[PM-15456] Update AzureDirectoryService to dynamically select Graph API endpoint based on identity authority (public or government) (#777)

Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
7 months ago · 3b3ea8ac47
1 changed files with 10 additions and 2 deletions
--- a/src/services/azure-directory.service.ts
+++ b/src/services/azure-directory.service.ts
@ -18,7 +18,9 @@ import { BaseDirectoryService } from "./baseDirectory.service";
				@@ -18,7 +18,9 @@ import { BaseDirectoryService } from "./baseDirectory.service";
 import { IDirectoryService } from "./directory.service";

 const AzurePublicIdentityAuhtority = "login.microsoftonline.com";
+const AzurePublicGraphEndpoint = "https://graph.microsoft.com";
 const AzureGovermentIdentityAuhtority = "login.microsoftonline.us";
+const AzureGovernmentGraphEndpoint = "https://graph.microsoft.us";

 const NextLink = "@odata.nextLink";
 const DeltaLink = "@odata.deltaLink";
@ -207,7 +209,7 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
				@@ -207,7 +209,7 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
    if (keyword === "excludeadministrativeunit" || keyword === "includeadministrativeunit") {
      for (const p of pieces) {
        let auMembers = await this.client
-          .api(`https://graph.microsoft.com/v1.0/directory/administrativeUnits/${p}/members`)
+          .api(`${this.getGraphApiEndpoint()}/v1.0/directory/administrativeUnits/${p}/members`)
          .get();
        // eslint-disable-next-line
        while (true) {
@ -478,7 +480,7 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
				@@ -478,7 +480,7 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
          client_id: this.dirConfig.applicationId,
          client_secret: this.dirConfig.key,
          grant_type: "client_credentials",
-          scope: "https://graph.microsoft.com/.default",
+          scope: `${this.getGraphApiEndpoint()}/.default`,
        });

        const req = https
@ -542,4 +544,10 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
				@@ -542,4 +544,10 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
    exp.setSeconds(exp.getSeconds() + expSeconds);
    this.accessTokenExpiration = exp;
  }
+
+  private getGraphApiEndpoint(): string {
+    return this.dirConfig.identityAuthority === AzureGovermentIdentityAuhtority
+      ? AzureGovernmentGraphEndpoint
+      : AzurePublicGraphEndpoint;
+  }
 }