package authority

microsoft-authentication-library-for-go – github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/authority Index | Files

import "github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/authority"

Index ¶

Constants
func TrustedHost(host string) bool
type AuthParams

func NewAuthParams(clientID string, authorityInfo Info) AuthParams
func (a *AuthParams) AppKey() string
func (a *AuthParams) AssertionHash() string
func (a *AuthParams) CacheKey(isAppCache bool) string
func (p AuthParams) MergeCapabilitiesAndClaims() (string, error)
func (p AuthParams) WithTenant(ID string) (AuthParams, error)

type AuthorizeType

func (i AuthorizeType) String() string

type Client

func (c Client) AADInstanceDiscovery(ctx context.Context, authorityInfo Info) (InstanceDiscoveryResponse, error)
func (c Client) GetTenantDiscoveryResponse(ctx context.Context, openIDConfigurationEndpoint string) (TenantDiscoveryResponse, error)
func (c Client) UserRealm(ctx context.Context, authParams AuthParams) (UserRealm, error)

type ClientCapabilities

func NewClientCapabilities(capabilities []string) (ClientCapabilities, error)

type Endpoints

func NewEndpoints(authorizationEndpoint string, tokenEndpoint string, selfSignedJwtAudience string, authorityHost string) Endpoints

type Info

func NewInfoFromAuthorityURI(authority string, validateAuthority bool, instanceDiscoveryDisabled bool) (Info, error)

type InstanceDiscoveryMetadata
type InstanceDiscoveryResponse
type OAuthResponseBase
type TenantDiscoveryResponse

func (r *TenantDiscoveryResponse) Validate() error

type UserRealm
type UserRealmAccountType

Constants ¶

const (
	AAD  = "MSSTS"
	ADFS = "ADFS"
)

These are all authority types

Functions ¶

func TrustedHost ¶

func TrustedHost(host string) bool

TrustedHost checks if an AAD host is trusted/valid.

Types ¶

type AuthParams ¶

type AuthParams struct {
	AuthorityInfo Info
	CorrelationID string
	Endpoints     Endpoints
	ClientID      string
	// Redirecturi is used for auth flows that specify a redirect URI (e.g. local server for interactive auth flow).
	Redirecturi   string
	HomeAccountID string
	// Username is the user-name portion for username/password auth flow.
	Username string
	// Password is the password portion for username/password auth flow.
	Password string
	// Scopes is the list of scopes the user consents to.
	Scopes []string
	// AuthorizationType specifies the auth flow being used.
	AuthorizationType AuthorizeType
	// State is a random value used to prevent cross-site request forgery attacks.
	State string
	// CodeChallenge is derived from a code verifier and is sent in the auth request.
	CodeChallenge string
	// CodeChallengeMethod describes the method used to create the CodeChallenge.
	CodeChallengeMethod string
	// Prompt specifies the user prompt type during interactive auth.
	Prompt string
	// IsConfidentialClient specifies if it is a confidential client.
	IsConfidentialClient bool
	// SendX5C specifies if x5c claim(public key of the certificate) should be sent to STS.
	SendX5C bool
	// UserAssertion is the access token used to acquire token on behalf of user
	UserAssertion string
	// Capabilities the client will include with each token request, for example "CP1".
	// Call [NewClientCapabilities] to construct a value for this field.
	Capabilities ClientCapabilities
	// Claims required for an access token to satisfy a conditional access policy
	Claims string
	// KnownAuthorityHosts don't require metadata discovery because they're known to the user
	KnownAuthorityHosts []string
	// LoginHint is a username with which to pre-populate account selection during interactive auth
	LoginHint string
	// DomainHint is a directive that can be used to accelerate the user to their federated IdP sign-in page
	DomainHint string
}

AuthParams represents the parameters used for authorization for token acquisition.

func NewAuthParams ¶

func NewAuthParams(clientID string, authorityInfo Info) AuthParams

NewAuthParams creates an authorization parameters object.

func (*AuthParams) AppKey ¶

func (a *AuthParams) AppKey() string

func (*AuthParams) AssertionHash ¶

func (a *AuthParams) AssertionHash() string

func (*AuthParams) CacheKey ¶

func (a *AuthParams) CacheKey(isAppCache bool) string

func (AuthParams) MergeCapabilitiesAndClaims ¶

func (p AuthParams) MergeCapabilitiesAndClaims() (string, error)

MergeCapabilitiesAndClaims combines client capabilities and challenge claims into a value suitable for an authentication request's "claims" parameter.

func (AuthParams) WithTenant ¶

func (p AuthParams) WithTenant(ID string) (AuthParams, error)

WithTenant returns a copy of the AuthParams having the specified tenant ID. If the given ID is empty, the copy is identical to the original. This function returns an error in several cases:

ID isn't specific (for example, it's "common")
ID is non-empty and the authority doesn't support tenants (for example, it's an ADFS authority)
the client is configured to authenticate only Microsoft accounts via the "consumers" endpoint
the resulting authority URL is invalid

func (AuthorizeType) String ¶

func (i AuthorizeType) String() string

type Client ¶

type Client struct {
	// Comm provides the HTTP transport client.
	Comm jsonCaller // *comm.Client
}

Client represents the REST calls to authority backends.

func (Client) AADInstanceDiscovery ¶

func (c Client) AADInstanceDiscovery(ctx context.Context, authorityInfo Info) (InstanceDiscoveryResponse, error)

func (Client) GetTenantDiscoveryResponse ¶

func (c Client) GetTenantDiscoveryResponse(ctx context.Context, openIDConfigurationEndpoint string) (TenantDiscoveryResponse, error)

func (Client) UserRealm ¶

func (c Client) UserRealm(ctx context.Context, authParams AuthParams) (UserRealm, error)

type ClientCapabilities ¶

type ClientCapabilities struct {
	// contains filtered or unexported fields
}

ClientCapabilities stores capabilities in the formats used by AuthParams.MergeCapabilitiesAndClaims. NewClientCapabilities precomputes these representations because capabilities are static for the lifetime of a client and are included with every authentication request i.e., these computations always have the same result and would otherwise have to be repeated for every request.

func NewClientCapabilities ¶

func NewClientCapabilities(capabilities []string) (ClientCapabilities, error)

type Endpoints ¶

type Endpoints struct {
	AuthorizationEndpoint string
	TokenEndpoint         string
	// contains filtered or unexported fields
}

Endpoints consists of the endpoints from the tenant discovery response.

func NewEndpoints ¶

func NewEndpoints(authorizationEndpoint string, tokenEndpoint string, selfSignedJwtAudience string, authorityHost string) Endpoints

NewEndpoints creates an Endpoints object.

type Info ¶

type Info struct {
	Host                      string
	CanonicalAuthorityURI     string
	AuthorityType             string
	UserRealmURIPrefix        string
	ValidateAuthority         bool
	Tenant                    string
	Region                    string
	InstanceDiscoveryDisabled bool
}

Info consists of information about the authority.

func NewInfoFromAuthorityURI ¶

func NewInfoFromAuthorityURI(authority string, validateAuthority bool, instanceDiscoveryDisabled bool) (Info, error)

NewInfoFromAuthorityURI creates an AuthorityInfo instance from the authority URL provided.

type InstanceDiscoveryMetadata ¶

type InstanceDiscoveryMetadata struct {
	PreferredNetwork string   `json:"preferred_network"`
	PreferredCache   string   `json:"preferred_cache"`
	Aliases          []string `json:"aliases"`

	AdditionalFields map[string]interface{}
}

type InstanceDiscoveryResponse ¶

type InstanceDiscoveryResponse struct {
	TenantDiscoveryEndpoint string                      `json:"tenant_discovery_endpoint"`
	Metadata                []InstanceDiscoveryMetadata `json:"metadata"`

	AdditionalFields map[string]interface{}
}

type OAuthResponseBase ¶

type OAuthResponseBase struct {
	Error            string `json:"error"`
	SubError         string `json:"suberror"`
	ErrorDescription string `json:"error_description"`
	ErrorCodes       []int  `json:"error_codes"`
	CorrelationID    string `json:"correlation_id"`
	Claims           string `json:"claims"`
}

type TenantDiscoveryResponse ¶

type TenantDiscoveryResponse struct {
	OAuthResponseBase

	AuthorizationEndpoint string `json:"authorization_endpoint"`
	TokenEndpoint         string `json:"token_endpoint"`
	Issuer                string `json:"issuer"`

	AdditionalFields map[string]interface{}
}

TenantDiscoveryResponse is the tenant endpoints from the OpenID configuration endpoint.

func (*TenantDiscoveryResponse) Validate ¶

func (r *TenantDiscoveryResponse) Validate() error

Validate validates that the response had the correct values required.

type UserRealm ¶

type UserRealm struct {
	AccountType       UserRealmAccountType `json:"account_type"`
	DomainName        string               `json:"domain_name"`
	CloudInstanceName string               `json:"cloud_instance_name"`
	CloudAudienceURN  string               `json:"cloud_audience_urn"`

	// required if accountType is Federated
	FederationProtocol    string `json:"federation_protocol"`
	FederationMetadataURL string `json:"federation_metadata_url"`

	AdditionalFields map[string]interface{}
}

UserRealm is used for the username password request to determine user type

type UserRealmAccountType ¶

type UserRealmAccountType string

UserRealmAccountType refers to the type of user realm.

const (
	Unknown   UserRealmAccountType = ""
	Federated UserRealmAccountType = "Federated"
	Managed   UserRealmAccountType = "Managed"
)

These are the different types of user realms.

Source Files ¶

authority.go authorizetype_string.go

Version: v0.9.0
Published: Mar 7, 2023
Platform: js/wasm
Imports: 15 packages
Last checked: 2 weeks ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples