From abc68e8ef93642490b4e0ccfbb8cee0ef0a44719 Mon Sep 17 00:00:00 2001
From: Daniel James Smith <djsmith85@users.noreply.github.com>
Date: Thu, 18 Nov 2021 19:02:33 +0100
Subject: [PATCH] Add Azure Identity Authority Selector (#176)

* New AzureSettings to select the Identity Authority

* Add fallback for existing customers

* Throw error if Identity Authority is set to invalid value
---
 src/app/tabs/settings.component.html    |  8 ++++++++
 src/locales/en/messages.json            |  3 +++
 src/models/azureConfiguration.ts        |  1 +
 src/services/azure-directory.service.ts | 11 ++++++++++-
 4 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/src/app/tabs/settings.component.html b/src/app/tabs/settings.component.html
index 09a73136..a07f6bb6 100644
--- a/src/app/tabs/settings.component.html
+++ b/src/app/tabs/settings.component.html
@@ -134,6 +134,14 @@
                     </div>
                 </div>
                 <div [hidden]="directory != directoryType.AzureActiveDirectory">
+                    <div class="form-group">
+                        <label for="identityAuthority">{{'identityAuthority' | i18n}}</label>
+                        <select class="form-control" id="identityAuthority" name="IdentityAuthority"
+                            [(ngModel)]="azure.identityAuthority">
+                            <option value="login.microsoftonline.com">Azure AD Public</option>
+                            <option value="login.microsoftonline.us">Azure AD Government</option>
+                        </select>
+                    </div>
                     <div class="form-group">
                         <label for="tenant">{{'tenant' | i18n}}</label>
                         <input type="text" class="form-control" id="tenant" name="Tenant" [(ngModel)]="azure.tenant">
diff --git a/src/locales/en/messages.json b/src/locales/en/messages.json
index 11e555bc..2b615da2 100644
--- a/src/locales/en/messages.json
+++ b/src/locales/en/messages.json
@@ -354,6 +354,9 @@
     "rootPath": {
         "message": "Root Path"
     },
+    "identityAuthority": {
+        "message": "Identity Authority"
+    },
     "tenant": {
         "message": "Tenant"
     },
diff --git a/src/models/azureConfiguration.ts b/src/models/azureConfiguration.ts
index b9a113c0..904aec8c 100644
--- a/src/models/azureConfiguration.ts
+++ b/src/models/azureConfiguration.ts
@@ -1,4 +1,5 @@
 export class AzureConfiguration {
+    identityAuthority: string;
     tenant: string;
     applicationId: string;
     key: string;
diff --git a/src/services/azure-directory.service.ts b/src/services/azure-directory.service.ts
index 79571f2b..3e95f644 100644
--- a/src/services/azure-directory.service.ts
+++ b/src/services/azure-directory.service.ts
@@ -17,6 +17,9 @@ import { IDirectoryService } from './directory.service';
 import { I18nService } from 'jslib-common/abstractions/i18n.service';
 import { LogService } from 'jslib-common/abstractions/log.service';
 
+const AzurePublicIdentityAuhtority = 'login.microsoftonline.com';
+const AzureGovermentIdentityAuhtority = 'login.microsoftonline.us';
+
 const NextLink = '@odata.nextLink';
 const DeltaLink = '@odata.deltaLink';
 const ObjectType = '@odata.type';
@@ -390,6 +393,12 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
                     return;
                 }
 
+                const identityAuthority = this.dirConfig.identityAuthority != null ? this.dirConfig.identityAuthority : AzurePublicIdentityAuhtority;
+                if (identityAuthority !== AzurePublicIdentityAuhtority && identityAuthority !== AzureGovermentIdentityAuhtority) {
+                    done(new Error(this.i18nService.t('dirConfigIncomplete')), null);
+                    return;
+                }
+
                 if (!this.accessTokenIsExpired()) {
                     done(null, this.accessToken);
                     return;
@@ -406,7 +415,7 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
                 });
 
                 const req = https.request({
-                    host: 'login.microsoftonline.com',
+                    host: identityAuthority,
                     path: '/' + this.dirConfig.tenant + '/oauth2/v2.0/token',
                     method: 'POST',
                     headers: {