package storage

import "github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/storage"

Package storage holds all cached token information for MSAL. This storage can be augmented with third-party extensions to provide persistent storage. In that case, reads and writes in upper packages will call Marshal() to take the entire in-memory representation and write it to storage and Unmarshal() to update the entire in-memory storage with what was in the persistent storage. The persistent storage can only be accessed in this way because multiple MSAL clients written in multiple languages can access the same storage and must adhere to the same method that was defined previously.

Index ¶

• Variables
• type AccessToken
• func NewAccessToken(homeID, env, realm, clientID string, cachedAt, refreshOn, expiresOn, extendedExpiresOn time.Time, scopes, token, tokenType, authnSchemeKeyID string) AccessToken
• func (a AccessToken) Key() string
• func (a AccessToken) Validate() error
• type AppMetaData
• func NewAppMetaData(familyID, clientID, environment string) AppMetaData
• func (a AppMetaData) Key() string
• type Contract
• func NewContract() *Contract
• type IDToken
• func NewIDToken(homeID, env, realm, clientID, idToken string) IDToken
• func (i IDToken) IsZero() bool
• func (id IDToken) Key() string
• type InMemoryContract
• func NewInMemoryContract() *InMemoryContract
• type Manager
• func New(requests *oauth.Client) *Manager
• func (m *Manager) Account(homeAccountID string) shared.Account
• func (m *Manager) AllAccounts() []shared.Account
• func (m *Manager) Marshal() ([]byte, error)
• func (m *Manager) Read(ctx context.Context, authParameters authority.AuthParams) (TokenResponse, error)
• func (m *Manager) RemoveAccount(account shared.Account, clientID string)
• func (m *Manager) Unmarshal(b []byte) error
• func (m *Manager) Write(authParameters authority.AuthParams, tokenResponse accesstokens.TokenResponse) (shared.Account, error)
• type PartitionedManager
• func NewPartitionedManager(requests *oauth.Client) *PartitionedManager
• func (m *PartitionedManager) Marshal() ([]byte, error)
• func (m *PartitionedManager) Read(ctx context.Context, authParameters authority.AuthParams) (TokenResponse, error)
• func (m *PartitionedManager) Unmarshal(b []byte) error
• func (m *PartitionedManager) Write(authParameters authority.AuthParams, tokenResponse accesstokens.TokenResponse) (shared.Account, error)
• type TokenResponse

Variables ¶

var FakeValidate func(AccessToken) error

FakeValidate enables tests to fake access token validation

Types ¶

type AccessToken ¶

type AccessToken struct {
	HomeAccountID     string            `json:"home_account_id,omitempty"`
	Environment       string            `json:"environment,omitempty"`
	Realm             string            `json:"realm,omitempty"`
	CredentialType    string            `json:"credential_type,omitempty"`
	ClientID          string            `json:"client_id,omitempty"`
	Secret            string            `json:"secret,omitempty"`
	Scopes            string            `json:"target,omitempty"`
	RefreshOn         internalTime.Unix `json:"refresh_on,omitempty"`
	ExpiresOn         internalTime.Unix `json:"expires_on,omitempty"`
	ExtendedExpiresOn internalTime.Unix `json:"extended_expires_on,omitempty"`
	CachedAt          internalTime.Unix `json:"cached_at,omitempty"`
	UserAssertionHash string            `json:"user_assertion_hash,omitempty"`
	TokenType         string            `json:"token_type,omitempty"`
	AuthnSchemeKeyID  string            `json:"keyid,omitempty"`

	AdditionalFields map[string]interface{}
}

AccessToken is the JSON representation of a MSAL access token for encoding to storage.

func NewAccessToken ¶

func NewAccessToken(homeID, env, realm, clientID string, cachedAt, refreshOn, expiresOn, extendedExpiresOn time.Time, scopes, token, tokenType, authnSchemeKeyID string) AccessToken

NewAccessToken is the constructor for AccessToken.

func (AccessToken) Key ¶

func (a AccessToken) Key() string

Key outputs the key that can be used to uniquely look up this entry in a map.

func (AccessToken) Validate ¶

func (a AccessToken) Validate() error

Validate validates that this AccessToken can be used.

type AppMetaData ¶

type AppMetaData struct {
	FamilyID    string `json:"family_id,omitempty"`
	ClientID    string `json:"client_id,omitempty"`
	Environment string `json:"environment,omitempty"`

	AdditionalFields map[string]interface{}
}

AppMetaData is the JSON representation of application metadata for encoding to storage.

func NewAppMetaData ¶

func NewAppMetaData(familyID, clientID, environment string) AppMetaData

NewAppMetaData is the constructor for AppMetaData.

func (AppMetaData) Key ¶

func (a AppMetaData) Key() string

Key outputs the key that can be used to uniquely look up this entry in a map.

type Contract ¶

type Contract struct {
	AccessTokens  map[string]AccessToken               `json:"AccessToken,omitempty"`
	RefreshTokens map[string]accesstokens.RefreshToken `json:"RefreshToken,omitempty"`
	IDTokens      map[string]IDToken                   `json:"IdToken,omitempty"`
	Accounts      map[string]shared.Account            `json:"Account,omitempty"`
	AppMetaData   map[string]AppMetaData               `json:"AppMetadata,omitempty"`

	AdditionalFields map[string]interface{}
}

Contract is the JSON structure that is written to any storage medium when serializing the internal cache. This design is shared between MSAL versions in many languages. This cannot be changed without design that includes other SDKs.

func NewContract ¶

func NewContract() *Contract

NewContract is the constructor for Contract.

type IDToken ¶

type IDToken struct {
	HomeAccountID     string `json:"home_account_id,omitempty"`
	Environment       string `json:"environment,omitempty"`
	Realm             string `json:"realm,omitempty"`
	CredentialType    string `json:"credential_type,omitempty"`
	ClientID          string `json:"client_id,omitempty"`
	Secret            string `json:"secret,omitempty"`
	UserAssertionHash string `json:"user_assertion_hash,omitempty"`
	AdditionalFields  map[string]interface{}
}

IDToken is the JSON representation of an MSAL id token for encoding to storage.

func NewIDToken ¶

func NewIDToken(homeID, env, realm, clientID, idToken string) IDToken

NewIDToken is the constructor for IDToken.

func (IDToken) IsZero ¶

func (i IDToken) IsZero() bool

IsZero determines if IDToken is the zero value.

func (IDToken) Key ¶

func (id IDToken) Key() string

Key outputs the key that can be used to uniquely look up this entry in a map.

type InMemoryContract ¶

type InMemoryContract struct {
	AccessTokensPartition  map[string]map[string]AccessToken
	RefreshTokensPartition map[string]map[string]accesstokens.RefreshToken
	IDTokensPartition      map[string]map[string]IDToken
	AccountsPartition      map[string]map[string]shared.Account
	AppMetaData            map[string]AppMetaData
}

Contract is the JSON structure that is written to any storage medium when serializing the internal cache. This design is shared between MSAL versions in many languages. This cannot be changed without design that includes other SDKs.

func NewInMemoryContract ¶

func NewInMemoryContract() *InMemoryContract

NewContract is the constructor for Contract.

type Manager ¶

type Manager struct {
	// contains filtered or unexported fields
}

Manager is an in-memory cache of access tokens, accounts and meta data. This data is updated on read/write calls. Unmarshal() replaces all data stored here with whatever was given to it on each call.

func New ¶

func New(requests *oauth.Client) *Manager

New is the constructor for Manager.

func (*Manager) Account ¶

func (m *Manager) Account(homeAccountID string) shared.Account

func (*Manager) AllAccounts ¶

func (m *Manager) AllAccounts() []shared.Account

func (*Manager) Marshal ¶

func (m *Manager) Marshal() ([]byte, error)

Marshal implements cache.Marshaler.

func (*Manager) Read ¶

func (m *Manager) Read(ctx context.Context, authParameters authority.AuthParams) (TokenResponse, error)

Read reads a storage token from the cache if it exists.

func (*Manager) RemoveAccount ¶

func (m *Manager) RemoveAccount(account shared.Account, clientID string)

RemoveAccount removes all the associated ATs, RTs and IDTs from the cache associated with this account.

func (*Manager) Unmarshal ¶

func (m *Manager) Unmarshal(b []byte) error

Unmarshal implements cache.Unmarshaler.

func (*Manager) Write ¶

func (m *Manager) Write(authParameters authority.AuthParams, tokenResponse accesstokens.TokenResponse) (shared.Account, error)

Write writes a token response to the cache and returns the account information the token is stored with.

type PartitionedManager ¶

type PartitionedManager struct {
	// contains filtered or unexported fields
}

PartitionedManager is a partitioned in-memory cache of access tokens, accounts and meta data.

func NewPartitionedManager ¶

func NewPartitionedManager(requests *oauth.Client) *PartitionedManager

NewPartitionedManager is the constructor for PartitionedManager.

func (*PartitionedManager) Marshal ¶

func (m *PartitionedManager) Marshal() ([]byte, error)

Marshal implements cache.Marshaler.

func (*PartitionedManager) Read ¶

func (m *PartitionedManager) Read(ctx context.Context, authParameters authority.AuthParams) (TokenResponse, error)

Read reads a storage token from the cache if it exists.

func (*PartitionedManager) Unmarshal ¶

func (m *PartitionedManager) Unmarshal(b []byte) error

Unmarshal implements cache.Unmarshaler.

func (*PartitionedManager) Write ¶

func (m *PartitionedManager) Write(authParameters authority.AuthParams, tokenResponse accesstokens.TokenResponse) (shared.Account, error)

Write writes a token response to the cache and returns the account information the token is stored with.

type TokenResponse ¶

type TokenResponse struct {
	RefreshToken accesstokens.RefreshToken
	IDToken      IDToken // *Credential
	AccessToken  AccessToken
	Account      shared.Account
}

TokenResponse mimics a token response that was pulled from the cache.

Source Files ¶

items.go partitioned_storage.go storage.go