diff --git a/packages/ms-authenticator/src/authenticators/MsAuthenticator.ts b/packages/ms-authenticator/src/authenticators/MsAuthenticator.ts index 65a9fbb9d..d55bf545c 100644 --- a/packages/ms-authenticator/src/authenticators/MsAuthenticator.ts +++ b/packages/ms-authenticator/src/authenticators/MsAuthenticator.ts @@ -3,6 +3,20 @@ import { IMsAuthenticationClientCredentialArgs, IMsAuthenticationUsernamePasswor import { fetch } from 'cross-fetch' +const EU = 'EU' + +const HTTP_METHOD_GET = 'GET'; + +const MS_IDENTITY_HOST_NAME_NONE_EU = 'https://beta.did.msidentity.com/v1.0/'; +const MS_IDENTITY_HOST_NAME_EU = 'https://beta.eu.did.msidentity.com/v1.0/'; +const MS_LOGIN_PREFIX = 'https://login.microsoftonline.com/'; +const MS_LOGIN_OPENID_CONFIG_POSTFIX = '/v2.0/.well-known/openid-configuration'; +const MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE = '3db474b9-6a0c-4840-96ac-1fceb342124f/.default'; + +const ERROR_CREDENTIAL_MANIFEST_REGION = `Error in config file. CredentialManifest URL configured for wrong tenant region. Should start with:`; +const ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT = 'Could not acquire credentials to access your Azure Key Vault:\n' +const ERROR_FAILED_AUTHENTICATION = 'failed to authenticate: '; + /** * necessary fields are: * azClientId: clientId of the application you're trying to login @@ -17,7 +31,7 @@ export async function ClientCredentialAuthenticator(authenticationArgs: IMsAuthe const msalConfig = { auth: { clientId: authenticationArgs.azClientId, - authority: authenticationArgs.authority ? authenticationArgs.authority : 'https://login.microsoftonline.com/' + authenticationArgs.azTenantId, + authority: authenticationArgs.authority ? authenticationArgs.authority : MS_LOGIN_PREFIX + authenticationArgs.azTenantId, clientSecret: authenticationArgs.azClientSecret, }, system: { @@ -30,19 +44,19 @@ export async function ClientCredentialAuthenticator(authenticationArgs: IMsAuthe const cca = new ConfidentialClientApplication(msalConfig) const msalClientCredentialRequest = { - scopes: authenticationArgs.scopes ? authenticationArgs.scopes : ['3db474b9-6a0c-4840-96ac-1fceb342124f/.default'], + scopes: authenticationArgs.scopes ? authenticationArgs.scopes : [MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE], skipCache: authenticationArgs.skipCache ? authenticationArgs.skipCache : false } - await fetch('https://login.microsoftonline.com/' + authenticationArgs.azTenantId + '/v2.0/.well-known/openid-configuration', {method: 'GET'}) + await fetch(MS_LOGIN_PREFIX + authenticationArgs.azTenantId + MS_LOGIN_OPENID_CONFIG_POSTFIX, {method: HTTP_METHOD_GET}) .then((res) => res.json()) .then(async (resp) => { - let msIdentityHostName = 'https://beta.did.msidentity.com/v1.0/' - if (resp.tenant_region_scope == 'EU') { - msIdentityHostName = 'https://beta.eu.did.msidentity.com/v1.0/' + let msIdentityHostName = MS_IDENTITY_HOST_NAME_NONE_EU; + if (resp.tenant_region_scope == EU) { + msIdentityHostName = MS_IDENTITY_HOST_NAME_EU; } // Check that the Credential Manifest URL is in the same tenant Region and throw an error if it's not - if (!authenticationArgs.credentialManifest.startsWith(msIdentityHostName)) { - throw new Error(`Error in config file. CredentialManifest URL configured for wrong tenant region. Should start with:` + msIdentityHostName) + if (!authenticationArgs.credentialManifestUrl.startsWith(msIdentityHostName)) { + throw new Error(ERROR_CREDENTIAL_MANIFEST_REGION + msIdentityHostName) } // get the Access Token @@ -53,7 +67,7 @@ export async function ClientCredentialAuthenticator(authenticationArgs: IMsAuthe } } catch { throw { - error: 'Could not acquire credentials to access your Azure Key Vault:\n' + JSON.stringify(resp), + error: ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT + JSON.stringify(resp), } } return '' @@ -70,7 +84,7 @@ export async function UsernamePasswordAuthenticator(authenticationArgs: IMsAuthe const msalConfig = { auth: { clientId: authenticationArgs.azClientId, - authority: authenticationArgs.authority ? authenticationArgs.authority : 'https://login.microsoftonline.com/' + authenticationArgs.azTenantId, + authority: authenticationArgs.authority ? authenticationArgs.authority : MS_LOGIN_PREFIX + authenticationArgs.azTenantId, }, } const pca = new PublicClientApplication(msalConfig) @@ -80,6 +94,6 @@ export async function UsernamePasswordAuthenticator(authenticationArgs: IMsAuthe return response }) .catch((error: any) => { - throw new Error("failed to authenticate: " + error) + throw new Error(ERROR_FAILED_AUTHENTICATION + error) }) }