in desktop/src/client/core/aad/auth-provider.ts [64:136]
public async getToken(options: {
resourceURI: string,
tenantId?: string,
forceRefresh?: boolean,
}): Promise<AuthorizationResult> {
const {
resourceURI,
tenantId = defaultTenant,
forceRefresh = false,
} = options;
if (this._logoutPromise) {
await this._logoutPromise;
}
/**
* KLUDGE: msal.js does not handle well access tokens across multiple
* tenants within the same cache. It lets you specify a different
* authority per request but it returns the same access token.
*
* Until this is resolved, we use one client application per tenant.
*/
const client = await this._getClient(tenantId);
const authRequest = this._authRequest(resourceURI, tenantId);
let account: AccountInfo | null = null;
try {
log.debug(`[${tenantId}] Trying to acquire token silently`);
account = await this._getAccount(tenantId);
if (!account) {
throw new Error(
"[internal] No valid account found for silent auth"
);
}
const result = await client.acquireTokenSilent({
...authRequest, account, forceRefresh
});
return result;
} catch (silentTokenException) {
log.debug(`[${tenantId}] Silent token acquisition failed: ${
silentTokenException}`);
// Prompt user for interactive authentication type
const { externalBrowserAuth } =
await this.authObserver.selectUserAuthMethod(tenantId);
let result: AuthenticationResult;
if (externalBrowserAuth) {
log.debug(`[${tenantId}] Interactive auth code flow with ` +
`system browser (${silentTokenException})`);
result = await this._systemBrowserAuth(client, authRequest,
tenantId);
} else {
log.debug(`[${tenantId}] Interactive auth code flow with ` +
`built-in window (${silentTokenException})`);
result = await this._builtInWindowAuth(client, authRequest,
tenantId);
}
if (result?.account) {
this._accounts[tenantId] = result.account;
if (!this._primaryUsername) {
this._primaryUsername = result.account.username;
}
} else {
log.warn("Authentication result did not contain account information");
}
return result;
}
}