Merge pull request #1809 from AzureAD/msal-node-silent-flow-client

[msal-node] SilentFlow node interface

Author: sameerag

lib/msal-common/src/cache/utils/CacheTypes.ts

@@ -9,11 +9,11 @@ import { AccessTokenEntity } from "../entities/AccessTokenEntity";
 import { RefreshTokenEntity } from "../entities/RefreshTokenEntity";
 import { AppMetadataEntity } from "../entities/AppMetadataEntity";
 
-export type AccountCache = { [key: string]: AccountEntity };
-export type IdTokenCache = { [key: string]: IdTokenEntity };
-export type AccessTokenCache = { [key: string]: AccessTokenEntity };
-export type RefreshTokenCache = { [key: string]: RefreshTokenEntity };
-export type AppMetadataCache = { [key: string]: AppMetadataEntity };
+export type AccountCache = Record<string, AccountEntity>;
+export type IdTokenCache = Record<string, IdTokenEntity>;
+export type AccessTokenCache = Record<string, AccessTokenEntity>;
+export type RefreshTokenCache = Record<string, RefreshTokenEntity>;
+export type AppMetadataCache = Record<string, AppMetadataEntity>;
 export type CredentialCache = {
     idTokens: IdTokenCache;
     accessTokens: AccessTokenCache;

lib/msal-node/src/cache/Storage.ts

@@ -240,31 +240,26 @@ export class Storage extends CacheManager {
      */
     getKeys(): string[] {
         // read inMemoryCache
-        const cache = this.getCache();
-        let cacheKeys: string[] = [];
-
-        // read all keys
-        Object.keys(cache).forEach(key => {
-            Object.keys(key).forEach(internalKey => {
-                cacheKeys.push(internalKey);
-            });
-        });
-
-        return cacheKeys;
+        const cache: InMemoryCache= this.getCache() as InMemoryCache;
+        return [
+            ...Object.keys(cache.accounts),
+            ...Object.keys(cache.idTokens),
+            ...Object.keys(cache.accessTokens),
+            ...Object.keys(cache.refreshTokens),
+            ...Object.keys(cache.appMetadata),
+        ];
     }
 
     /**
      * Clears all cache entries created by MSAL (except tokens).
      */
     clear(): void {
         // read inMemoryCache
-        const cache = this.getCache();
+        const cacheKeys = this.getKeys();
 
-        // read all keys
-        Object.keys(cache).forEach(key => {
-            Object.keys(key).forEach(internalKey => {
-                this.removeItem(internalKey);
-            });
+        // delete each element
+        cacheKeys.forEach(key => {
+            this.removeItem(key);
         });
         this.emitChange();
     }

lib/msal-node/src/cache/TokenCache.ts

@@ -4,16 +4,8 @@
  */
 
 import { Storage } from './Storage';
-import { ClientAuthError, StringUtils } from '@azure/msal-common';
-import {
-    InMemoryCache,
-    JsonCache,
-    SerializedAccountEntity,
-    SerializedAccessTokenEntity,
-    SerializedRefreshTokenEntity,
-    SerializedIdTokenEntity,
-    SerializedAppMetadataEntity
-} from './serializer/SerializerTypes';
+import { ClientAuthError, StringUtils, AccountEntity, AccountInfo} from '@azure/msal-common';
+import { InMemoryCache, JsonCache, SerializedAccountEntity, SerializedAccessTokenEntity, SerializedRefreshTokenEntity, SerializedIdTokenEntity, SerializedAppMetadataEntity } from './serializer/SerializerTypes';
 import { ICachePlugin } from './ICachePlugin';
 import { Deserializer } from './serializer/Deserializer';
 import { Serializer } from './serializer/Serializer';
@@ -131,6 +123,24 @@ export class TokenCache {
         }
     }
 
+
+    /**
+     * API that retrieves all accounts currently in cache to the user
+     */
+    getAllAccounts(): AccountInfo[] {
+        return this.storage.getAllAccounts();
+    }
+
+    /**
+     * API to remove a specific account and the relevant data from cache
+     * @param account
+     */
+    removeAccount(account: AccountInfo) {
+        this.storage.removeAccount(
+            AccountEntity.generateAccountCacheKey(account)
+        );
+    }
+
     /**
      * Called when the cache has changed state.
      */

lib/msal-node/src/client/ClientApplication.ts

@@ -16,8 +16,9 @@ import {
     ClientAuthError,
     Constants,
     TrustedAuthority,
-    AccountInfo,
-    BaseAuthRequest
+    BaseAuthRequest,
+    SilentFlowRequest,
+    SilentFlowClient,
 } from '@azure/msal-common';
 import { Configuration, buildAppConfiguration } from '../config/Configuration';
 import { CryptoProvider } from '../crypto/CryptoProvider';
@@ -106,6 +107,25 @@ export abstract class ClientApplication {
         return refreshTokenClient.acquireToken(this.initializeRequestScopes(request) as RefreshTokenRequest);
     }
 
+    /**
+     * Acquires a token silently when a user specifies the account the token is requested for.
+     *
+     * This API expects the user to provide an account object and looks into the cache to retrieve the token if present.
+     * There is also an optional "forceRefresh" boolean the user can send, to bypass the cache for access_token and id_token
+     * In case the refresh_token is expired or not found, an error is thrown
+     * and the guidance is for the user to call any interactive token acquisition API (eg: acquireTokenByCode())
+     * @param request
+     */
+    async acquireTokenSilent(request: SilentFlowRequest): Promise<AuthenticationResult> {
+        const silentFlowClientConfig = await this.buildOauthClientConfiguration(
+            request.authority
+        );
+        const silentFlowClient = new SilentFlowClient(
+            silentFlowClientConfig
+        );
+        return silentFlowClient.acquireToken(this.initializeRequestScopes(request) as SilentFlowRequest);
+    }
+
     getCacheManager(): TokenCache {
         return this.tokenCache;
     }
@@ -180,8 +200,4 @@ export abstract class ClientApplication {
 
         return this._authority;
     }
-
-    getAllAccounts(): AccountInfo[] {
-        return this.storage.getAllAccounts();
-    }
 }

samples/msal-node-samples/msal-node-auth-code/index.js

@@ -72,5 +72,6 @@ app.get('/redirect', (req, res) => {
 
 msalCacheManager.readFromPersistence().then(() => {
     app.listen(SERVER_PORT, () => console.log(`Msal Node Auth Code Sample app listening on port ${SERVER_PORT}!`))
+    console.log("Accounts: \n", msalCacheManager.getAllAccounts());
 });
 

samples/msal-node-samples/msal-node-silent-flow/data/cache.json

@@ -0,0 +1,73 @@
+{
+    "Account": {
+        "uid.utid-login.microsoftonline.com-microsoft": {
+            "username": "John Doe",
+            "local_account_id": "object1234",
+            "realm": "microsoft",
+            "environment": "login.microsoftonline.com",
+            "home_account_id": "uid.utid",
+            "authority_type": "MSSTS",
+            "client_info": "base64encodedjson"
+        }
+    },
+    "AccessToken": {
+        "uid.utid-login.microsoftonline.com-accesstoken-mock_client_id-microsoft-scope1 scope2 scope3": {
+            "environment": "login.microsoftonline.com",
+            "credential_type": "AccessToken",
+            "secret": "an access token",
+            "realm": "microsoft",
+            "target": "scope1 scope2 scope3",
+            "client_id": "mock_client_id",
+            "cached_at": "1000",
+            "home_account_id": "uid.utid",
+            "extended_expires_on": "4600",
+            "expires_on": "4600"
+        },
+        "uid.utid-login.microsoftonline.com-accesstoken-mock_client_id-microsoft-scope4 scope5": {
+            "environment": "login.microsoftonline.com",
+            "credential_type": "AccessToken",
+            "secret": "an access token",
+            "realm": "microsoft",
+            "target": "scope4 scope5",
+            "client_id": "mock_client_id",
+            "cached_at": "1000",
+            "home_account_id": "uid.utid",
+            "extended_expires_on": "4600",
+            "expires_on": "4600"
+        }
+    },
+    "RefreshToken": {
+        "uid.utid-login.microsoftonline.com-refreshtoken-mock_client_id--": {
+            "environment": "login.microsoftonline.com",
+            "credential_type": "RefreshToken",
+            "secret": "a refresh token",
+            "client_id": "mock_client_id",
+            "home_account_id": "uid.utid"
+        },
+        "uid.utid-login.microsoftonline.com-refreshtoken-1--": {
+            "environment": "login.microsoftonline.com",
+            "credential_type": "RefreshToken",
+            "secret": "a refresh token",
+            "client_id": "mock_client_id",
+            "home_account_id": "uid.utid",
+            "familyId": "1"
+        }
+    },
+    "IdToken": {
+        "uid.utid-login.microsoftonline.com-idtoken-mock_client_id-microsoft-": {
+            "realm": "microsoft",
+            "environment": "login.microsoftonline.com",
+            "credential_type": "IdToken",
+            "secret": "header.eyJvaWQiOiAib2JqZWN0MTIzNCIsICJwcmVmZXJyZWRfdXNlcm5hbWUiOiAiSm9obiBEb2UiLCAic3ViIjogInN1YiJ9.signature",
+            "client_id": "mock_client_id",
+            "home_account_id": "uid.utid"
+        }
+    },
+    "AppMetadata": {
+        "appmetadata-login.microsoftonline.com-mock_client_id": {
+            "environment": "login.microsoftonline.com",
+            "family_id": "1",
+            "client_id": "mock_client_id"
+        }
+    }
+}

samples/msal-node-samples/msal-node-silent-flow/index.js

@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+const express = require("express");
+const msal = require('@azure/msal-node');
+const { promises: fs } = require("fs");
+
+const SERVER_PORT = process.env.PORT || 3000;
+
+const readFromStorage = () => {
+    return fs.readFile("./data/cache.json", "utf-8");
+};
+
+const writeToStorage = (getMergedState) => {
+    return readFromStorage().then(oldFile =>{
+        const mergedState = getMergedState(oldFile);
+        return fs.writeFile("./data/cacheAfterWrite.json", mergedState);
+    })
+};
+
+const cachePlugin = {
+    readFromStorage,
+    writeToStorage
+};
+
+const publicClientConfig = {
+    auth: {
+        clientId: "99cab759-2aab-420b-91d8-5e3d8d4f063b",
+        authority: "https://login.microsoftonline.com/90b8faa8-cc95-460e-a618-ee770bee1759",
+        redirectUri: "http://localhost:3000/redirect",
+    },
+    cache: {
+        cachePlugin
+    },
+};
+const pca = new msal.PublicClientApplication(publicClientConfig);
+const msalCacheManager = pca.getCacheManager();
+let accounts;
+
+// Create Express App and Routes
+const app = express();
+
+app.get('/', (req, res) => {
+
+    // get Accounts
+    accounts = msalCacheManager.getAllAccounts();
+    console.log("Accounts: ", accounts);
+
+    // Build silent request
+    const silentRequest = {
+        account: accounts[1],
+        redirectUri: "http://localhost:3000/redirect",
+    };
+
+    // get url to sign user in and consent to scopes needed for application
+    pca.acquireTokenSilent(silentRequest)
+        .then((response) => {
+            console.log("\nResponse: \n:", response);
+            res.send(200);
+            return msalCacheManager.writeToPersistence();
+        })
+        .catch((error) => {
+            console.log(error);
+            res.status(500).send(error);
+        });
+});
+
+msalCacheManager.readFromPersistence().then(() => {
+    app.listen(SERVER_PORT, () => console.log(`Msal Node Auth Code Sample app listening on port ${SERVER_PORT}!`));
+});
+