public async getARMTokenForTenant()

in Composer/packages/electron-server/src/auth/oneAuthService.ts [224:300]

• 68 lines of code
• 15 McCabe index (conditional complexity)

  public async getARMTokenForTenant(tenantId: string): Promise<string> {
    if (!this.initialized) {
      this.initialize();
    }

    // if not signed into the ARM account, sign in.
    if (!this.signedInARMAccount) {
      const signInParams = new this.oneAuth.AuthParameters(DEFAULT_AUTH_SCHEME, ARM_AUTHORITY, ARM_RESOURCE, '', '');
      const result: OneAuth.AuthResult = await this.oneAuth.signInInteractively(undefined, signInParams, '');
      if (!result.account) {
        return '';
      }

      this.signedInARMAccount = result.account;
    }

    // try to get the tenant token silently
    try {
      log('Getting an ARM token for tenant %s', tenantId);
      const tokenParams = new this.oneAuth.AuthParameters(
        DEFAULT_AUTH_SCHEME,
        `https://login.microsoftonline.com/${tenantId}`,
        ARM_RESOURCE,
        '',
        ''
      );
      const result = await this.oneAuth.acquireCredentialSilently(this.signedInARMAccount.id, tokenParams, '');
      if (result.credential && result.credential.value && Date.now() <= result.credential.expiresOn) {
        log('Acquired ARM token for tenant: %s', result.credential.value);
        return result.credential.value;
      }
    } catch (e) {
      if (e.error?.status === Status.InteractionRequired && this.signedInARMAccount) {
        log(
          'There was an error trying to silently get an ARM token for tenant %s: %O. Trying again interactively to get access token.',
          tenantId,
          e
        );

        // use the signed in account to acquire a token
        const reqParams = new this.oneAuth.AuthParameters(
          DEFAULT_AUTH_SCHEME,
          `https://login.microsoftonline.com/${tenantId}`,
          ARM_RESOURCE,
          '',
          ''
        );
        const result = await this.oneAuth.acquireCredentialInteractively(this.signedInARMAccount?.id, reqParams, '');
        if (result.credential && result.credential.value && Date.now() <= result.credential.expiresOn) {
          log('Acquired ARM token interactively. %s', result.credential.value);
          return result.credential.value;
        }
      }
      log('Error while trying to get an ARM token: %O', e);
      throw e;
    }

    // get the tenant token interactively
    try {
      const tokenParams = new this.oneAuth.AuthParameters(
        DEFAULT_AUTH_SCHEME,
        `https://login.microsoftonline.com/${tenantId}`,
        ARM_RESOURCE,
        '',
        ''
      );
      const result = await this.oneAuth.acquireCredentialInteractively(this.signedInARMAccount.id, tokenParams, '');
      if (!result.credential.value) {
        throw new Error('Interactive sign on returned an empty credential value.');
      }
      log('Acquired ARM token for tenant: %s', result.credential.value);
      return result.credential.value;
    } catch (e) {
      log('There was an error trying to get an ARM token interactively for tenant %s: %O', tenantId, e);
      throw e;
    }
  }