Skip to content

Commit

Permalink
Implemented Feedback
Browse files Browse the repository at this point in the history
  • Loading branch information
@Robbie-Microsoft
Robbie-Microsoft committed Jul 25, 2024
1 parent c813986 commit c0aa45b
Showing 1 changed file with 64 additions and 22 deletions.
86 changes: 64 additions & 22 deletions samples/msal-node-samples/Managed-Identity/FIC/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@ import {
import { getSecretFromKeyVault } from "./DownstreamApi";

const KEY_VAULT_URI: string = "YOUR_KEYVAULT_URL";
const SECRET_NAME: string = "YOUR_SECRET_NAME";
const FIRST_SECRET_NAME: string = "YOUR_FIRST_SECRET_NAME";
const SECOND_SECRET_NAME: string = "YOUR_SECOND_SECRET_NAME";
const AUDIENCE: string = "api://AzureADTokenExchange";
const APP_CLIENT_ID: string = "YOUR_APP_CLIENT_ID";
const RESOURCE_TENANT_ID: string = "YOUR_RESOURCE_TENANT_ID";
Expand All @@ -26,6 +27,17 @@ const AZURE_REGION: string = "YOUR_REGION"; // Replace with the right region for
* const USER_ASSIGNED_MI_ID: string = "YOUR_USER_ASSIGNED_MI_ID";
*/

async function createConfig(): Promise<Configuration> {
const clientAssertion: string = await getAccessTokenFromManagedIdentity();
return {
auth: {
clientId: APP_CLIENT_ID,
authority: `https://login.microsoftonline.com/${RESOURCE_TENANT_ID}`,
clientAssertion: clientAssertion,
},
};
}

async function getAccessTokenFromManagedIdentity(): Promise<string> {
const config: ManagedIdentityConfiguration = {
managedIdentityIdParams: {
Expand Down Expand Up @@ -61,15 +73,25 @@ async function getAccessTokenFromManagedIdentity(): Promise<string> {
}
}

async function createConfig(): Promise<Configuration> {
const clientAssertion: string = await getAccessTokenFromManagedIdentity();
return {
auth: {
clientId: APP_CLIENT_ID,
authority: `https://login.microsoftonline.com/${RESOURCE_TENANT_ID}`,
clientAssertion: clientAssertion,
},
};
async function getAccessTokenForKeyVault(
confidentialClientApplication: ConfidentialClientApplication,
request: ClientCredentialRequest
): Promise<AuthenticationResult> {
let tokenResponse: AuthenticationResult | null = null;
try {
tokenResponse =
await confidentialClientApplication.acquireTokenByClientCredential(
request
);
} catch (error) {
`Error acquiring token from the Confidential Client application: ${error}`;
}

if (!tokenResponse) {
throw "Token was not received from the Confidential Client";
}

return tokenResponse;
}

const main = async () => {
Expand All @@ -83,32 +105,52 @@ const main = async () => {
azureRegion: AZURE_REGION,
};

let tokenResponse: AuthenticationResult | null = null;
// ---------- get first secret ----------

let tokenResponse: AuthenticationResult = await getAccessTokenForKeyVault(
confidentialClientApplication,
request
);

console.log(
`The access token for the key vault was retrieved from cache: ${tokenResponse.fromCache}`
); // false

let secret: string;
try {
tokenResponse =
await confidentialClientApplication.acquireTokenByClientCredential(
request
);
secret = await getSecretFromKeyVault(
tokenResponse.accessToken,
KEY_VAULT_URI,
FIRST_SECRET_NAME
);
} catch (error) {
`Error acquiring token from the Confidential Client application: ${error}`;
throw error;
}

if (!tokenResponse) {
throw "Token was not received from the Confidential Client";
}
console.log(`The secret, ${FIRST_SECRET_NAME}, has a value of: ${secret}`);

// ---------- get second secret ----------

tokenResponse = await getAccessTokenForKeyVault(
confidentialClientApplication,
request
);

console.log(
`The access token for the key vault was retrieved from cache: ${tokenResponse.fromCache}`
); // true

let secret: string;
try {
secret = await getSecretFromKeyVault(
tokenResponse.accessToken,
KEY_VAULT_URI,
SECRET_NAME
SECOND_SECRET_NAME
);
} catch (error) {
throw error;
}

console.log(`The secret, ${SECRET_NAME}, has a value of: ${secret}`);
console.log(`The secret, ${SECOND_SECRET_NAME}, has a value of: ${secret}`);
};

(async () => {
Expand Down

0 comments on commit c0aa45b

Please sign in to comment.