- finishes msal node implementation

Author: baywet

helpers/authHelper.js

@@ -2,17 +2,23 @@ import { ConfidentialClientApplication } from '@azure/msal-node';
 
 import { msalConfiguration } from '../constants';
 
-const resource = 'https://graph.microsoft.com/';
+const resource = 'https://graph.microsoft.com/.default';
 
 /**
  * Generate a fully formed uri to use for authentication based on the supplied resource argument
  * @return {string} a fully formed uri with which authentication can be completed.
  */
 export function getAuthUrl() {
-  return msalConfiguration.authority + '/oauth2/authorize'
-    + '?client_id=' + msalConfiguration.clientID
-    + '&response_type=code'
-    + '&redirect_uri=' + msalConfiguration.redirectUri;
+  const authContext = new ConfidentialClientApplication({
+    auth: {
+      clientId: msalConfiguration.clientID,
+      authority: msalConfiguration.authority.replace('common', msalConfiguration.tenantID),
+      clientSecret: msalConfiguration.clientSecret
+    }
+  });
+  return authContext.getAuthCodeUrl({
+    redirectUri: msalConfiguration.redirectUri
+  });
 }
 
 /**
@@ -21,34 +27,29 @@ export function getAuthUrl() {
  * @param {AcquireTokenCallback} callback The callback function.
  */
 export function getTokenFromCode(code) {
-  const authContext = new ConfidentialClientApplication(msalConfiguration.authority); // TODO replace by onbehalf when available
-  return new Promise((resolve, reject) => {
-    authContext.acquireTokenWithAuthorizationCode(
-      code,
-      msalConfiguration.redirectUri,
-      resource,
-      msalConfiguration.clientID,
-      msalConfiguration.clientSecret,
-      (err, token) => {
-        if (err) {
-          reject(err);
-        } else {
-          resolve(token);
-        }
-      }
-    );
+  const authContext = new ConfidentialClientApplication({
+    auth: {
+      clientId: msalConfiguration.clientID,
+      authority: msalConfiguration.authority.replace('common', msalConfiguration.tenantID),
+      clientSecret: msalConfiguration.clientSecret
+    }
+  });
+  return authContext.acquireTokenByCode({
+    code: code,
+    redirectUri: msalConfiguration.redirectUri,
+    scopes: [resource]
   });
 }
 
 export function getAppOnlyToken() {
-  const authContext = new ConfidentialClientApplication(msalConfiguration.authority.replace('common', msalConfiguration.tenantID));
-  return new Promise((resolve, reject) => { // TODO replace by client credential flow when available
-    authContext.acquireTokenWithClientCredentials(resource, msalConfiguration.clientID, msalConfiguration.clientSecret, (err, token) => {
-      if (err) {
-        reject(err);
-      } else {
-        resolve(token);
-      }
-    });
+  const authContext = new ConfidentialClientApplication({
+    auth: {
+      clientId: msalConfiguration.clientID,
+      authority: msalConfiguration.authority.replace('common', msalConfiguration.tenantID),
+      clientSecret: msalConfiguration.clientSecret
+    }
+  });
+  return authContext.acquireTokenByClientCredential({
+    scopes: [resource]
   });
 }

routes/auth.js

@@ -33,8 +33,9 @@ authRouter.get('/', (req, res) => {
 });
 
 // Start authentication flow
-authRouter.get('/signin', (req, res) => {
-  res.redirect(getAuthUrl());
+authRouter.get('/signin', async (req, res) => {
+  const url = await getAuthUrl();
+  res.redirect(url);
 });
 
 // This route gets called at the end of the authentication flow.