Documentation
¶
Overview ¶
Package azurefed implements Microsoft Entra ID (Azure AD) federated identity credentials: it presents a foreign OIDC token as a client_assertion (JWT-bearer) to the tenant's OAuth2 token endpoint in place of a client secret, and exposes the resulting Entra access token via an auto-refreshing oauth2.TokenSource.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func TokenSource ¶
func TokenSource( ctx context.Context, cfg Config, getSubjectToken func() (string, error), httpClient *http.Client, ) (oauth2.TokenSource, error)
TokenSource returns an auto-refreshing oauth2.TokenSource that calls Entra's token endpoint on each refresh with the current foreign subject token as client_assertion. ctx should be long-lived; httpClient (may be nil) carries TLS/proxy configuration.
Types ¶
type Config ¶
type Config struct {
// TenantID is the Entra tenant GUID or verified domain. Required.
TenantID string
// ClientID is the Entra app registration (object) ID. Required.
ClientID string
// Scopes target the resource being called (e.g.
// https://management.azure.com/.default,
// https://graph.microsoft.com/.default). Required.
Scopes []string
// Endpoint optionally overrides the full token endpoint URL, primarily for
// tests / sovereign clouds / private endpoints. Defaults to
// https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token.
Endpoint string
}
Config describes an Azure federated identity exchange.
Source Files
Click to show internal directories.
Click to hide internal directories.