README
¶
msauth
Introduction
Very simple package to authorize applications against Microsoft identity platform.
It utilizes v2.0 endpoint so that it can authorize users using both personal (Microsoft) and organizational (Azure AD) account.
Usage
Device authorization grant
const (
tenantID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
clientID = "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY"
tokenCachePath = "token_cache.json"
)
var scopes = []string{"openid", "profile", "offline_access", "User.Read", "Files.Read"}
ctx := context.Background()
m := msauth.NewManager()
m.LoadFile(tokenCachePath)
ts, err := m.DeviceAuthorizationGrant(ctx, tenantID, clientID, scopes, nil)
if err != nil {
log.Fatal(err)
}
m.SaveFile(tokenCachePath)
httpClient := oauth2.NewClient(ctx, ts)
...
Client credentials grant
const (
tenantID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
clientID = "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY"
clientSecret = "ZZZZZZZZZZZZZZZZZZZZZZZZ"
)
var scopes = []string{msauth.DefaultMSGraphScope}
ctx := context.Background()
m := msauth.NewManager()
ts, err := m.ClientCredentialsGrant(ctx, tenantID, clientID, clientSecret, scopes)
if err != nil {
log.Fatal(err)
}
httpClient := oauth2.NewClient(ctx, ts)
...
Authorization code grant
- OAuth 2.0 authorization code grant flow
- Not yet implemented.
Documentation
¶
Overview ¶
Package msauth implements a library to authorize against Microsoft identity platform: https://docs.microsoft.com/en-us/azure/active-directory/develop/
It utilizes v2.0 endpoint so it can authorize users with both personal (Microsoft) and organizational (Azure AD) account.
Index ¶
- Constants
- type DeviceCode
- type Manager
- func (m *Manager) Cache(tenantID, clientID string, token *oauth2.Token)
- func (m *Manager) ClientCredentialsGrant(ctx context.Context, tenantID, clientID, clientSecret string, scopes []string) (oauth2.TokenSource, error)
- func (m *Manager) DeviceAuthorizationGrant(ctx context.Context, tenantID, clientID string, scopes []string, ...) (oauth2.TokenSource, error)
- func (m *Manager) LoadBytes(b []byte) error
- func (m *Manager) LoadFile(path string) error
- func (m *Manager) SaveBytes() ([]byte, error)
- func (m *Manager) SaveFile(path string) error
- type TokenError
Examples ¶
Constants ¶
View Source
const (
// DefaultMSGraphScope is the default scope for MS Graph API
DefaultMSGraphScope = "https://graph.microsoft.com/.default"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DeviceCode ¶
type DeviceCode struct {
DeviceCode string `json:"device_code"`
UserCode string `json:"user_code"`
VerificationURL string `json:"verification_url"`
ExpiresIn int `json:"expires_in"`
Interval int `json:"interval"`
Message string `json:"message"`
}
DeviceCode is returned on device auth initiation
type Manager ¶
type Manager struct {
TokenCache map[string]*oauth2.Token
// contains filtered or unexported fields
}
Manager is oauth2 token cache manager
func (*Manager) ClientCredentialsGrant ¶
func (m *Manager) ClientCredentialsGrant(ctx context.Context, tenantID, clientID, clientSecret string, scopes []string) (oauth2.TokenSource, error)
ClientCredentialsGrant performs OAuth 2.0 client credentials grant and returns auto-refreshing TokenSource
Example ¶
package main
import (
"context"
"fmt"
"io/ioutil"
"log"
"github.com/yaegashi/msgraph.go/msauth"
"golang.org/x/oauth2"
)
const (
tenantID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
clientID = "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY"
clientSecret = "ZZZZZZZZZZZZZZZZZZZZZZZZ"
)
var ccScopes = []string{msauth.DefaultMSGraphScope}
func main() {
ctx := context.Background()
m := msauth.NewManager()
ts, err := m.ClientCredentialsGrant(ctx, tenantID, clientID, clientSecret, ccScopes)
if err != nil {
log.Fatal(err)
}
httpClient := oauth2.NewClient(ctx, ts)
res, err := httpClient.Get("https://graph.microsoft.com/v1.0/me")
if err != nil {
log.Fatal(err)
}
defer res.Body.Close()
b, err := ioutil.ReadAll(res.Body)
if err != nil {
log.Fatal(err)
}
fmt.Printf("%s\n", string(string(b)))
}
Output:
func (*Manager) DeviceAuthorizationGrant ¶
func (m *Manager) DeviceAuthorizationGrant(ctx context.Context, tenantID, clientID string, scopes []string, callback func(*DeviceCode) error) (oauth2.TokenSource, error)
DeviceAuthorizationGrant performs OAuth 2.0 device authorization grant and returns auto-refreshing TokenSource
Example ¶
package main
import (
"context"
"fmt"
"io/ioutil"
"log"
"github.com/yaegashi/msgraph.go/msauth"
"golang.org/x/oauth2"
)
const (
tenantID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
clientID = "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY"
tokenStorePath = "token_store.json"
)
var daScopes = []string{"openid", "profile", "offline_access", "User.Read", "Files.Read"}
func main() {
ctx := context.Background()
m := msauth.NewManager()
m.LoadFile(tokenStorePath)
ts, err := m.DeviceAuthorizationGrant(ctx, tenantID, clientID, daScopes, nil)
if err != nil {
log.Fatal(err)
}
err = m.SaveFile(tokenStorePath)
if err != nil {
log.Fatal(err)
}
httpClient := oauth2.NewClient(ctx, ts)
res, err := httpClient.Get("https://graph.microsoft.com/v1.0/me")
if err != nil {
log.Fatal(err)
}
defer res.Body.Close()
b, err := ioutil.ReadAll(res.Body)
if err != nil {
log.Fatal(err)
}
fmt.Printf("%s\n", string(string(b)))
}
Output:
type TokenError ¶
type TokenError struct {
ErrorObject string `json:"error"`
ErrorDescription string `json:"error_description"`
}
TokenError is returned on failed authentication
Source Files
Click to show internal directories.
Click to hide internal directories.