From 37aea5c0a020cd952f5d55058a78043649261244 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Thu, 31 Oct 2024 14:28:37 -0700 Subject: [PATCH] Needs rework, blocked on AdminConsent application --- ts/packages/shell/src/main/azureSpeech.ts | 2 + .../shell/src/renderer/src/auth/authConfig.ts | 5 ++- .../shell/src/renderer/src/auth/authPopup.ts | 44 +++++++++++++------ .../shell/src/renderer/src/azureSpeech.ts | 4 +- 4 files changed, 37 insertions(+), 18 deletions(-) diff --git a/ts/packages/shell/src/main/azureSpeech.ts b/ts/packages/shell/src/main/azureSpeech.ts index 1a8578179..4eb367bcc 100644 --- a/ts/packages/shell/src/main/azureSpeech.ts +++ b/ts/packages/shell/src/main/azureSpeech.ts @@ -70,6 +70,8 @@ export class AzureSpeech { this.token = result.token; + console.log(this.token); + return result; }; diff --git a/ts/packages/shell/src/renderer/src/auth/authConfig.ts b/ts/packages/shell/src/renderer/src/auth/authConfig.ts index da08d8c8b..fbc9c26d8 100644 --- a/ts/packages/shell/src/renderer/src/auth/authConfig.ts +++ b/ts/packages/shell/src/renderer/src/auth/authConfig.ts @@ -12,6 +12,7 @@ export const msalConfig = { auth: { // 'Application (client) ID' of app registration in Azure portal - this value is a GUID clientId: "de5757b7-986f-4f02-aea1-395670da6da0", + //clientId: "04b07795-8ddb-461a-bbee-02f9e1bf7b46", // Full directory URL, in the form of https://login.microsoftonline.com/ authority: "https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47", // Full redirect URL, in form of http://localhost:3000 @@ -53,7 +54,7 @@ export const msalConfig = { * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#openid-connect-scopes */ export const loginRequest = { - scopes: ["User.Read"] + scopes: ["https://internal.cognitiveservices.azure.us/user_impersonation"], }; /** @@ -61,6 +62,6 @@ export const loginRequest = { * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/resources-and-scopes.md */ export const tokenRequest = { - scopes: [], + scopes: ["https://cognitiveservices.azure.com/.default"], forceRefresh: false // Set this to "true" to skip a cached token and go to the server to get a new token }; diff --git a/ts/packages/shell/src/renderer/src/auth/authPopup.ts b/ts/packages/shell/src/renderer/src/auth/authPopup.ts index 60c9d1f27..89410b0bc 100644 --- a/ts/packages/shell/src/renderer/src/auth/authPopup.ts +++ b/ts/packages/shell/src/renderer/src/auth/authPopup.ts @@ -3,7 +3,7 @@ import * as msal from "@azure/msal-browser"; import { AuthResponseCallback } from "./authRedirect.js"; -import { loginRequest, msalConfig } from "./authConfig.js"; +import { loginRequest, msalConfig, tokenRequest } from "./authConfig.js"; export class SPAAuthPopup { @@ -119,7 +119,7 @@ export class SPAAuthPopup { */ this.myMSALObj.loginPopup(loginRequest) - .then((response) => { + .then(async (response) => { if (response !== null) { this.username = response.account.username; this.token = response.accessToken; @@ -129,22 +129,28 @@ export class SPAAuthPopup { } else { this.selectAccount(); - /** - * If you already have a session that exists with the authentication server, you can use the ssoSilent() API - * to make request for tokens without interaction, by providing a "login_hint" property. To try this, comment the - * line above and uncomment the section below. - */ + // /** + // * If you already have a session that exists with the authentication server, you can use the ssoSilent() API + // * to make request for tokens without interaction, by providing a "login_hint" property. To try this, comment the + // * line above and uncomment the section below. + // */ + // this.myMSALObj.ssoSilent({loginHint: this.username}) + // .then((response) => { + // this.username = response.account.username; + // this.token = response.accessToken; + // this.expires = response.expiresOn; - // myMSALObj.ssoSilent(silentRequest). - // then((response) => { - // welcomeUser(response.account.username); - // updateTable(response.account); + // // welcomeUser(response.account.username); + // // updateTable(response.account); // }).catch(error => { // console.error("Silent Error: " + error); // if (error instanceof msal.InteractionRequiredAuthError) { - // signIn(); + // this.signIn(); // } // }); + + // let r = await this.myMSALObj.acquireTokenSilent(tokenRequest); + // console.log(r); } }) .catch(error => { @@ -162,18 +168,28 @@ export class SPAAuthPopup { // Choose which account to logout from by passing a username. const logoutRequest = { account: this.myMSALObj.getAccountByUsername(this.username), - mainWindowRedirectUri: '/signout' + mainWindowRedirectUri: '/' }; this.myMSALObj.logoutPopup(logoutRequest); } - getToken() { //: Promise { + async getToken() { //: Promise { if (new Date() < this.expires! && this.token.length > 0) { //return this.token; } + try { + this.myMSALObj.setActiveAccount(this.myMSALObj.getAllAccounts()[0]); + let r = await this.myMSALObj.acquireTokenSilent(tokenRequest); + console.log(r); + } catch(error) { + if (error instanceof msal.InteractionRequiredAuthError) { + this.signIn(); + } + }; + return { token: this.token, expire: Number(this.expires), diff --git a/ts/packages/shell/src/renderer/src/azureSpeech.ts b/ts/packages/shell/src/renderer/src/azureSpeech.ts index a4279c613..5c7ede08b 100644 --- a/ts/packages/shell/src/renderer/src/azureSpeech.ts +++ b/ts/packages/shell/src/renderer/src/azureSpeech.ts @@ -143,8 +143,8 @@ export class AzureSpeech { // return { token: "", expire: Date.now(), region: this.region, endpoint: this.endpoint}; - return new Promise((resolve) => { - resolve(SPAAuthPopup.getInstance().getToken()); + return new Promise(async (resolve) => { + resolve(await SPAAuthPopup.getInstance().getToken()); }); };