msauth

package
v0.4.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 10, 2026 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ScopeMail            = "Mail.ReadWrite"
	ScopeMailSend        = "Mail.Send"
	ScopeCalendar        = "Calendars.ReadWrite"
	ScopeContacts        = "Contacts.ReadWrite"
	ScopeTasks           = "Tasks.ReadWrite"
	ScopePeople          = "People.Read"
	ScopeUser            = "User.Read"
	ScopeUserReadAll     = "User.ReadBasic.All"
	ScopeMailboxSettings = "MailboxSettings.ReadWrite"
	ScopeOfflineAccess   = "offline_access"
)

Microsoft Graph API scopes

Variables

This section is empty.

Functions

func DefaultScopes 

func DefaultScopes() []string

func ReadOnlyScopes 

func ReadOnlyScopes() []string

func StoreToken 

func StoreToken(store secrets.Store, email string, data *TokenData) error

StoreToken serializes TokenData to JSON and persists it in the keyring.

Types

type AccountInfo 

type AccountInfo struct {
	Email       string    `json:"email"`
	DisplayName string    `json:"display_name"`
	TenantID    string    `json:"tenant_id"`
	ClientID    string    `json:"client_id"`
	LoginTime   time.Time `json:"login_time"`
}

AccountInfo holds the metadata for a logged-in Microsoft account.

type Authenticator 

type Authenticator struct {
	Store    secrets.Store
	ClientID string
	TenantID string
}

Authenticator manages Microsoft OAuth2 authentication and token lifecycle.

func NewAuthenticator 

func NewAuthenticator(store secrets.Store, clientID, tenantID string) *Authenticator

NewAuthenticator creates a new Authenticator with the given credential store and Azure AD application identifiers.

func (*Authenticator) GetCredential 

func (a *Authenticator) GetCredential(ctx context.Context, email string) (azcore.TokenCredential, error)

GetCredential returns an azcore.TokenCredential for the given email account. It loads the stored token, refreshes it if expired, and returns a StaticTokenCredential suitable for use with the Azure/Microsoft Graph SDKs.

func (*Authenticator) ListAccounts 

func (a *Authenticator) ListAccounts() ([]AccountInfo, error)

ListAccounts reads all account JSON files from the accounts directory and returns the parsed AccountInfo records.

func (*Authenticator) LoginDeviceCode 

func (a *Authenticator) LoginDeviceCode(ctx context.Context, scopes []string) (*AccountInfo, error)

LoginDeviceCode performs the device code flow, retrieves the user profile, and persists the tokens and account information.

func (*Authenticator) Logout 

func (a *Authenticator) Logout(email string) error

Logout removes the stored credentials and account file for the given email.

type DeviceCodeResponse 

type DeviceCodeResponse struct {
	DeviceCode      string `json:"device_code"`
	UserCode        string `json:"user_code"`
	VerificationURI string `json:"verification_uri"`
	ExpiresIn       int    `json:"expires_in"`
	Interval        int    `json:"interval"`
	Message         string `json:"message"`
}

DeviceCodeResponse holds the response from the device code authorization request.

func RequestDeviceCode 

func RequestDeviceCode(ctx context.Context, clientID, tenantID string, scopes []string) (*DeviceCodeResponse, error)

RequestDeviceCode initiates the device code flow by requesting a device code from the Microsoft identity platform.

type ErrorResponse 

type ErrorResponse struct {
	Error            string `json:"error"`
	ErrorDescription string `json:"error_description"`
}

ErrorResponse represents an OAuth2 error response.

type StaticTokenCredential 

type StaticTokenCredential struct {
	// contains filtered or unexported fields
}

StaticTokenCredential implements azcore.TokenCredential using a pre-obtained access token. This bridges our OAuth2 device-code flow tokens into the Azure SDK credential system.

func NewStaticTokenCredential 

func NewStaticTokenCredential(token string, expiresOn time.Time) *StaticTokenCredential

NewStaticTokenCredential creates a new StaticTokenCredential with the given access token and expiration time.

func (*StaticTokenCredential) GetToken 

func (c *StaticTokenCredential) GetToken(_ context.Context, _ policy.TokenRequestOptions) (azcore.AccessToken, error)

GetToken returns the static access token. It satisfies the azcore.TokenCredential interface.

type TokenData 

type TokenData struct {
	AccessToken  string    `json:"access_token"`
	RefreshToken string    `json:"refresh_token"`
	ExpiresAt    time.Time `json:"expires_at"`
	Email        string    `json:"email"`
}

TokenData holds the persisted token information for an account.

func LoadToken 

func LoadToken(store secrets.Store, email string) (*TokenData, error)

LoadToken retrieves and deserializes TokenData from the keyring.

type TokenResponse 

type TokenResponse struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	ExpiresIn    int    `json:"expires_in"`
	TokenType    string `json:"token_type"`
	Scope        string `json:"scope"`
}

TokenResponse holds the OAuth2 token response from the token endpoint.

func PollForToken 

func PollForToken(ctx context.Context, clientID, tenantID, deviceCode string, interval int, expiresIn int) (*TokenResponse, error)

PollForToken polls the token endpoint until the user completes authentication, the device code expires, or an unrecoverable error occurs. expiresIn from the device code response caps the maximum polling duration.

func RefreshAccessToken 

func RefreshAccessToken(ctx context.Context, clientID, tenantID, refreshToken string) (*TokenResponse, error)

RefreshAccessToken exchanges a refresh token for a new access token.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.