feat: added region to optional params for clientcredential authentica…

…tion

packages/ms-authenticator/src/authenticators/MsAuthenticator.ts

@@ -1,7 +1,7 @@
-import { ConfidentialClientApplication, LogLevel, PublicClientApplication, UsernamePasswordRequest } from '@azure/msal-node'
-import { IMsAuthenticationClientCredentialArgs, IMsAuthenticationUsernamePasswordArgs } from '../index'
+import {ConfidentialClientApplication, LogLevel, PublicClientApplication, UsernamePasswordRequest} from '@azure/msal-node'
+import {IMsAuthenticationClientCredentialArgs, IMsAuthenticationUsernamePasswordArgs} from '../index'
 
-import { fetch } from 'cross-fetch'
+import {fetch} from 'cross-fetch'
 
 const EU = 'EU'
 
@@ -17,6 +17,16 @@ const ERROR_CREDENTIAL_MANIFEST_REGION = `Error in config file. CredentialManife
 const ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT = 'Could not acquire credentials to access your Azure Key Vault:\n'
 const ERROR_FAILED_AUTHENTICATION = 'failed to authenticate: ';
 
+async function getClientRegion(azTenantId: string): Promise<string> {
+  let region = EU;
+  await fetch(MS_LOGIN_PREFIX + azTenantId + MS_LOGIN_OPENID_CONFIG_POSTFIX, {method: HTTP_METHOD_GET})
+  .then((res) => res.json())
+  .then(async (resp) => {
+    region = resp.tenant_region_scope;
+  })
+  return region;
+}
+
 /**
  * necessary fields are:
  *   azClientId: clientId of the application you're trying to login
@@ -47,31 +57,24 @@ export async function ClientCredentialAuthenticator(authenticationArgs: IMsAuthe
     scopes: authenticationArgs.scopes ? authenticationArgs.scopes : [MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE],
     skipCache: authenticationArgs.skipCache ? authenticationArgs.skipCache : false
   }
-  await fetch(MS_LOGIN_PREFIX + authenticationArgs.azTenantId + MS_LOGIN_OPENID_CONFIG_POSTFIX, {method: HTTP_METHOD_GET})
-  .then((res) => res.json())
-  .then(async (resp) => {
-    let msIdentityHostName =  MS_IDENTITY_HOST_NAME_NONE_EU;
-    if (resp.tenant_region_scope == EU) {
-      msIdentityHostName = MS_IDENTITY_HOST_NAME_EU;
-    }
-    // Check that the Credential Manifest URL is in the same tenant Region and throw an error if it's not
-    if (!authenticationArgs.credentialManifestUrl.startsWith(msIdentityHostName)) {
-      throw new Error(ERROR_CREDENTIAL_MANIFEST_REGION + msIdentityHostName)
-    }
+  const region = authenticationArgs.region ? authenticationArgs.region : await getClientRegion(authenticationArgs.azTenantId)
+  const msIdentityHostName = region === EU ? MS_IDENTITY_HOST_NAME_EU : MS_IDENTITY_HOST_NAME_NONE_EU;
+  // Check that the Credential Manifest URL is in the same tenant Region and throw an error if it's not
+  if (!authenticationArgs.credentialManifestUrl.startsWith(msIdentityHostName)) {
+    throw new Error(ERROR_CREDENTIAL_MANIFEST_REGION + msIdentityHostName)
+  }
 
-    // get the Access Token
-    try {
-      const result = await cca.acquireTokenByClientCredential(msalClientCredentialRequest)
-      if (result && result.accessToken) {
-        return result.accessToken
-      }
-    } catch {
-      throw {
-        error: ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT + JSON.stringify(resp),
-      }
+  // get the Access Token
+  try {
+    const result = await cca.acquireTokenByClientCredential(msalClientCredentialRequest)
+    if (result && result.accessToken) {
+      return result.accessToken
     }
-    return ''
-  })
+  } catch (err) {
+    throw {
+      error: ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT + err,
+    }
+  }
   return ''
 }
 

packages/ms-authenticator/src/types/IMsAuthenticator.ts

@@ -18,6 +18,7 @@ export interface IMsAuthenticationClientCredentialArgs {
   azClientSecret: string
   credentialManifestUrl: string
   authority?: string
+  region?: string
   scopes?: string[]
   skipCache?: boolean
 }