class azureAuth { /** * Configuration object to be passed to MSAL instance on creation. * For a full list of MSAL.js configuration parameters, visit: * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/configuration.md */ msalConfig = { auth: { // 'Application (client) ID' of app registration in Azure portal - this value is a GUID clientId: "", // Full directory URL, in the form of https://login.microsoftonline.com/ // If tenant ID not included, then all tenants are included. authority: "https://login.microsoftonline.com/common", // Full redirect URL, in form of http://localhost:3000, blank if current URL redirectUri: "", }, cache: { cacheLocation: "sessionStorage", // This configures where your cache will be stored storeAuthStateInCookie: false, // Set this to "true" if you are having issues on IE11 or Edge }, system: { loggerOptions: { logLevel: msal.LogLevel.Verbose, piiLoggingEnabled: true, loggerCallback: (level, message, containsPii) => { switch (level) { case msal.LogLevel.Error: console.error(message); return; case msal.LogLevel.Info: console.info(message); return; case msal.LogLevel.Verbose: console.debug(message); return; case msal.LogLevel.Warning: console.warn(message); return; } } } } }; /** * Scopes you add here will be prompted for user consent during sign-in. * By default, MSAL.js will add OIDC scopes (openid, profile, email) to any login request. * For more information about OIDC scopes, visit: * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#openid-connect-scopes */ loginRequest = { scopes: ["User.Read"] }; /** * Add here the scopes to request when obtaining an access token for MS Graph API. For more information, see: * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/resources-and-scopes.md */ tokenRequest = { scopes: ["User.Read", "Mail.Read"], forceRefresh: false // Set this to "true" to skip a cached token and go to the server to get a new token }; // The MSAL instance instance; constructor() { } initialize(clientId, tenantId, handler) { try { this.msalConfig.auth.clientId = clientId; var auth = "https://login.microsoftonline.com/"; if (tenantId && tenantId.length > 0) { auth += tenantId; } else { auth += "common"; } this.msalConfig.auth.authority = auth; var url = window.location.href.toLowerCase(); var idx = url.indexOf("https://"); if (idx >= 0) { idx += 8; } else { idx = url.indexOf("http://"); if (idx >= 0) { idx += 7; } else { idx = 0; } } var len = url.indexOf("/", idx); if (len > 0) { url = url.substring(0, len); } this.msalConfig.auth.redirectUri = url; this.instance = new msal.PublicClientApplication(this.msalConfig); this.instance.initialize() .then(handler) .catch(error => { handler(null, error); }); } catch (error) { this.showError(error); } } selectAccount() { /** * See here for more info on account retrieval: * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-common/docs/Accounts.md */ var account = null; try { var currentAccounts = this.instance.getAllAccounts(); /*if (currentAccounts.length > 1) { // TODO: Add chose account code here. For now, select first account. account = currentAccounts[0]; console.warn("Multiple accounts detected."); } else*/ if (currentAccounts.length === 1) { account = currentAccounts[0]; } } catch (error) { this.showError(error); } return account; } signIn(handler) { /** * You can pass a custom request object below. This will override the initial configuration. For more information, visit: * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/request-response-object.md#request */ try { this.awaitTimeout(this.instance.loginPopup(this.loginRequest) .then(handler) .catch(error => { handler(null, error); }) , 5000, "loginPopup"); } catch (error) { handler(null, error); } } signOut(account) { /** * You can pass a custom request object below. This will override the initial configuration. For more information, visit: * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/request-response-object.md#request */ const logoutRequest = { account: account, postLogoutRedirectUri: this.msalConfig.auth.redirectUri, mainWindowRedirectUri: this.msalConfig.auth.redirectUri }; this.instance.logoutPopup(logoutRequest); } getToken(account, handler, scopes) { /** * See here for more info on account retrieval: * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-common/docs/Accounts.md */ try { if (scopes == null) { scopes = ["User.Read"]; } var request = { scopes: scopes, account: account }; if (account != null) { this.awaitTimeout(this.instance.acquireTokenSilent(request) .then(handler) .catch(error => { console.warn("Silent token acquisition error: " + error); this.getTokenPopup(request, handler); }) , 5000, "acquireTokenSilent"); } else { this.getTokenPopup(request, handler); } } catch (error) { handler(null, error); } } getTokenPopup(request, handler) { this.awaitTimeout(this.instance.acquireTokenPopup(request) .then(handler) .catch(error => { handler(null, error); }) , 5000, "acquireTokenPopup"); } showError(error) { if (error.errorCode == "user_cancelled") { console.debug(error); return; } alert(error); console.error(error); } seeProfile() { getTokenPopup(this.loginRequest) .then(response => { callMSGraph(graphConfig.graphMeEndpoint, response.accessToken, updateUI); }).catch(error => { showError(error); }); } readMail() { getTokenPopup(this.tokenRequest) .then(response => { callMSGraph(graphConfig.graphMailEndpoint, response.accessToken, updateUI); }).catch(error => { showError(error); }); } awaitTimeout(prom, timeout, serviceName) { let timer; return Promise.race([ prom, new Promise((_, err) => timer = setTimeout(() => err(new Error("Service ${serviceName} timed out.") ), timeout) ) ]).finally(() => clearTimeout(timer)); } }