KTUSA-PS/KTUSAPS/ClientApp/src/msal.js

import * as msal from '@azure/msal-browser'
import axios from 'axios'

const ClientIdCookieName = 'ktusakacas'
const AuthorityCookieName = 'ktusakeksas'
const TenantCookieName = 'ktusalaimis'

const RequestedScopes = ['openid', 'email', 'profile']

const msalState = {
  msal: null,
  clientId: null, // 5931fda0-e9e0-4754-80c2-18bcb9d9561a
  authority: null, // https://login.microsoftonline.com/3415f2f7-f5a8-4092-b52a-003aaf844853/v2.0
  tenant: null, // 3415f2f7-f5a8-4092-b52a-003aaf844853,
  stateChangeCallbacks: [],

  isLoggedIn: false,
  accessToken: null,
  idToken: null,
  email: null,
  displayName: null,

  debugFullTokenResponse: null,
  msalRefreshTimer: null,
}

async function initializeMSAL() {
  if (msalState.msal != null) {
    throw new Error('MSAL was attempted to initialize second time')
  }
  await __loadAuthParameters()
  const msalConfig = {
    auth: {
      clientId: msalState.clientId,
      authority: `https://login.microsoftonline.com/${msalState.tenant}`,
      redirectUri: window.location.protocol + '//' + window.location.host + '/',
    },
  }
  msalState.msalRefreshTimer = setInterval(__refreshToken, 10 * 60 * 1000)

  msalState.msal = new msal.PublicClientApplication(msalConfig)

  msalState.msal.handleRedirectPromise().then(__handleResponse)

  window.msalState = msalState
}

export function WatchMsalState(callback) {
  msalState.stateChangeCallbacks.push(callback)
  callback()
}

export function GetMsalState() {
  return {
    accessToken: msalState.accessToken,
    idToken: msalState.idToken,
    isLoggedIn: msalState.isLoggedIn,
    debugFullTokenResponse: msalState.debugFullTokenResponse,
    debugAccountInfo: msalState.debugAccountInfo,
    email: msalState.email,
    displayName: msalState.displayName,
  }
}

export function LoginMsal() {
  msalState.msal.loginRedirect({
    scopes: RequestedScopes,
  })
}

export function LogoutMsal() {
  msalState.msal.logout()
}

async function __refreshToken() {
  if (!msalState.isLoggedIn) return
  msalState.debugFullTokenResponse = await msalState.msal
    .acquireTokenSilent({ scopes: RequestedScopes })
    .catch((error) => {
      if (error instanceof msal.InteractionRequiredAuthError) {
        // fallback to interaction when silent call fails
        return msalState.msal.acquireTokenRedirect({
          scopes: RequestedScopes,
        })
      }
    })
  __responseObjectToMsalState()
  __stateChanged()
}

async function __handleResponse(response) {
  if (response !== null) {
    if (__isAccountAceptable(response.account)) {
      msalState.msal.setActiveAccount(response)
      msalState.debugFullTokenResponse = response

      __responseObjectToMsalState()
    }
  } else {
    msalState.msal
      .getAllAccounts()
      .filter(__isAccountAceptable)
      .forEach((account) => {
        msalState.msal.setActiveAccount(account)
      })

    const account = msalState.msal.getActiveAccount()
    if (account != null) {
      msalState.debugFullTokenResponse = await msalState.msal
        .acquireTokenSilent({ scopes: RequestedScopes })
        .catch((error) => {
          if (error instanceof msal.InteractionRequiredAuthError) {
            // fallback to interaction when silent call fails
            return msalState.msal.acquireTokenRedirect({
              scopes: RequestedScopes,
            })
          }
        })
      __responseObjectToMsalState()
    }
  }
  __stateChanged()
}

function __responseObjectToMsalState() {
  msalState.isLoggedIn = true
  msalState.accessToken = msalState.debugFullTokenResponse.accessToken
  msalState.idToken = msalState.debugFullTokenResponse.idToken
  msalState.email = msalState.debugFullTokenResponse.idTokenClaims.email
  msalState.displayName = msalState.debugFullTokenResponse.idTokenClaims.name
}

function __isAccountAceptable(account) {
  if (account.tenantId != msalState.tenant) return false
  return true
}

function __stateChanged() {
  msalState.stateChangeCallbacks.forEach((cb) => cb())
}

async function __loadAuthParameters() {
  await __loadAuthParametersLocalStorage()
}

async function __loadAuthParametersLocalStorage() {
  const clientId = localStorage.getItem(ClientIdCookieName)
  const authority = localStorage.getItem(AuthorityCookieName)
  const tenant = localStorage.getItem(TenantCookieName)
  if (clientId == null || authority == null || tenant == null) {
    await __fetchAuthParameters()
    localStorage.setItem(ClientIdCookieName, msalState.clientId)
    localStorage.setItem(AuthorityCookieName, msalState.authority)
    localStorage.setItem(TenantCookieName, msalState.tenant)
  } else {
    msalState.clientId = clientId
    msalState.authority = authority
    msalState.tenant = tenant
  }
}

async function __fetchAuthParameters() {
  var response = await axios.get('/api/AuthMetadata')
  msalState.clientId = response.data.clientId
  msalState.authority = response.data.authority
  msalState.tenant = response.data.tenant
}

initializeMSAL()