Documentation
¶
Overview ¶
Package config provides configuration management for the msgraph CLI.
Index ¶
Constants ¶
const ( // DefaultClientID is the Microsoft Graph Command Line Tools app ID. // This is a first-party Microsoft app pre-registered in most M365 tenants. DefaultClientID = "14d82eec-204b-4c2f-b7e8-296a70dab67e" // DefaultTenantID uses the "common" endpoint for multi-tenant sign-in. DefaultTenantID = "common" // DefaultAPIVersion is the default Graph API version. DefaultAPIVersion = "beta" // DefaultAuthority is the base URL for the Microsoft identity platform. DefaultAuthority = "https://login.microsoftonline.com/" // GraphBaseURL is the base URL for Microsoft Graph API. GraphBaseURL = "https://graph.microsoft.com" // DefaultScopes are the minimum scopes requested at sign-in. DefaultScope = "User.Read" // GraphDefaultScope is the scope used for app-only auth (all pre-granted permissions). GraphDefaultScope = "https://graph.microsoft.com/.default" // GraphResource is the resource identifier for managed identity token acquisition. GraphResource = "https://graph.microsoft.com" // RedirectURL is the localhost redirect used for interactive browser auth. RedirectURL = "http://localhost" )
Variables ¶
var Version = "dev"
Version is set at build time via ldflags.
Functions ¶
func ValidAPIVersion ¶
ValidAPIVersion checks if the given version string is valid.
Types ¶
type AuthMethod ¶ added in v1.0.0
type AuthMethod string
AuthMethod represents the authentication method to use.
const ( // AuthMethodDelegated uses interactive browser or device code flow (default). AuthMethodDelegated AuthMethod = "delegated" // AuthMethodClientSecret uses a client secret for app-only auth. AuthMethodClientSecret AuthMethod = "client-secret" // AuthMethodCertificate uses a client certificate for app-only auth. AuthMethodCertificate AuthMethod = "certificate" // AuthMethodManagedIdentity uses Azure managed identity for app-only auth. AuthMethodManagedIdentity AuthMethod = "managed-identity" // AuthMethodWorkloadIdentity uses federated token assertion for app-only auth. AuthMethodWorkloadIdentity AuthMethod = "workload-identity" )
type Config ¶
type Config struct {
ClientID string
TenantID string
APIVersion string
Authority string
// App-only auth fields
AuthMethod AuthMethod
NoTokenCache bool
WorkspaceRoot string
ClientSecret string
ClientCertificatePath string
ClientCertificatePassword string
ManagedIdentityClientID string
FederatedTokenFile string
}
Config holds the runtime configuration.
func Load ¶
func Load() *Config
Load reads configuration from environment variables with sensible defaults.
func (*Config) AuthorityURL ¶
AuthorityURL returns the full authority URL for the configured tenant.
func (*Config) GraphURL ¶
GraphURL returns the full Graph API base URL for the given API version. If apiVersion is empty, the configured default is used.
func (*Config) IsAppOnly ¶ added in v1.0.0
IsAppOnly returns true if the configured auth method is application-only (no user context).
func (*Config) ValidateForAppOnly ¶ added in v1.0.0
ValidateForAppOnly checks that the configuration is valid for app-only auth. App-only auth requires a specific tenant ID — "common" won't work.
Source Files