primno · xaviermonin · Mar 11, 2023 · Mar 7, 2023 · Mar 11, 2023 · Mar 11, 2023
diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
@@ -28,6 +28,8 @@ jobs:
         with:
           node-version: 18
           registry-url: https://registry.npmjs.org/
+      - run: npm ci
+      - run: npm run build
       - run: npm publish
         env:
           NODE_AUTH_TOKEN: ${{secrets.npm_token}}
diff --git a/README.md b/README.md
@@ -158,13 +158,46 @@ interface OAuthConfig {
      * OAuth2 credentials
      */
     credentials: {
+        /**
+         * OAuth flow
+         */
         grantType: "client_credential" | "password" | "device_code";
+        /**
+         * Client ID
+         */
         clientId: string;
+        /**
+         * Client secret for ConfidentialClientApplication.
+         * If set, clientCertificate is not required.
+         */
         clientSecret?: string;
+        /**
+         * Client certificate for ConfidentialClientApplication.
+         * If set, clientSecret is not required.
+         */
+        clientCertificate?: {
+            thumbprint: string;
+            privateKey: string;
+        },
+        /**
+         * Authority URL (eg: https://login.microsoftonline.com/common/)
+         */
         authorityUrl: string;
+        /**
+         * Username for password and device_code flow.
+         */
         userName?: string;
+        /**
+         * Password for password flow.
+         */
         password?: string;
+        /**
+         * Redirect URI.
+         */
         redirectUri?: string;
+        /**
+         * Scope. Dataverse url suffixed with .default.
+         */
         scope?: string;
     };
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@primno/dataverse-client",
-  "version": "0.8.0-beta.0",
+  "version": "0.8.1-beta.0",
   "description": "Dataverse / Dynamics 365 CE (on-premises) client for Node.JS",
   "repository": "github:primno/dataverse-client",
   "main": "dist/index.cjs.js",

diff --git a/src/auth/oauth/msal/token/application.ts b/src/auth/oauth/msal/token/application.ts
@@ -22,7 +22,6 @@ export async function createApplication(oAuthOptions: OAuthConfig): Promise<Appl
         auth: {
             clientId: credentials.clientId,
             authority: credentials.authorityUrl,
-            clientSecret: credentials.clientSecret,
             knownAuthorities: [credentials.authorityUrl]
         },
         system: {
@@ -38,10 +37,17 @@ export async function createApplication(oAuthOptions: OAuthConfig): Promise<Appl
         cache: persistence.enabled ? await getCacheOptions(persistence) : undefined
     };
 
-    if (credentials.clientSecret) {
+    if (credentials.clientSecret || credentials.clientCertificate) {
         return {
             type: "confidential",
-            client: new ConfidentialClientApplication(options)
+            client: new ConfidentialClientApplication({
+                ...options,
+                auth: {
+                    ...options.auth,
+                    clientSecret: credentials.clientSecret,
+                    clientCertificate: credentials.clientCertificate
+                }
+            })
         };
     }
     else {

diff --git a/src/auth/oauth/oauth-configuration.ts b/src/auth/oauth/oauth-configuration.ts
@@ -1,11 +1,44 @@
 export interface OAuthCredentials {
+    /**
+     * OAuth flow
+     */
     grantType: "client_credential" | "password" | "device_code";
+    /**
+     * Client ID
+     */
     clientId: string;
+    /**
+     * Client secret for ConfidentialClientApplication.
+     * If set, clientCertificate is not required.
+     */
     clientSecret?: string;
+    /**
+     * Client certificate for ConfidentialClientApplication.
+     * If set, clientSecret is not required.
+     */
+    clientCertificate?: {
+        thumbprint: string;
+        privateKey: string;
+    },
+    /**
+     * Authority URL (eg: https://login.microsoftonline.com/common/)
+     */
     authorityUrl: string;
+    /**
+     * Username for password and device_code flow.
+     */
     userName?: string;
+    /**
+     * Password for password flow.
+     */
     password?: string;
+    /**
+     * Redirect URI.
+     */
     redirectUri?: string;
+    /**
+     * Scope. Dataverse url suffixed with .default.
+     */
     scope?: string;
 }