README
¶
msauth
Introduction
Very simple package to authorize applications against Microsoft identity platform.
It utilizes v2.0 endpoint so that it can authorize users using both personal (Microsoft) and organizational (Azure AD) account.
Usage
Device authorization grant
const (
tenantID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
clientID = "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY"
tokenCachePath = "token_cache.json"
)
var scopes = []string{"openid", "profile", "offline_access", "User.Read", "Files.Read"}
ctx := context.Background()
m := msauth.NewManager()
m.LoadFile(tokenCachePath)
ts, err := m.DeviceAuthorizationGrant(ctx, tenantID, clientID, scopes, nil)
if err != nil {
log.Fatal(err)
}
m.SaveFile(tokenCachePath)
httpClient := oauth2.NewClient(ctx, ts)
...
Client credentials grant
const (
tenantID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
clientID = "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY"
clientSecret = "ZZZZZZZZZZZZZZZZZZZZZZZZ"
)
var scopes = []string{msauth.DefaultMSGraphScope}
ctx := context.Background()
m := msauth.NewManager()
ts, err := m.ClientCredentialsGrant(ctx, tenantID, clientID, clientSecret, scopes)
if err != nil {
log.Fatal(err)
}
httpClient := oauth2.NewClient(ctx, ts)
...
Resource owner password credentials grant
const (
tenantID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
clientID = "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY"
clientSecret = "ZZZZZZZZZZZZZZZZZZZZZZZZ"
username = "user.name@your-domain.com"
password = "secure-password"
)
var scopes = []string{msauth.DefaultMSGraphScope}
ctx := context.Background()
m := msauth.NewManager()
ts, err := m.ResourceOwnerPasswordGrant(ctx, tenantID, clientID, clientSecret, username, password, scopes)
if err != nil {
log.Fatal(err)
}
httpClient := oauth2.NewClient(ctx, ts)
...
Authorization code grant
- OAuth 2.0 authorization code grant flow
- Not yet implemented.
Documentation
¶
Overview ¶
Package msauth implements a library to authorize against Microsoft identity platform: https://docs.microsoft.com/en-us/azure/active-directory/develop/
It utilizes v2.0 endpoint so it can authorize users with both personal (Microsoft) and organizational (Azure AD) account.
Index ¶
- Constants
- func CacheKey(tenantID, clientID string) string
- func ReadLocation(loc string) ([]byte, error)
- func WriteLocation(loc string, b []byte, m os.FileMode) error
- type DeviceCode
- type Manager
- func (m *Manager) ClientCredentialsGrant(ctx context.Context, tenantID, clientID, clientSecret string, scopes []string) (oauth2.TokenSource, error)
- func (m *Manager) DeviceAuthorizationGrant(ctx context.Context, tenantID, clientID string, scopes []string, ...) (oauth2.TokenSource, error)
- func (m *Manager) GetToken(cacheKey string) (*oauth2.Token, bool)
- func (m *Manager) LoadBytes(b []byte) error
- func (m *Manager) LoadFile(path string) error
- func (m *Manager) PutToken(cacheKey string, token *oauth2.Token)
- func (m *Manager) ResourceOwnerPasswordGrant(ctx context.Context, ...) (oauth2.TokenSource, error)
- func (m *Manager) SaveBytes() ([]byte, error)
- func (m *Manager) SaveFile(path string) error
- type TokenError
Examples ¶
Constants ¶
View Source
const (
// DefaultMSGraphScope is the default scope for MS Graph API
DefaultMSGraphScope = "https://graph.microsoft.us/.default"
)
Variables ¶
This section is empty.
Functions ¶
func ReadLocation ¶
ReadLocation reads data from file with path or URL
Types ¶
type DeviceCode ¶
type DeviceCode struct {
DeviceCode string `json:"device_code"`
UserCode string `json:"user_code"`
VerificationURL string `json:"verification_url"`
ExpiresIn int `json:"expires_in"`
Interval int `json:"interval"`
Message string `json:"message"`
}
DeviceCode is returned on device auth initiation
type Manager ¶
type Manager struct {
Dirty bool
TokenCache map[string]*oauth2.Token
// contains filtered or unexported fields
}
Manager is oauth2 token cache manager
func (*Manager) ClientCredentialsGrant ¶
func (m *Manager) ClientCredentialsGrant(ctx context.Context, tenantID, clientID, clientSecret string, scopes []string) (oauth2.TokenSource, error)
ClientCredentialsGrant performs OAuth 2.0 client credentials grant and returns auto-refreshing TokenSource
Example ¶
package main
import (
"context"
"fmt"
"io/ioutil"
"log"
"github.com/yaegashi/msgraph.go/msauth"
"golang.org/x/oauth2"
)
const (
tenantID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
clientID = "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY"
clientSecret = "ZZZZZZZZZZZZZZZZZZZZZZZZ"
)
var ccScopes = []string{msauth.DefaultMSGraphScope}
func main() {
ctx := context.Background()
m := msauth.NewManager()
ts, err := m.ClientCredentialsGrant(ctx, tenantID, clientID, clientSecret, ccScopes)
if err != nil {
log.Fatal(err)
}
httpClient := oauth2.NewClient(ctx, ts)
res, err := httpClient.Get("https://graph.microsoft.us/v1.0/me")
if err != nil {
log.Fatal(err)
}
defer res.Body.Close()
b, err := ioutil.ReadAll(res.Body)
if err != nil {
log.Fatal(err)
}
fmt.Printf("%s\n", string(string(b)))
}
func (*Manager) DeviceAuthorizationGrant ¶
func (m *Manager) DeviceAuthorizationGrant(ctx context.Context, tenantID, clientID string, scopes []string, callback func(*DeviceCode) error) (oauth2.TokenSource, error)
DeviceAuthorizationGrant performs OAuth 2.0 device authorization grant and returns auto-refreshing TokenSource
Example ¶
package main
import (
"context"
"fmt"
"io/ioutil"
"log"
"github.com/yaegashi/msgraph.go/msauth"
"golang.org/x/oauth2"
)
const (
tenantID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
clientID = "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY"
tokenStorePath = "token_store.json"
)
var daScopes = []string{"openid", "profile", "offline_access", "User.Read", "Files.Read"}
func main() {
ctx := context.Background()
m := msauth.NewManager()
m.LoadFile(tokenStorePath)
ts, err := m.DeviceAuthorizationGrant(ctx, tenantID, clientID, daScopes, nil)
if err != nil {
log.Fatal(err)
}
err = m.SaveFile(tokenStorePath)
if err != nil {
log.Fatal(err)
}
httpClient := oauth2.NewClient(ctx, ts)
res, err := httpClient.Get("https://graph.microsoft.us/v1.0/me")
if err != nil {
log.Fatal(err)
}
defer res.Body.Close()
b, err := ioutil.ReadAll(res.Body)
if err != nil {
log.Fatal(err)
}
fmt.Printf("%s\n", string(string(b)))
}
func (*Manager) ResourceOwnerPasswordGrant ¶
func (m *Manager) ResourceOwnerPasswordGrant(ctx context.Context, tenantID, clientID, clientSecret, username, password string, scopes []string) (oauth2.TokenSource, error)
ResourceOwnerPasswordGrant preforms OAuth 2.0 client resource owner password grant and returns a token.
Example ¶
package main
import (
"context"
"fmt"
"io/ioutil"
"log"
"github.com/yaegashi/msgraph.go/msauth"
"golang.org/x/oauth2"
)
const (
tenantID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
clientID = "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY"
clientSecret = "ZZZZZZZZZZZZZZZZZZZZZZZZ"
username = "user.name@your-domain.com"
password = "secure-password"
)
var ccScopes = []string{msauth.DefaultMSGraphScope}
func main() {
ctx := context.Background()
m := msauth.NewManager()
ts, err := m.ResourceOwnerPasswordGrant(ctx, tenantID, clientID, clientSecret, username, password, ccScopes)
if err != nil {
log.Fatal(err)
}
httpClient := oauth2.NewClient(ctx, ts)
res, err := httpClient.Get("https://graph.microsoft.us/v1.0/me")
if err != nil {
log.Fatal(err)
}
defer res.Body.Close()
b, err := ioutil.ReadAll(res.Body)
if err != nil {
log.Fatal(err)
}
fmt.Printf("%s\n", string(string(b)))
}
type TokenError ¶
type TokenError struct {
ErrorObject string `json:"error"`
ErrorDescription string `json:"error_description"`
}
TokenError is returned on failed authentication
Source Files
Click to show internal directories.
Click to hide internal directories.