feat: changed the structure of the module to be more like the ssi-cor…

…e module of ours. Plus, changed some documents

README.md

@@ -35,6 +35,10 @@ multiple packages (see lerna below). It contains plugins that extend the Veramo
 
 The [core package](./packages/ssi-sdk-core/README.md) contains types and methods shared by the other plugins
 
+## MS Authenticator
+
+The core package for microsoft authentication using msal library.
+
 ## Factom DID Provider
 
 The [Factom Protocol DID Provider](./packages/factom-did-provider/README.md) can create DIDs using the

packages/ms-authenticator/CHANGELOG.md

@@ -0,0 +1,4 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

packages/ms-vc-api-issuer/README.md → packages/ms-authenticator/README.md

@@ -2,7 +2,7 @@
 <h1 align="center">
   <br>
   <a href="https://www.sphereon.com"><img src="https://sphereon.com/content/themes/sphereon/assets/img/logo.svg" alt="Sphereon" width="400"></a>
-  <br>Microsoft Azure Active Directory VC API Issuer (Typescript) 
+  <br>Microsoft Azure Active Directory Authenticator (Typescript) 
   <br>
 </h1>
 
@@ -12,14 +12,14 @@
 
 ---
 
-# ms-vc-api-verifier
+# ms-authenticator
 
-A Veramo plugin to issue credentials using the Microsoft Azure Active Directory. 
+A Veramo plugin to authenticate using the Microsoft Authentication Library (MSAL). 
 
 ### Installation
 
 ```shell
-yarn add @sphereon/ssi-sdk-ms-vc-api-issuer
+yarn add @sphereon/ms-authenticator
 ```
 
 ### Build

packages/ms-authenticator/__tests__/authenticators.test.ts

@@ -0,0 +1,24 @@
+import {ClientCredentialAuthenticator, UsernamePasswordAuthenticator} from "../src/authenticators";
+
+describe('@sphereon/ms-authenticator', ()=>{
+
+  it('should authenticate using clientCredential', async () => {
+
+    return await expect(ClientCredentialAuthenticator({
+      azClientId: '04c2bd60-cdbf-4935-80dd-110fdf473e6e',
+      azClientSecret:'<YOUR_CCLIENT_SECRET>',
+      azTenantId: 'e2a42b2f-7460-4499-afc2-425315ef058a',
+      credentialManifest:'https://beta.eu.did.msidentity.com/v1.0/e2a42b2f-7460-4499-afc2-425315ef058a/verifiableCredential/contracts/VerifiedCredentialExpert2'
+    })).resolves.not.toBeNull();
+  });
+
+  it('should authenticate using usernamePassword', async () => {
+    return await expect(UsernamePasswordAuthenticator({
+      azTenantId: 'e2a42b2f-7460-4499-afc2-425315ef058a',
+      azClientId: '04c2bd60-cdbf-4935-80dd-110fdf473e6e',
+      scopes: ["user.read"],
+      username: '<YOUR_USERNAME>',
+      password:'<YOUR_PASSWORD>',
+    })).resolves.not.toBeNull();
+  });
+})

packages/ms-vc-api-issuer/package.json → packages/ms-authenticator/package.json

@@ -1,17 +1,11 @@
 {
-  "name": "@sphereon/ssi-sdk-ms-vc-api-issuer",
-  "version": "0.5.0",
+  "name": "@sphereon/ms-authenticator",
+  "version": "0.0.1",
   "source": "src/index.ts",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
-  "veramo": {
-    "pluginInterfaces": {
-      "IMsVcApiIssuer": "./src/types/IMsVcApiIssuer.ts"
-    }
-  },
   "scripts": {
-    "build": "tsc --build",
-    "generate-plugin-schema": "yarn veramo dev generate-plugin-schema"
+    "build": "tsc"
   },
   "dependencies": {
     "@azure/msal-common": "^7.0.0",

packages/ms-authenticator/src/authenticators/MsAuthenticator.ts

@@ -0,0 +1,126 @@
+import { ConfidentialClientApplication, LogLevel, PublicClientApplication, UsernamePasswordRequest } from '@azure/msal-node'
+import {
+  IMsAuthenticationAuthorizationCodeArgs,
+  IMsAuthenticationClientCredentialArgs,
+  IMsAuthenticationOnBehalfOfArgs, IMsAuthenticationSilentFlowArgs,
+  IMsAuthenticationUsernamePasswordArgs,
+} from '../index'
+
+import { fetch } from 'cross-fetch'
+
+/**
+ * Not implemented yet
+ * @param authenticationArgs
+ * @constructor
+ */
+export async function AuthorizationCodeAuthenticator(authenticationArgs: IMsAuthenticationAuthorizationCodeArgs): Promise<string> {
+  throw new Error("This authentication method is not implemented yet.")
+}
+
+/**
+ * Not implemented yet
+ * @param authenticationArgs
+ * @constructor
+ */
+export async function BehalfOfAuthenticator(authenticationArgs: IMsAuthenticationOnBehalfOfArgs): Promise<string> {
+  throw new Error("This authentication method is not implemented yet.")
+}
+
+/**
+ * necessary fields are:
+ *   azClientId: clientId of the application you're trying to login
+ *   azClientSecret: secret of the application you're trying to login
+ *   azTenantId: your MS Azure tenantId
+ *   credentialManifest: address of your credential manifest. usually in following format:
+ *    https://beta.eu.did.msidentity.com/v1.0/<tenant_id>/verifiableCredential/contracts/<verifiable_credential_schema>
+ * @param authenticationArgs
+ * @constructor
+ */
+export async function ClientCredentialAuthenticator(authenticationArgs: IMsAuthenticationClientCredentialArgs): Promise<string> {
+  var msalConfig = {
+    auth: {
+      clientId: authenticationArgs.azClientId,
+      authority: 'https://login.microsoftonline.com/' + authenticationArgs.azTenantId,
+      clientSecret: authenticationArgs.azClientSecret,
+    },
+    system: {
+      loggerOptions: {
+        piiLoggingEnabled: false,
+        logLevel: LogLevel.Verbose,
+      }
+    }
+  }
+
+  const cca = new ConfidentialClientApplication(msalConfig)
+  const msalClientCredentialRequest = {
+    scopes: ['3db474b9-6a0c-4840-96ac-1fceb342124f/.default'],
+    skipCache: false,
+  }
+  await fetch('https://login.microsoftonline.com/' + authenticationArgs.azTenantId + '/v2.0/.well-known/openid-configuration', {method: 'GET'})
+  .then((res) => res.json())
+  .then(async (resp) => {
+    console.log(`tenant_region_scope = ${resp.tenant_region_scope}`)
+    let msIdentityHostName = 'https://beta.did.msidentity.com/v1.0/'
+    if (resp.tenant_region_scope == 'EU') {
+      msIdentityHostName = 'https://beta.eu.did.msidentity.com/v1.0/'
+    }
+    // Check that the Credential Manifest URL is in the same tenant Region and throw an error if it's not
+    if (!authenticationArgs.credentialManifest.startsWith(msIdentityHostName)) {
+      throw new Error(`Error in config file. CredentialManifest URL configured for wrong tenant region. Should start with:` + msIdentityHostName)
+    }
+
+    // get the Access Token
+    try {
+      const result = await cca.acquireTokenByClientCredential(msalClientCredentialRequest)
+      if (result) {
+        return result.accessToken
+      }
+    } catch {
+      console.log('failed to get access token')
+      resp.status(401).json({
+        error: 'Could not acquire credentials to access your Azure Key Vault',
+      })
+      return
+    }
+    return ''
+  })
+  return ''
+}
+
+/**
+ * Not implemented yet
+ * @param authenticationArgs
+ * @constructor
+ */
+export async function SilentFlowAuthenticator(authenticationArgs: IMsAuthenticationSilentFlowArgs): Promise<string> {
+  throw new Error("This authentication method is not implemented yet.")
+}
+
+/**
+ * necessary fields are:
+ *   azClientId: clientId of the application you're trying to login
+ *   azTenantId: your MS Azure tenantId
+ *   username: username of the user
+ *   password: password of the user
+ *   scopes: scopes that you want to access via this authentication
+ * @param authenticationArgs
+ * @constructor
+ */
+export async function UsernamePasswordAuthenticator(authenticationArgs: IMsAuthenticationUsernamePasswordArgs): Promise<string> {
+  const msalConfig = {
+    auth: {
+      clientId: authenticationArgs.azClientId,
+      authority: 'https://login.microsoftonline.com/' + authenticationArgs.azTenantId,
+    },
+  }
+  const pca = new PublicClientApplication(msalConfig)
+  return await pca
+  .acquireTokenByUsernamePassword(authenticationArgs as UsernamePasswordRequest)
+  .then((response: any) => {
+    console.log('acquired token by password grant', response)
+    return response
+  })
+  .catch((error: any) => {
+    console.log(error)
+  })
+}

packages/ms-authenticator/src/authenticators/index.ts

@@ -0,0 +1,5 @@
+export { AuthorizationCodeAuthenticator } from './MsAuthenticator'
+export { BehalfOfAuthenticator } from './MsAuthenticator'
+export { ClientCredentialAuthenticator } from './MsAuthenticator'
+export { SilentFlowAuthenticator } from './MsAuthenticator'
+export { UsernamePasswordAuthenticator } from './MsAuthenticator'

packages/ms-authenticator/src/index.ts

@@ -0,0 +1,2 @@
+export * from './authenticators'
+export * from './types'

packages/ms-vc-api-issuer/src/types/IMsVcApiIssuer.ts → packages/ms-authenticator/src/types/IMsAuthenticator.ts

@@ -1,7 +1,7 @@
 import { IAgentContext, IPluginMethodMap } from '@veramo/core'
 import { AccountInfo } from '@azure/msal-common'
 
-export interface IMsVcApiIssuer extends IPluginMethodMap {
+export interface IMsAuthenticator extends IPluginMethodMap {
   authenticateMsVcApi(): Promise<IMsAuthenticationResponse>
 }
 

packages/ms-authenticator/src/types/index.ts

@@ -0,0 +1 @@
+export * from './IMsAuthenticator'

packages/ms-authenticator/tsconfig.json

@@ -0,0 +1,7 @@
+{
+  "extends": "../tsconfig-base.json",
+  "compilerOptions": {
+    "rootDir": "src",
+    "outDir": "dist"
+  }
+}