Update local scripts to make auth optional

microsoft · Aug 10, 2023 · 7517156 · 7517156
1 parent ddfbdf6
commit 7517156
Show file tree

Hide file tree

Showing 6 changed files with 132 additions and 77 deletions.
diff --git a/scripts/.env b/scripts/.env
@@ -6,9 +6,12 @@ ENV_PLANNER_MODEL_OPEN_AI="gpt-3.5-turbo"
 ENV_COMPLETION_MODEL_AZURE_OPEN_AI="gpt-35-turbo"
 ENV_PLANNER_MODEL_AZURE_OPEN_AI="gpt-35-turbo"
 ENV_EMBEDDING_MODEL="text-embedding-ada-002"
-ENV_TENANT_ID="common"
 ENV_ASPNETCORE="Development"
+ENV_INSTANCE="https://login.microsoftonline.com"
 
 # Constants
 ENV_AZURE_OPEN_AI="AzureOpenAI"
 ENV_OPEN_AI="OpenAI"
+ENV_AZURE_AD="AzureAd"
+ENV_NONE="None"
+ENV_SCOPES="access_as_user"
diff --git a/scripts/Configure.ps1 b/scripts/Configure.ps1
@@ -8,9 +8,6 @@ The service type used: OpenAI or Azure OpenAI.
 .PARAMETER APIKey
 The API key for the AI service.
 
-.PARAMETER ClientId
-The client (application) ID associated with your AAD app registration.
-
 .PARAMETER Endpoint
 Set when using Azure OpenAI.
 
@@ -23,71 +20,79 @@ The embedding model to use (e.g., text-embedding-ada-002).
 .PARAMETER PlannerModel
 The chat completion model to use for planning (e.g., gpt-3.5-turbo or gpt-4).
 
+.PARAMETER FrontendClientId
+The client (application) ID associated with your frontend's AAD app registration.
+
+.PARAMETER BackendClientId
+The client (application) ID associated with your backend's AAD app registration.
+
 .PARAMETER TenantId
-The tenant (directory) associated with your AAD app registration.
-Defaults to 'common'. 
+The tenant (directory) associated with your AAD app registrations.
 See https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-client-application-configuration#authority.
+
+.PARAMETER Instance
+The Azure cloud instance used for authenticating users. Defaults to https://login.microsoftonline.com/.
+See https://learn.microsoft.com/en-us/azure/active-directory/develop/authentication-national-cloud#azure-ad-authentication-endpoints.
 #>
 
 param(
-    [Parameter(Mandatory=$true)]
+    [Parameter(Mandatory = $true)]
     [string]$AIService,
 
-    [Parameter(Mandatory=$true)]
-    [string]$APIKey,
-
     [Parameter(Mandatory = $true)]
-    [string] $ClientId,
+    [string]$APIKey,
 
-    [Parameter(Mandatory=$false)]
+    [Parameter(Mandatory = $false)]
     [string]$Endpoint,
 
-    [Parameter(Mandatory=$false)]
+    [Parameter(Mandatory = $false)]
     [string]$CompletionModel,
 
-    [Parameter(Mandatory=$false)]
+    [Parameter(Mandatory = $false)]
     [string]$EmbeddingModel, 
 
-    [Parameter(Mandatory=$false)]
+    [Parameter(Mandatory = $false)]
     [string]$PlannerModel,
 
     [Parameter(Mandatory = $false)]
-    [string] $TenantId
+    [string] $FrontendClientId,
+
+    [Parameter(Mandatory = $false)]
+    [string] $BackendClientId,
+
+    [Parameter(Mandatory = $false)]
+    [string] $TenantId,
+
+    [Parameter(Mandatory = $false)]
+    [string] $Instance
 )
 
 # Get defaults and constants
 $varScriptFilePath = Join-Path "$PSScriptRoot" 'Variables.ps1'
 . $varScriptFilePath
 
 # Set remaining values from Variables.ps1
-if ($AIService -eq $varOpenAI) 
-{
-    if (!$CompletionModel)
-    {
-         $CompletionModel = $varCompletionModelOpenAI
+if ($AIService -eq $varOpenAI) {
+    if (!$CompletionModel) {
+        $CompletionModel = $varCompletionModelOpenAI
     }
-    if (!$PlannerModel)
-    {
-         $PlannerModel = $varPlannerModelOpenAI
+    if (!$PlannerModel) {
+        $PlannerModel = $varPlannerModelOpenAI
     }
 
     # TO DO: Validate model values if set by command line.
 }
-elseif ($AIService -eq $varAzureOpenAI) 
-{
-    if (!$CompletionModel)
-    {
-         $CompletionModel = $varCompletionModelAzureOpenAI
+elseif ($AIService -eq $varAzureOpenAI) {
+    if (!$CompletionModel) {
+        $CompletionModel = $varCompletionModelAzureOpenAI
     }
-    if (!$PlannerModel)
-    {
-         $PlannerModel = $varPlannerModelAzureOpenAI
+    if (!$PlannerModel) {
+        $PlannerModel = $varPlannerModelAzureOpenAI
     }
 
     # TO DO: Validate model values if set by command line.
 
-    if (!$Endpoint)
-    {
+    if (!$Endpoint) {
         Write-Error "Please specify an endpoint for -Endpoint when using AzureOpenAI."
         exit(1)
     }
@@ -97,29 +102,37 @@ else {
     exit(1)
 }
 
-if (!$EmbeddingModel)
-{
-     $EmbeddingModel = $varEmbeddingModel
-     # TO DO: Validate model values if set by command line.
+if (!$EmbeddingModel) {
+    $EmbeddingModel = $varEmbeddingModel
+    # TO DO: Validate model values if set by command line.
+}
+
+# Determine authentication type based on arguments
+if ($FrontendClientId -and $BackendClientId -and $TenantId) {
+    $authType = $varAzureAd
+    if (!$Instance) {
+        $Instance = $varInstance
+    }
 }
-if (!$TenantId)
-{
-     $TenantId = $varTenantId
-     # TO DO: Validate tenantID value if set by command line.
+elseif (!$FrontendClientId -and !$BackendClientId -and !$TenantId) {
+    $authType = $varNone
+}
+else {
+    Write-Error "To use Azure AD authentication, please set -FrontendClientId, -BackendClientId, and -TenantId."
+    exit(1)
 }
 
 Write-Host "#########################"
 Write-Host "# Backend configuration #"
 Write-Host "#########################"
 
 # Install dev certificate
-if ($IsLinux)
-{
+if ($IsLinux) {
     dotnet dev-certs https
     if ($LASTEXITCODE -ne 0) { exit(1) }
 }
-else # Windows/MacOS
-{
+else {
+    # Windows/MacOS
     dotnet dev-certs https --trust
     if ($LASTEXITCODE -ne 0) { exit(1) }
 }
@@ -130,7 +143,10 @@ Write-Host "Setting 'AIService:Key' user secret for $AIService..."
 dotnet user-secrets set --project $webapiProjectPath  AIService:Key $ApiKey
 if ($LASTEXITCODE -ne 0) { exit(1) }
 
-$appsettingsOverrides = @{ AIService = @{ Type = $AIService; Endpoint = $Endpoint; Models = @{ Completion = $CompletionModel; Embedding = $EmbeddingModel; Planner = $PlannerModel } } }
+$appsettingsOverrides = @{
+    AIService      = @{ Type = $AIService; Endpoint = $Endpoint; Models = @{ Completion = $CompletionModel; Embedding = $EmbeddingModel; Planner = $PlannerModel } };
+    Authentication = @{ Type = $authType; AzureAd = @{ Instance = $Instance; TenantId = $TenantId; ClientId = $BackendClientId; Scopes = $varScopes } }
+}
 $appSettingsJson = -join ("appsettings.", $varASPNetCore, ".json");
 $appsettingsOverridesFilePath = Join-Path $webapiProjectPath $appSettingsJson
 
@@ -152,8 +168,14 @@ $webappEnvFilePath = Join-Path "$webappProjectPath" '/.env'
 
 Write-Host "Setting up '.env'..."
 Set-Content -Path $webappEnvFilePath -Value "REACT_APP_BACKEND_URI=https://localhost:40443/"
-Add-Content -Path $webappEnvFilePath -Value "REACT_APP_AAD_AUTHORITY=https://login.microsoftonline.com/$TenantId"
-Add-Content -Path $webappEnvFilePath -Value "REACT_APP_AAD_CLIENT_ID=$ClientId"
+
+if ($authType -eq $varAzureAd) {
+    Write-Host "Configuring Azure AD authentication..."
+    Add-Content -Path $webappEnvFilePath -Value "REACT_APP_AUTH_TYPE=AzureAd"
+    Add-Content -Path $webappEnvFilePath -Value "REACT_APP_AAD_AUTHORITY=https://$($Instance.Trim("/"))/$TenantId"
+    Add-Content -Path $webappEnvFilePath -Value "REACT_APP_AAD_CLIENT_ID=$FrontendClientId"
+    Add-Content -Path $webappEnvFilePath -Value "REACT_APP_AAD_API_SCOPE=api://$BackendClientId/access_as_user"
+}
 
 Write-Host "($webappEnvFilePath)"
 Write-Host "========"

diff --git a/scripts/Configure.sh b/scripts/Configure.sh
@@ -22,11 +22,6 @@ while [[ $# -gt 0 ]]; do
       shift
       shift
       ;;
-    -c|--clientid) # Required argument
-      CLIENT_ID="$2"
-      shift
-      shift
-      ;;
     -e|--endpoint) # Required argument for Azure OpenAI
       ENDPOINT="$2"
       shift
@@ -47,11 +42,26 @@ while [[ $# -gt 0 ]]; do
       shift
       shift
       ;;
+    -fc|--frontend-clientid)
+      FRONTEND_CLIENT_ID="$2"
+      shift
+      shift
+      ;;
+    -bc|--backend-clientid)
+      BACKEND_CLIENT_ID="$2"
+      shift
+      shift
+      ;;
     -t|--tenantid)
       TENANT_ID="$2"
       shift
       shift
       ;;
+    -i|--instance)
+      INSTANCE="$2"
+      shift
+      shift
+      ;;
     -*|--*)
       echo "Unknown option $1"
       exit 1
@@ -72,13 +82,26 @@ fi
 if [ -z "$API_KEY" ]; then
   echo "Please specify an API key with -a or --apikey."; exit 1;
 fi
-if [ -z "$CLIENT_ID" ]; then
-  echo "Please specify a client (application) ID with -c or --clientid."; exit 1;
-fi
 if [ "$AI_SERVICE" = "$ENV_AZURE_OPEN_AI" ] && [ -z "$ENDPOINT" ]; then
   echo "When using `--aiservice AzureOpenAI`, please specify an endpoint with -e or --endpoint."; exit 1;
 fi
 
+if [ "$FRONTEND_CLIENT_ID" ] && [ "$BACKEND_CLIENT_ID" ] && [ "$TENANT_ID" ]; then
+  # Set auth type to AzureAd
+  AUTH_TYPE="$ENV_AZURE_AD"
+  # If instance empty, use default
+  if [ -z "$INSTANCE" ]; then
+    INSTANCE="$ENV_INSTANCE"
+  fi
+else
+  if [ "$FRONTEND_CLIENT_ID" ] && [ "$BACKEND_CLIENT_ID" ] && [ "$TENANT_ID" ]; then
+    # Set auth type to None
+    AUTH_TYPE="$ENV_NONE"
+  else
+    echo "To use Azure AD authentication, please set --frontend-clientid, --backend-clientid, and --tenantid."; exit 1;
+  fi
+fi
+
 # Set remaining values from .env if not passed as argument
 if [ "$AI_SERVICE" = "$ENV_OPEN_AI" ]; then
   if [ -z "$COMPLETION_MODEL" ]; then
@@ -89,7 +112,7 @@ if [ "$AI_SERVICE" = "$ENV_OPEN_AI" ]; then
   fi
   # TO DO: Validate model values if set by command line.
 else # elif [ "$AI_SERVICE" = "$ENV_AZURE_OPEN_AI" ]; then
-    if [ -z "$COMPLETION_MODEL" ]; then
+  if [ -z "$COMPLETION_MODEL" ]; then
     COMPLETION_MODEL="$ENV_COMPLETION_MODEL_AZURE_OPEN_AI"
   fi
   if [ -z "$PLANNER_MODEL" ]; then
@@ -102,9 +125,6 @@ if [ -z "$EMBEDDING_MODEL" ]; then
   EMBEDDING_MODEL="$ENV_EMBEDDING_MODEL"
   # TO DO: Validate model values if set by command line.
 fi
-if [ -z "$TENANT_ID" ]; then
-  TENANT_ID="$ENV_TENANT_ID"
-fi
 
 echo "#########################"
 echo "# Backend configuration #"
@@ -132,7 +152,7 @@ echo "Setting 'AIService:Key' user secret for $AI_SERVICE..."
 dotnet user-secrets set --project $WEBAPI_PROJECT_PATH  AIService:Key $API_KEY
 if [ $? -ne 0 ]; then exit 1; fi
 
-APPSETTINGS_OVERRIDES="{ \"AIService\": { \"Type\": \"${AI_SERVICE}\", \"Endpoint\": \"${ENDPOINT}\", \"Models\": { \"Completion\": \"${COMPLETION_MODEL}\", \"Embedding\": \"${EMBEDDING_MODEL}\", \"Planner\": \"${PLANNER_MODEL}\" } } }"
+APPSETTINGS_OVERRIDES="{ \"AIService\": { \"Type\": \"${AI_SERVICE}\", \"Endpoint\": \"${ENDPOINT}\", \"Models\": { \"Completion\": \"${COMPLETION_MODEL}\", \"Embedding\": \"${EMBEDDING_MODEL}\", \"Planner\": \"${PLANNER_MODEL}\" } }, \"Authentication\": { \"Type\": \"${AUTH_TYPE}\", \"AzureAd\": { \"Instance\": \"${INSTANCE}\", \"TenantId\": \"${TENANT_ID}\", \"ClientId\": \"${BACKEND_CLINET_ID}\", \"Scopes\": \"${ENV_SCOPES}\" } } }"
 APPSETTINGS_OVERRIDES_FILEPATH="${WEBAPI_PROJECT_PATH}/appsettings.${ENV_ASPNETCORE}.json"
 
 echo "Setting up 'appsettings.${ENV_ASPNETCORE}.json' for $AI_SERVICE..."
@@ -153,8 +173,15 @@ WEBAPP_ENV_FILEPATH="${WEBAPP_PROJECT_PATH}/.env"
 
 echo "Setting up '.env' for webapp..."
 echo "REACT_APP_BACKEND_URI=https://localhost:40443/" > $WEBAPP_ENV_FILEPATH
-echo "REACT_APP_AAD_AUTHORITY=https://login.microsoftonline.com/$TENANT_ID" >> $WEBAPP_ENV_FILEPATH
-echo "REACT_APP_AAD_CLIENT_ID=$CLIENT_ID" >> $WEBAPP_ENV_FILEPATH
+
+if [ "$AUTH_TYPE" = "$ENV_AZURE_AD" ]; then
+  echo "Configuring Azure AD authentication..."
+  echo "REACT_APP_AUTH_TYPE=AzureAd" >> $WEBAPP_ENV_FILEPATH
+  # TODO: trim any trailing slash from instance
+  echo "REACT_APP_AAD_AUTHORITY=https://$INSTANCE/$TENANT_ID" >> $WEBAPP_ENV_FILEPATH
+  echo "REACT_APP_AAD_CLIENT_ID=$FRONTEND_CLIENT_ID" >> $WEBAPP_ENV_FILEPATH
+  echo "REACT_APP_AAD_API_SCOPE=api://$BACKEND_CLIENT_ID/access_as_user" >> $WEBAPP_ENV_FILEPATH
+fi
 
 echo "($WEBAPP_ENV_FILEPATH)"
 echo "========"

diff --git a/scripts/Start.ps1 b/scripts/Start.ps1
@@ -7,7 +7,7 @@ $BackendScript = Join-Path "$PSScriptRoot" 'Start-Backend.ps1'
 $FrontendScript = Join-Path "$PSScriptRoot" 'Start-Frontend.ps1'
 
 # Start backend (in new PS process)
-Start-Process powershell -ArgumentList "-command $BackendScript"
+Start-Process pwsh -ArgumentList  "-command $BackendScript"
 
 # Start frontend (in current PS process)
 & $FrontendScript
diff --git a/scripts/Variables.ps1 b/scripts/Variables.ps1
@@ -1,14 +1,17 @@
 # Default environment file to be read by scripts
 
 # Default values
-$varCompletionModelOpenAI="gpt-3.5-turbo"
-$varPlannerModelOpenAI="gpt-3.5-turbo"
-$varCompletionModelAzureOpenAI="gpt-35-turbo"
-$varPlannerModelAzureOpenAI="gpt-35-turbo"
-$varEmbeddingModel="text-embedding-ada-002"
-$varTenantId="common"
-$varASPNetCore="Development"
+$varCompletionModelOpenAI = "gpt-3.5-turbo"
+$varPlannerModelOpenAI = "gpt-3.5-turbo"
+$varCompletionModelAzureOpenAI = "gpt-35-turbo"
+$varPlannerModelAzureOpenAI = "gpt-35-turbo"
+$varEmbeddingModel = "text-embedding-ada-002"
+$varASPNetCore = "Development"
+$varInstance = "https://login.microsoftonline.com"
 
 # Constants
-$varAzureOpenAI="AzureOpenAI"
-$varOpenAI="OpenAI"
+$varAzureOpenAI = "AzureOpenAI"
+$varOpenAI = "OpenAI"
+$varAzureAd = "AzureAd"
+$varNone = "None"
+$varScopes = "access_as_user"
diff --git a/webapp/src/libs/hooks/useChat.ts b/webapp/src/libs/hooks/useChat.ts
@@ -90,9 +90,9 @@ export const useChat = () => {
                         userDataLoaded: false,
                     };
 
-                dispatch(addConversation(newChat));
-                return newChat.id;
-            });
+                    dispatch(addConversation(newChat));
+                    return newChat.id;
+                });
         } catch (e: any) {
             const errorMessage = `Unable to create new chat. Details: ${getErrorDetails(e)}`;
             dispatch(addAlert({ message: errorMessage, type: AlertType.Error }));