bitwarden/directory-connector
1
0
Fork 0
mirror of https://github.com/bitwarden/directory-connector synced 2025-12-05 23:53:21 +00:00
Code Issues Releases Wiki Activity

[PM-15456] Update AzureDirectoryService to dynamically select Graph API endpoint based on identity authority (public or government) (#777)

Browse Source 
Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
This commit is contained in:
Rui Tomé
2025-06-02 14:00:07 +01:00
committed by GitHub
parent 5f9adf9ab7
commit 3b3ea8ac47
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/services/azure-directory.service.ts
View File

@@ -18,7 +18,9 @@ import { BaseDirectoryService } from "./baseDirectory.service";
import { IDirectoryService } from "./directory.service"; import { IDirectoryService } from "./directory.service";
const AzurePublicIdentityAuhtority = "login.microsoftonline.com"; const AzurePublicIdentityAuhtority = "login.microsoftonline.com";
const AzurePublicGraphEndpoint = "https://graph.microsoft.com";
const AzureGovermentIdentityAuhtority = "login.microsoftonline.us"; const AzureGovermentIdentityAuhtority = "login.microsoftonline.us";
const AzureGovernmentGraphEndpoint = "https://graph.microsoft.us";
const NextLink = "@odata.nextLink"; const NextLink = "@odata.nextLink";
const DeltaLink = "@odata.deltaLink"; const DeltaLink = "@odata.deltaLink";
@@ -207,7 +209,7 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
if (keyword === "excludeadministrativeunit" || keyword === "includeadministrativeunit") { if (keyword === "excludeadministrativeunit" || keyword === "includeadministrativeunit") {
for (const p of pieces) { for (const p of pieces) {
let auMembers = await this.client let auMembers = await this.client
.api(`https://graph.microsoft.com/v1.0/directory/administrativeUnits/${p}/members`) .api(`${this.getGraphApiEndpoint()}/v1.0/directory/administrativeUnits/${p}/members`)
.get(); .get();
// eslint-disable-next-line // eslint-disable-next-line
while (true) { while (true) {
@@ -478,7 +480,7 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
client_id: this.dirConfig.applicationId, client_id: this.dirConfig.applicationId,
client_secret: this.dirConfig.key, client_secret: this.dirConfig.key,
grant_type: "client_credentials", grant_type: "client_credentials",
scope: "https://graph.microsoft.com/.default", scope: `${this.getGraphApiEndpoint()}/.default`,
}); });
const req = https const req = https
@@ -542,4 +544,10 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
exp.setSeconds(exp.getSeconds() + expSeconds); exp.setSeconds(exp.getSeconds() + expSeconds);
this.accessTokenExpiration = exp; this.accessTokenExpiration = exp;
} }
private getGraphApiEndpoint(): string {
return this.dirConfig.identityAuthority === AzureGovermentIdentityAuhtority
? AzureGovernmentGraphEndpoint
: AzurePublicGraphEndpoint;
}
} }