Initial commit

Infrastructure/Auth/GraphClientFactory.cs

@@ -0,0 +1,32 @@
+using Microsoft.Graph;
+using SharepointToolbox.Web.Core.Models;
+using SharepointToolbox.Web.Services;
+using SharepointToolbox.Web.Services.Session;
+
+namespace SharepointToolbox.Web.Infrastructure.Auth;
+
+/// <summary>Delegated Graph client using OAuth2 refresh-token flow via ISessionManager.</summary>
+public class GraphClientFactory
+{
+    private readonly ISessionCredentialStore _credentialStore;
+    private readonly ISessionManager _sessionManager;
+
+    public GraphClientFactory(ISessionCredentialStore credentialStore, ISessionManager sessionManager)
+    {
+        _credentialStore = credentialStore;
+        _sessionManager  = sessionManager;
+    }
+
+    public async Task<GraphServiceClient> CreateClientAsync(TenantProfile profile)
+    {
+        ArgumentException.ThrowIfNullOrEmpty(profile.TenantId);
+
+        var hasTokens = await _credentialStore.HasCredentialsAsync();
+        if (!hasTokens)
+            throw new InvalidOperationException(
+                "No session tokens found. Please authenticate via Microsoft first.");
+
+        var credential = new SessionTokenCredential(_sessionManager);
+        return new GraphServiceClient(credential, ["https://graph.microsoft.com/.default"]);
+    }
+}