Path: blob/main/build/azure-pipelines/common/getPublishAuthTokens.ts
3520 views
/*---------------------------------------------------------------------------------------------1* Copyright (c) Microsoft Corporation. All rights reserved.2* Licensed under the MIT License. See License.txt in the project root for license information.3*--------------------------------------------------------------------------------------------*/45import { AccessToken } from '@azure/core-auth';6import { ConfidentialClientApplication } from '@azure/msal-node';78function e(name: string): string {9const result = process.env[name];1011if (typeof result !== 'string') {12throw new Error(`Missing env: ${name}`);13}1415return result;16}1718export async function getAccessToken(endpoint: string, tenantId: string, clientId: string, idToken: string): Promise<AccessToken> {19const app = new ConfidentialClientApplication({20auth: {21clientId,22authority: `https://login.microsoftonline.com/${tenantId}`,23clientAssertion: idToken24}25});2627const result = await app.acquireTokenByClientCredential({ scopes: [`${endpoint}.default`] });2829if (!result) {30throw new Error('Failed to get access token');31}3233return {34token: result.accessToken,35expiresOnTimestamp: result.expiresOn!.getTime(),36refreshAfterTimestamp: result.refreshOn?.getTime()37};38}3940async function main() {41const cosmosDBAccessToken = await getAccessToken(e('AZURE_DOCUMENTDB_ENDPOINT')!, e('AZURE_TENANT_ID')!, e('AZURE_CLIENT_ID')!, e('AZURE_ID_TOKEN')!);42const blobServiceAccessToken = await getAccessToken(`https://${e('VSCODE_STAGING_BLOB_STORAGE_ACCOUNT_NAME')}.blob.core.windows.net/`, process.env['AZURE_TENANT_ID']!, process.env['AZURE_CLIENT_ID']!, process.env['AZURE_ID_TOKEN']!);43console.log(JSON.stringify({ cosmosDBAccessToken, blobServiceAccessToken }));44}4546if (require.main === module) {47main().then(() => {48process.exit(0);49}, err => {50console.error(err);51process.exit(1);52});53}545556