-
Notifications
You must be signed in to change notification settings - Fork 2.7k
/
Configuration.ts
146 lines (130 loc) · 6.21 KB
/
Configuration.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
import { Logger } from "./Logger";
import { Utils } from "./Utils";
/**
* Cache location options supported by MSAL are:
* - local storage: MSAL uses browsers local storage to store its cache
* - session storage: MSAL uses the browsers session storage to store its cache
*/
export type CacheLocation = "localStorage" | "sessionStorage";
/**
* Defaults for the Configuration Options
*/
const FRAME_TIMEOUT = 6000;
const OFFSET = 300;
const NAVIGATE_FRAME_WAIT = 500;
/**
* @type AuthOptions: Use this to configure the auth options in the Configuration object
*
* - clientId - Client ID of your app registered with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview in Microsoft Identity Platform
* - authority - You can configure a specific authority, defaults to " " or "https://login.microsoftonline.com/common"
* - validateAuthority - Used to turn authority validation on/off. When set to true (default), MSAL will compare the application's authority against well-known URLs templates representing well-formed authorities. It is useful when the authority is obtained at run time to prevent MSAL from displaying authentication prompts from malicious pages.
* - redirectUri - The redirect URI of the application, this should be same as the value in the application registration portal.Defaults to `window.location.href`.
* - postLogoutRedirectUri - Used to redirect the user to this location after logout. Defaults to `window.location.href`.
* - state - Use to send the state parameter with authentication request
* - navigateToLoginRequestUrl - Used to turn off default navigation to start page after login. Default is true. This is used only for redirect flows.
*
*/
export type AuthOptions = {
clientId: string;
authority?: string;
validateAuthority?: boolean;
redirectUri?: string | (() => string);
postLogoutRedirectUri?: string | (() => string);
navigateToLoginRequestUrl?: boolean;
};
/**
* Use this to configure the below cache configuration options:
*
* - cacheLocation - Used to specify the cacheLocation user wants to set. Valid values are "localStorage" and "sessionStorage"
* - storeAuthStateInCookie - If set, MSAL store's the auth request state required for validation of the auth flows in the browser cookies. By default this flag is set to false.
*/
export type CacheOptions = {
cacheLocation?: CacheLocation;
storeAuthStateInCookie?: boolean;
};
/**
* Library Specific Options
*
* - logger - Used to initialize the Logger object; TODO: Expand on logger details or link to the documentation on logger
* - loadFrameTimeout - maximum time the library should wait for a frame to load
* - tokenRenewalOffsetSeconds - sets the window of offset needed to renew the token before expiry
*
*/
export type SystemOptions = {
logger?: Logger;
loadFrameTimeout?: number;
tokenRenewalOffsetSeconds?: number;
navigateFrameWait?: number;
};
/**
* App/Framework specific environment support
*
* - isAngular - flag set to determine if it is Angular Framework. MSAL uses this to broadcast tokens. More to come here: detangle this dependency from core.
* - unprotectedResources - Array of URI's which are unprotected resources. MSAL will not attach a token to outgoing requests that have these URI. Defaults to 'null'.
* - protectedResourceMap - This is mapping of resources to scopes used by MSAL for automatically attaching access tokens in web API calls.A single access token is obtained for the resource. So you can map a specific resource path as follows: {"https://graph.microsoft.com/v1.0/me", ["user.read"]}, or the app URL of the resource as: {"https://graph.microsoft.com/", ["user.read", "mail.send"]}. This is required for CORS calls.
*
*/
export type FrameworkOptions = {
isAngular?: boolean;
unprotectedResources?: Array<string>;
protectedResourceMap?: Map<string, Array<string>>;
};
/**
* Use the configuration object to configure MSAL and initialize the UserAgentApplication.
*
* This object allows you to configure important elements of MSAL functionality:
* - auth: this is where you configure auth elements like clientID, authority used for authenticating against the Microsoft Identity Platform
* - cache: this is where you configure cache location and whether to store cache in cookies
* - system: this is where you can configure the logger, frame timeout etc.
* - framework: this is where you can configure the running mode of angular. More to come here soon.
*/
export type Configuration = {
auth: AuthOptions,
cache?: CacheOptions,
system?: SystemOptions,
framework?: FrameworkOptions
};
const DEFAULT_AUTH_OPTIONS: AuthOptions = {
clientId: "",
authority: null,
validateAuthority: true,
redirectUri: () => Utils.getDefaultRedirectUri(),
postLogoutRedirectUri: () => Utils.getDefaultRedirectUri(),
navigateToLoginRequestUrl: true
};
const DEFAULT_CACHE_OPTIONS: CacheOptions = {
cacheLocation: "sessionStorage",
storeAuthStateInCookie: false
};
const DEFAULT_SYSTEM_OPTIONS: SystemOptions = {
logger: new Logger(null),
loadFrameTimeout: FRAME_TIMEOUT,
tokenRenewalOffsetSeconds: OFFSET,
navigateFrameWait: NAVIGATE_FRAME_WAIT
};
const DEFAULT_FRAMEWORK_OPTIONS: FrameworkOptions = {
isAngular: false,
unprotectedResources: new Array<string>(),
protectedResourceMap: new Map<string, Array<string>>()
};
/**
* MSAL function that sets the default options when not explicitly configured from app developer
*
* @param TAuthOptions
* @param TCacheOptions
* @param TSystemOptions
* @param TFrameworkOptions
*
* @returns TConfiguration object
*/
export function buildConfiguration({ auth, cache = {}, system = {}, framework = {}}: Configuration): Configuration {
const overlayedConfig: Configuration = {
auth: { ...DEFAULT_AUTH_OPTIONS, ...auth },
cache: { ...DEFAULT_CACHE_OPTIONS, ...cache },
system: { ...DEFAULT_SYSTEM_OPTIONS, ...system },
framework: { ...DEFAULT_FRAMEWORK_OPTIONS, ...framework }
};
return overlayedConfig;
}