Skip to content

Commit

Permalink
feat(auth): add Entra ID identity provider integration
Browse files Browse the repository at this point in the history
Introduces Entra ID (former Azure AD) authentication support with multiple authentication flows
and automated token lifecycle management.

Key additions:
- Add EntraIdCredentialsProvider for handling Entra ID authentication flows
- Implement MSALIdentityProvider to integrate with MSAL/EntraID authentication library
- Add support for multiple authentication methods:
  - Managed identities (system and user-assigned)
  - Client credentials with certificate
  - Client credentials with secret
  - Authorization Code flow with PKCE
- Add factory class with builder methods for each authentication flow
- Include sample Express server implementation for Authorization Code flow
- Add comprehensive configuration options for authority and token management
  • Loading branch information
bobymicroby committed Dec 17, 2024
1 parent e7d6f5b commit d0cd508
Show file tree
Hide file tree
Showing 12 changed files with 1,900 additions and 39 deletions.
973 changes: 945 additions & 28 deletions package-lock.json

Large diffs are not rendered by default.

21 changes: 12 additions & 9 deletions packages/authx/lib/token-manager.ts
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@ export interface TokenManagerConfig {
retry?: RetryPolicy;
}


/**
* IDPError is an error that occurs while calling the underlying IdentityProvider.
*
Expand Down Expand Up @@ -88,7 +87,7 @@ export class TokenManager<T> {

constructor(
private readonly identityProvider: IdentityProvider<T>,
private readonly config: TokenManagerConfig,
private readonly config: TokenManagerConfig
) {
if (this.config.expirationRefreshRatio > 1) {
throw new Error('expirationRefreshRatio must be less than or equal to 1');
Expand Down Expand Up @@ -186,25 +185,29 @@ export class TokenManager<T> {
if (!this.listener) {
throw new Error('TokenManager is not running, but a new token was received');
}
const token = this.wrapNativeToken(nativeToken, ttlMs);
this.currentToken = token;
const token = this.wrapAndSetCurrentToken(nativeToken, ttlMs);
this.listener.onNext(token);

this.scheduleNextRefresh(this.calculateRefreshTime(token));
}

/**
* Wraps a native token obtained from identity provider.
* @param nativeToken
* @param ttlMs
* Creates a Token object from a native token and sets it as the current token.
*
* @param nativeToken - The raw token received from the identity provider
* @param ttlMs - Time-to-live in milliseconds for the token
*
* @returns A new Token instance containing the wrapped native token and expiration details
*
*/
public wrapNativeToken(nativeToken: T, ttlMs: number): Token<T> {
public wrapAndSetCurrentToken(nativeToken: T, ttlMs: number): Token<T> {
const now = Date.now();
const token = new Token(
nativeToken,
now + ttlMs,
now
);
this.currentToken = token;
return token;
}

Expand All @@ -228,7 +231,7 @@ export class TokenManager<T> {
* @param token The token to calculate the refresh time for.
* @param now The current time in milliseconds. Defaults to Date.now().
*/
public calculateRefreshTime(token: Token<T>, now:number = Date.now()): number {
public calculateRefreshTime(token: Token<T>, now: number = Date.now()): number {
const ttlMs = token.getTtlMs(now);
return Math.floor(ttlMs * this.config.expirationRefreshRatio);
}
Expand Down
11 changes: 9 additions & 2 deletions packages/client/lib/client/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -380,11 +380,18 @@ export default class RedisClient<
}

/**
* TODO: Implement re-authentication to support refreshing credentials without reconnecting
* @param credentials
*/
private reAuthenticate = async (credentials: BasicAuth) => {
throw new Error('Not implemented');
// Re-authentication is not supported on RESP2 with PubSub active
if (!(this.isPubSubActive && !this.#options?.RESP)) {
await this.sendCommand(
parseArgs(COMMANDS.AUTH, {
username: credentials.username,
password: credentials.password ?? ''
})
);
}
}

private subscribeForStreamingCredentials(cp: StreamingCredentialsProvider): Promise<[BasicAuth, Disposable]> {
Expand Down
Empty file added packages/entraid/README.md
Empty file.
Loading

0 comments on commit d0cd508

Please sign in to comment.