37 lines
1.3 KiB
C#
37 lines
1.3 KiB
C#
using Azure.Identity;
|
|
using Microsoft.Graph;
|
|
|
|
namespace Management.Services;
|
|
|
|
/// <summary>
|
|
/// Wraps a Microsoft.Graph client authenticated with app-only (client credentials)
|
|
/// credentials against the org tenant.
|
|
///
|
|
/// Registered as a singleton in Program.cs — one GraphServiceClient per process.
|
|
/// </summary>
|
|
public sealed class GraphService
|
|
{
|
|
private readonly GraphServiceClient _client;
|
|
private readonly ILogger<GraphService> _log;
|
|
|
|
public GraphService(IConfiguration config, ILogger<GraphService> log)
|
|
{
|
|
_log = log;
|
|
|
|
var tenantId = config["Graph:TenantId"] ?? "";
|
|
var clientId = config["Graph:ClientId"] ?? "";
|
|
var clientSecret = config["Graph:ClientSecret"] ?? "";
|
|
|
|
if (string.IsNullOrWhiteSpace(tenantId) || string.IsNullOrWhiteSpace(clientId) || string.IsNullOrWhiteSpace(clientSecret))
|
|
{
|
|
_log.LogWarning("[Graph] One or more Graph config values are missing (TenantId, ClientId, ClientSecret). " +
|
|
"GET /api/admin/access/users will return an error until these are set.");
|
|
}
|
|
|
|
var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);
|
|
_client = new GraphServiceClient(credential, ["https://graph.microsoft.com/.default"]);
|
|
}
|
|
|
|
public GraphServiceClient Client => _client;
|
|
}
|