80 lines
No EOL
3.8 KiB
JavaScript
80 lines
No EOL
3.8 KiB
JavaScript
"use strict";
|
|
/**
|
|
* @module botframework-connector
|
|
*/
|
|
/**
|
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
* Licensed under the MIT License.
|
|
*/
|
|
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
return new (P || (P = Promise))(function (resolve, reject) {
|
|
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
});
|
|
};
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.CertificateAppCredentials = void 0;
|
|
const msal_node_1 = require("@azure/msal-node");
|
|
const appCredentials_1 = require("./appCredentials");
|
|
const msalAppCredentials_1 = require("./msalAppCredentials");
|
|
/**
|
|
* CertificateAppCredentials auth implementation
|
|
*/
|
|
class CertificateAppCredentials extends appCredentials_1.AppCredentials {
|
|
/**
|
|
* Initializes a new instance of the [CertificateAppCredentials](xref:botframework-connector.CertificateAppCredentials) class.
|
|
*
|
|
* @param appId Microsoft application Id related to the certificate.
|
|
* @param certificateThumbprint A hex encoded thumbprint of the certificate.
|
|
* @param certificatePrivateKey A PEM encoded certificate private key.
|
|
* @param channelAuthTenant Tenant ID of the Azure AD tenant where the bot is created.
|
|
* - Required for SingleTenant app types.
|
|
* - Optional for MultiTenant app types. **Note**: '_botframework.com_' is the default tenant when no value is provided.
|
|
*
|
|
* More information: https://learn.microsoft.com/en-us/security/zero-trust/develop/identity-supported-account-types.
|
|
* @param oAuthScope Optional. The scope for the token.
|
|
* @param x5c Optional. Enables application developers to achieve easy certificates roll-over in Azure AD:
|
|
* set this parameter to send the public certificate (BEGIN CERTIFICATE) to Azure AD, so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
|
|
*/
|
|
constructor(appId, certificateThumbprint, certificatePrivateKey, channelAuthTenant, oAuthScope, x5c) {
|
|
super(appId, channelAuthTenant, oAuthScope);
|
|
this.certificateThumbprint = certificateThumbprint;
|
|
this.certificatePrivateKey = certificatePrivateKey;
|
|
this.x5c = x5c;
|
|
}
|
|
/**
|
|
* @inheritdoc
|
|
*/
|
|
getToken(forceRefresh = false) {
|
|
var _a;
|
|
return __awaiter(this, void 0, void 0, function* () {
|
|
(_a = this.credentials) !== null && _a !== void 0 ? _a : (this.credentials = new msalAppCredentials_1.MsalAppCredentials(this.createClientApplication(), this.appId, this.oAuthEndpoint, this.oAuthScope));
|
|
return this.credentials.getToken(forceRefresh);
|
|
});
|
|
}
|
|
/**
|
|
* @inheritdoc
|
|
*/
|
|
refreshToken() {
|
|
// This will never be executed because we are using MsalAppCredentials.getToken underneath.
|
|
throw new Error('Method not implemented.');
|
|
}
|
|
createClientApplication() {
|
|
return new msal_node_1.ConfidentialClientApplication({
|
|
auth: {
|
|
clientId: this.appId,
|
|
authority: this.oAuthEndpoint,
|
|
clientCertificate: {
|
|
thumbprint: this.certificateThumbprint,
|
|
privateKey: this.certificatePrivateKey,
|
|
x5c: this.x5c,
|
|
},
|
|
},
|
|
});
|
|
}
|
|
}
|
|
exports.CertificateAppCredentials = CertificateAppCredentials;
|
|
//# sourceMappingURL=certificateAppCredentials.js.map
|