diff --git a/packages/ms-authenticator/src/authenticators/MsAuthenticator.ts b/packages/ms-authenticator/src/authenticators/MsAuthenticator.ts index d55bf545c..21cd8b8f9 100644 --- a/packages/ms-authenticator/src/authenticators/MsAuthenticator.ts +++ b/packages/ms-authenticator/src/authenticators/MsAuthenticator.ts @@ -1,7 +1,7 @@ -import { ConfidentialClientApplication, LogLevel, PublicClientApplication, UsernamePasswordRequest } from '@azure/msal-node' -import { IMsAuthenticationClientCredentialArgs, IMsAuthenticationUsernamePasswordArgs } from '../index' +import {ConfidentialClientApplication, LogLevel, PublicClientApplication, UsernamePasswordRequest} from '@azure/msal-node' +import {IMsAuthenticationClientCredentialArgs, IMsAuthenticationUsernamePasswordArgs} from '../index' -import { fetch } from 'cross-fetch' +import {fetch} from 'cross-fetch' const EU = 'EU' @@ -17,6 +17,16 @@ const ERROR_CREDENTIAL_MANIFEST_REGION = `Error in config file. CredentialManife const ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT = 'Could not acquire credentials to access your Azure Key Vault:\n' const ERROR_FAILED_AUTHENTICATION = 'failed to authenticate: '; +async function getClientRegion(azTenantId: string): Promise { + let region = EU; + await fetch(MS_LOGIN_PREFIX + azTenantId + MS_LOGIN_OPENID_CONFIG_POSTFIX, {method: HTTP_METHOD_GET}) + .then((res) => res.json()) + .then(async (resp) => { + region = resp.tenant_region_scope; + }) + return region; +} + /** * necessary fields are: * azClientId: clientId of the application you're trying to login @@ -47,31 +57,24 @@ export async function ClientCredentialAuthenticator(authenticationArgs: IMsAuthe scopes: authenticationArgs.scopes ? authenticationArgs.scopes : [MS_CLIENT_CREDENTIAL_DEFAULT_SCOPE], skipCache: authenticationArgs.skipCache ? authenticationArgs.skipCache : false } - await fetch(MS_LOGIN_PREFIX + authenticationArgs.azTenantId + MS_LOGIN_OPENID_CONFIG_POSTFIX, {method: HTTP_METHOD_GET}) - .then((res) => res.json()) - .then(async (resp) => { - let msIdentityHostName = MS_IDENTITY_HOST_NAME_NONE_EU; - if (resp.tenant_region_scope == EU) { - msIdentityHostName = MS_IDENTITY_HOST_NAME_EU; - } - // Check that the Credential Manifest URL is in the same tenant Region and throw an error if it's not - if (!authenticationArgs.credentialManifestUrl.startsWith(msIdentityHostName)) { - throw new Error(ERROR_CREDENTIAL_MANIFEST_REGION + msIdentityHostName) - } + const region = authenticationArgs.region ? authenticationArgs.region : await getClientRegion(authenticationArgs.azTenantId) + const msIdentityHostName = region === EU ? MS_IDENTITY_HOST_NAME_EU : MS_IDENTITY_HOST_NAME_NONE_EU; + // Check that the Credential Manifest URL is in the same tenant Region and throw an error if it's not + if (!authenticationArgs.credentialManifestUrl.startsWith(msIdentityHostName)) { + throw new Error(ERROR_CREDENTIAL_MANIFEST_REGION + msIdentityHostName) + } - // get the Access Token - try { - const result = await cca.acquireTokenByClientCredential(msalClientCredentialRequest) - if (result && result.accessToken) { - return result.accessToken - } - } catch { - throw { - error: ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT + JSON.stringify(resp), - } + // get the Access Token + try { + const result = await cca.acquireTokenByClientCredential(msalClientCredentialRequest) + if (result && result.accessToken) { + return result.accessToken } - return '' - }) + } catch (err) { + throw { + error: ERROR_ACQUIRE_ACCESS_TOKEN_FOR_CLIENT + err, + } + } return '' } diff --git a/packages/ms-authenticator/src/types/IMsAuthenticator.ts b/packages/ms-authenticator/src/types/IMsAuthenticator.ts index b6bd3eb7a..dafde1772 100644 --- a/packages/ms-authenticator/src/types/IMsAuthenticator.ts +++ b/packages/ms-authenticator/src/types/IMsAuthenticator.ts @@ -18,6 +18,7 @@ export interface IMsAuthenticationClientCredentialArgs { azClientSecret: string credentialManifestUrl: string authority?: string + region?: string scopes?: string[] skipCache?: boolean }