely MI authenti…
Browse files Browse the repository at this point in the history 
…cation in the client
  • Loading branch information
@cofaulco
cofaulco committed May 25, 2022
1 parent f85fbf1 commit ec46091
Show file tree
Hide file tree
Showing 3 changed files with 1 addition and 24 deletions.
3 changes: 0 additions & 3 deletions src/SFA.DAS.EmployerFinance.Api.Client/EmployerFinanceApiClientConfiguration.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,6 @@
public class EmployerFinanceApiClientConfiguration : IEmployerFinanceApiClientConfiguration
{
public string ApiBaseUrl { get; }
public string ClientId { get; set; }
public string ClientSecret { get; set; }
public string IdentifierUri { get; set; }
public string Tenant { get; set; }
}
}
3 changes: 0 additions & 3 deletions src/SFA.DAS.EmployerFinance.Api.Client/IEmployerFinanceApiClientConfiguration.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,6 @@
public interface IEmployerFinanceApiClientConfiguration
{
string ApiBaseUrl { get; }
string ClientId { get; }
string ClientSecret { get; }
string IdentifierUri { get; }
string Tenant { get; }
}
}
19 changes: 1 addition & 18 deletions src/SFA.DAS.EmployerFinance.Api.Client/SecureHttpClient.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Azure.Services.AppAuthentication;
using Microsoft.IdentityModel.Clients.ActiveDirectory;

namespace SFA.DAS.EmployerFinance.Api.Client
{
Expand All @@ -23,9 +22,7 @@ protected SecureHttpClient()

public virtual async Task<string> GetAsync(string url, CancellationToken cancellationToken = default)
{
var accessToken = IsClientCredentialConfiguration(_configuration.ClientId, _configuration.ClientSecret, _configuration.Tenant)
? await GetClientCredentialAuthenticationResult(_configuration.ClientId, _configuration.ClientSecret, _configuration.IdentifierUri, _configuration.Tenant)
: await GetManagedIdentityAuthenticationResult(_configuration.IdentifierUri);
var accessToken = await GetManagedIdentityAuthenticationResult(_configuration.IdentifierUri);

using (var client = new HttpClient())
{
Expand All @@ -38,24 +35,10 @@ public virtual async Task<string> GetAsync(string url, CancellationToken cancell
}
}

private async Task<string> GetClientCredentialAuthenticationResult(string clientId, string clientSecret, string resource, string tenant)
{
var authority = $"https://login.microsoftonline.com/{tenant}";
var clientCredential = new ClientCredential(clientId, clientSecret);
var context = new AuthenticationContext(authority, true);
var result = await context.AcquireTokenAsync(resource, clientCredential);
return result.AccessToken;
}

private async Task<string> GetManagedIdentityAuthenticationResult(string resource)
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
return await azureServiceTokenProvider.GetAccessTokenAsync(resource);
}

private bool IsClientCredentialConfiguration(string clientId, string clientSecret, string tenant)
{
return !string.IsNullOrEmpty(clientId) && !string.IsNullOrEmpty(clientSecret) && !string.IsNullOrEmpty(tenant);
}
}
}

0 comments on commit ec46091

Please sign in to comment.