package oauth

import "github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth"

Index

Types

type AccessTokens 

type AccessTokens interface {
	DeviceCodeResult(ctx context.Context, authParameters authority.AuthParams) (accesstokens.DeviceCodeResult, error)
	FromUsernamePassword(ctx context.Context, authParameters authority.AuthParams) (accesstokens.TokenResponse, error)
	FromAuthCode(ctx context.Context, req accesstokens.AuthCodeRequest) (accesstokens.TokenResponse, error)
	FromRefreshToken(ctx context.Context, appType accesstokens.AppType, authParams authority.AuthParams, cc *accesstokens.Credential, refreshToken string) (accesstokens.TokenResponse, error)
	FromClientSecret(ctx context.Context, authParameters authority.AuthParams, clientSecret string) (accesstokens.TokenResponse, error)
	FromAssertion(ctx context.Context, authParameters authority.AuthParams, assertion string) (accesstokens.TokenResponse, error)
	FromUserAssertionClientSecret(ctx context.Context, authParameters authority.AuthParams, userAssertion string, clientSecret string) (accesstokens.TokenResponse, error)
	FromUserAssertionClientCertificate(ctx context.Context, authParameters authority.AuthParams, userAssertion string, assertion string) (accesstokens.TokenResponse, error)
	FromDeviceCodeResult(ctx context.Context, authParameters authority.AuthParams, deviceCodeResult accesstokens.DeviceCodeResult) (accesstokens.TokenResponse, error)
	FromSamlGrant(ctx context.Context, authParameters authority.AuthParams, samlGrant wstrust.SamlTokenInfo) (accesstokens.TokenResponse, error)
}

AccessTokens contains the methods for fetching tokens from different sources.

type Client 

type Client struct {
	Resolver     ResolveEndpointer
	AccessTokens AccessTokens
	Authority    FetchAuthority
	WSTrust      FetchWSTrust
}

Client provides tokens for various types of token requests.

func New 

func New(httpClient ops.HTTPClient) *Client

New is the constructor for Token.

func (*Client) AADInstanceDiscovery 

func (t *Client) AADInstanceDiscovery(ctx context.Context, authorityInfo authority.Info) (authority.InstanceDiscoveryResponse, error)

AADInstanceDiscovery attempts to discover a tenant endpoint (used in OIDC auth with an authorization endpoint). This is done by AAD which allows for aliasing of tenants (windows.sts.net is the same as login.windows.com).

func (*Client) AuthCode 

func (t *Client) AuthCode(ctx context.Context, req accesstokens.AuthCodeRequest) (accesstokens.TokenResponse, error)

AuthCode returns a token based on an authorization code.

func (*Client) Credential 

func (t *Client) Credential(ctx context.Context, authParams authority.AuthParams, cred *accesstokens.Credential) (accesstokens.TokenResponse, error)

Credential acquires a token from the authority using a client credentials grant.

func (*Client) DeviceCode 

func (t *Client) DeviceCode(ctx context.Context, authParams authority.AuthParams) (DeviceCode, error)

DeviceCode returns a DeviceCode object that can be used to get the code that must be entered on the second device and optionally the token once the code has been entered on the second device.

func (*Client) OnBehalfOf 

func (t *Client) OnBehalfOf(ctx context.Context, authParams authority.AuthParams, cred *accesstokens.Credential) (accesstokens.TokenResponse, error)

Credential acquires a token from the authority using a client credentials grant.

func (*Client) Refresh 

func (t *Client) Refresh(ctx context.Context, reqType accesstokens.AppType, authParams authority.AuthParams, cc *accesstokens.Credential, refreshToken accesstokens.RefreshToken) (accesstokens.TokenResponse, error)

func (*Client) ResolveEndpoints 

func (t *Client) ResolveEndpoints(ctx context.Context, authorityInfo authority.Info, userPrincipalName string) (authority.Endpoints, error)

ResolveEndpoints gets the authorization and token endpoints and creates an AuthorityEndpoints instance.

func (*Client) UsernamePassword 

func (t *Client) UsernamePassword(ctx context.Context, authParams authority.AuthParams) (accesstokens.TokenResponse, error)

UsernamePassword retrieves a token where a username and password is used. However, if this is a user realm of "Federated", this uses SAML tokens. If "Managed", uses normal username/password.

type DeviceCode 

type DeviceCode struct {
	// Result is the device code result from the first call in the device code flow. This allows
	// the caller to retrieve the displayed code that is used to authorize on the second device.
	Result accesstokens.DeviceCodeResult
	// contains filtered or unexported fields
}

DeviceCode is the result of a call to Token.DeviceCode().

func (DeviceCode) Token 

func (d DeviceCode) Token(ctx context.Context) (accesstokens.TokenResponse, error)

Token returns a token AFTER the user uses the user code on the second device. This will block until either: (1) the code is input by the user and the service releases a token, (2) the token expires, (3) the Context passed to .DeviceCode() is cancelled or expires, (4) some other service error occurs.

type FetchAuthority 

type FetchAuthority interface {
	UserRealm(context.Context, authority.AuthParams) (authority.UserRealm, error)
	AADInstanceDiscovery(context.Context, authority.Info) (authority.InstanceDiscoveryResponse, error)
}

FetchAuthority will be implemented by authority.Authority.

type FetchWSTrust 

type FetchWSTrust interface {
	Mex(ctx context.Context, federationMetadataURL string) (defs.MexDocument, error)
	SAMLTokenInfo(ctx context.Context, authParameters authority.AuthParams, cloudAudienceURN string, endpoint defs.Endpoint) (wstrust.SamlTokenInfo, error)
}

FetchWSTrust contains the methods for interacting with WSTrust endpoints.

type ResolveEndpointer 

type ResolveEndpointer interface {
	ResolveEndpoints(ctx context.Context, authorityInfo authority.Info, userPrincipalName string) (authority.Endpoints, error)
}

ResolveEndpointer contains the methods for resolving authority endpoints.

Source Files

oauth.go resolvers.go

Directories

PathSynopsis
apps/internal/oauth/fake
apps/internal/oauth/opsPackage ops provides operations to various backend services using REST clients.
apps/internal/oauth/ops/accesstokensPackage accesstokens exposes a REST client for querying backend systems to get various types of access tokens (oauth) for use in authentication.
apps/internal/oauth/ops/authority
apps/internal/oauth/ops/internal
apps/internal/oauth/ops/internal/commPackage comm provides helpers for communicating with HTTP backends.
apps/internal/oauth/ops/internal/grantPackage grant holds types of grants issued by authorization services.
apps/internal/oauth/ops/wstrustPackage wstrust provides a client for communicating with a WSTrust (https://en.wikipedia.org/wiki/WS-Trust#:~:text=WS%2DTrust%20is%20a%20WS,in%20a%20secure%20message%20exchange.) for the purposes of extracting metadata from the service.
apps/internal/oauth/ops/wstrust/defs
Version
v1.4.2 (latest)
Published
Mar 26, 2025
Platform
linux/amd64
Imports
17 packages
Last checked
2 days ago

Tools for package owners.