package public

import "github.com/AzureAD/microsoft-authentication-library-for-go/apps/public"

Package public provides a client for authentication of "public" applications. A "public" application is defined as an app that runs on client devices (android, ios, windows, linux, ...). These devices are "untrusted" and access resources via web APIs that must authenticate.

Index

Functions

func WithChallenge 

func WithChallenge(challenge string) interface {
	AcquireByAuthCodeOption
	options.CallOption
}

WithChallenge allows you to provide a code for the .AcquireTokenByAuthCode() call.

func WithClaims 

func WithClaims(claims string) interface {
	AcquireByAuthCodeOption
	AcquireByDeviceCodeOption
	AcquireByUsernamePasswordOption
	AcquireInteractiveOption
	AcquireSilentOption
	CreateAuthCodeURLOption
	options.CallOption
}

WithClaims sets additional claims to request for the token, such as those required by conditional access policies. Use this option when Azure AD returned a claims challenge for a prior request. The argument must be decoded. This option is valid for any token acquisition method.

func WithDomainHint 

func WithDomainHint(domain string) interface {
	AcquireInteractiveOption
	CreateAuthCodeURLOption
	options.CallOption
}

WithDomainHint adds the IdP domain as domain_hint query parameter in the auth url.

func WithLoginHint 

func WithLoginHint(username string) interface {
	AcquireInteractiveOption
	CreateAuthCodeURLOption
	options.CallOption
}

WithLoginHint pre-populates the login prompt with a username.

func WithRedirectURI 

func WithRedirectURI(redirectURI string) interface {
	AcquireInteractiveOption
	options.CallOption
}

WithRedirectURI uses the specified redirect URI for interactive auth.

func WithSilentAccount 

func WithSilentAccount(account Account) interface {
	AcquireSilentOption
	options.CallOption
}

WithSilentAccount uses the passed account during an AcquireTokenSilent() call.

func WithTenantID 

func WithTenantID(tenantID string) interface {
	AcquireByAuthCodeOption
	AcquireByDeviceCodeOption
	AcquireByUsernamePasswordOption
	AcquireInteractiveOption
	AcquireSilentOption
	CreateAuthCodeURLOption
	options.CallOption
}

WithTenantID specifies a tenant for a single authentication. It may be different than the tenant set in New by WithAuthority. This option is valid for any token acquisition method.

Types

type Account 

type Account = shared.Account

type AcquireByAuthCodeOption 

type AcquireByAuthCodeOption interface {
	// contains filtered or unexported methods
}

AcquireByAuthCodeOption is implemented by options for AcquireTokenByAuthCode

type AcquireByDeviceCodeOption 

type AcquireByDeviceCodeOption interface {
	// contains filtered or unexported methods
}

AcquireByDeviceCodeOption is implemented by options for AcquireTokenByDeviceCode

type AcquireByUsernamePasswordOption 

type AcquireByUsernamePasswordOption interface {
	// contains filtered or unexported methods
}

AcquireByUsernamePasswordOption is implemented by options for AcquireTokenByUsernamePassword

type AcquireInteractiveOption 

type AcquireInteractiveOption interface {
	// contains filtered or unexported methods
}

AcquireInteractiveOption is implemented by options for AcquireTokenInteractive

type AcquireSilentOption 

type AcquireSilentOption interface {
	// contains filtered or unexported methods
}

AcquireSilentOption is implemented by options for AcquireTokenSilent

type AcquireTokenByAuthCodeOption 

type AcquireTokenByAuthCodeOption func(a *AcquireTokenByAuthCodeOptions)

AcquireTokenByAuthCodeOption changes options inside AcquireTokenByAuthCodeOptions used in .AcquireTokenByAuthCode().

type AcquireTokenByAuthCodeOptions 

type AcquireTokenByAuthCodeOptions struct {
	Challenge string
	// contains filtered or unexported fields
}

AcquireTokenByAuthCodeOptions contains the optional parameters used to acquire an access token using the authorization code flow.

type AcquireTokenSilentOption 

type AcquireTokenSilentOption func(a *AcquireTokenSilentOptions)

AcquireTokenSilentOption changes options inside AcquireTokenSilentOptions used in .AcquireTokenSilent().

type AcquireTokenSilentOptions 

type AcquireTokenSilentOptions struct {
	// Account represents the account to use. To set, use the WithSilentAccount() option.
	Account Account
	// contains filtered or unexported fields
}

AcquireTokenSilentOptions are all the optional settings to an AcquireTokenSilent() call. These are set by using various AcquireTokenSilentOption functions.

type AuthResult 

type AuthResult = base.AuthResult

AuthResult contains the results of one token acquisition operation. For details see https://aka.ms/msal-net-authenticationresult

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client is a representation of authentication client for public applications as defined in the package doc. For more information, visit https://docs.microsoft.com/azure/active-directory/develop/msal-client-applications.

func New 

func New(clientID string, options ...Option) (Client, error)

New is the constructor for Client.

func (Client) Accounts 

func (pca Client) Accounts() []Account

Accounts gets all the accounts in the token cache. If there are no accounts in the cache the returned slice is empty.

func (Client) AcquireTokenByAuthCode 

func (pca Client) AcquireTokenByAuthCode(ctx context.Context, code string, redirectURI string, scopes []string, opts ...AcquireByAuthCodeOption) (AuthResult, error)

AcquireTokenByAuthCode is a request to acquire a security token from the authority, using an authorization code. The specified redirect URI must be the same URI that was used when the authorization code was requested.

Options: WithChallenge, WithClaims, WithTenantID

func (Client) AcquireTokenByDeviceCode 

func (pca Client) AcquireTokenByDeviceCode(ctx context.Context, scopes []string, opts ...AcquireByDeviceCodeOption) (DeviceCode, error)

AcquireTokenByDeviceCode acquires a security token from the authority, by acquiring a device code and using that to acquire the token. Users need to create an AcquireTokenDeviceCodeParameters instance and pass it in.

Options: WithClaims, WithTenantID

func (Client) AcquireTokenByUsernamePassword 

func (pca Client) AcquireTokenByUsernamePassword(ctx context.Context, scopes []string, username, password string, opts ...AcquireByUsernamePasswordOption) (AuthResult, error)

AcquireTokenByUsernamePassword acquires a security token from the authority, via Username/Password Authentication. NOTE: this flow is NOT recommended.

Options: WithClaims, WithTenantID

func (Client) AcquireTokenInteractive 

func (pca Client) AcquireTokenInteractive(ctx context.Context, scopes []string, opts ...AcquireInteractiveOption) (AuthResult, error)

AcquireTokenInteractive acquires a security token from the authority using the default web browser to select the account. https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows#interactive-and-non-interactive-authentication

Options: WithDomainHint, WithLoginHint, WithRedirectURI, WithTenantID

func (Client) AcquireTokenSilent 

func (pca Client) AcquireTokenSilent(ctx context.Context, scopes []string, opts ...AcquireSilentOption) (AuthResult, error)

AcquireTokenSilent acquires a token from either the cache or using a refresh token.

Options: WithClaims, WithSilentAccount, WithTenantID

func (Client) CreateAuthCodeURL 

func (pca Client) CreateAuthCodeURL(ctx context.Context, clientID, redirectURI string, scopes []string, opts ...CreateAuthCodeURLOption) (string, error)

CreateAuthCodeURL creates a URL used to acquire an authorization code.

Options: WithClaims, WithDomainHint, WithLoginHint, WithTenantID

func (Client) RemoveAccount 

func (pca Client) RemoveAccount(account Account) error

RemoveAccount signs the account out and forgets account from token cache.

type CreateAuthCodeURLOption 

type CreateAuthCodeURLOption interface {
	// contains filtered or unexported methods
}

CreateAuthCodeURLOption is implemented by options for CreateAuthCodeURL

type DeviceCode 

type DeviceCode struct {
	// Result holds the information about the device code (such as the code).
	Result DeviceCodeResult
	// contains filtered or unexported fields
}

DeviceCode provides the results of the device code flows first stage (containing the code) that must be entered on the second device and provides a method to retrieve the AuthenticationResult once that code has been entered and verified.

func (DeviceCode) AuthenticationResult 

func (d DeviceCode) AuthenticationResult(ctx context.Context) (AuthResult, error)

AuthenticationResult retreives the AuthenticationResult once the user enters the code on the second device. Until then it blocks until the .AcquireTokenByDeviceCode() context is cancelled or the token expires.

type DeviceCodeResult 

type DeviceCodeResult = accesstokens.DeviceCodeResult

type InteractiveAuthOption 

type InteractiveAuthOption func(*InteractiveAuthOptions)

InteractiveAuthOption changes options inside InteractiveAuthOptions used in .AcquireTokenInteractive().

type InteractiveAuthOptions 

type InteractiveAuthOptions struct {
	// Used to specify a custom port for the local server.  http://localhost:portnumber
	// All other URI components are ignored.
	RedirectURI string
	// contains filtered or unexported fields
}

InteractiveAuthOptions contains the optional parameters used to acquire an access token for interactive auth code flow.

type Option 

type Option func(o *Options)

Option is an optional argument to the New constructor.

func WithAuthority 

func WithAuthority(authority string) Option

WithAuthority allows for a custom authority to be set. This must be a valid https url.

func WithCache 

func WithCache(accessor cache.ExportReplace) Option

WithCache allows you to set some type of cache for storing authentication tokens.

func WithClientCapabilities 

func WithClientCapabilities(capabilities []string) Option

WithClientCapabilities allows configuring one or more client capabilities such as "CP1"

func WithHTTPClient 

func WithHTTPClient(httpClient ops.HTTPClient) Option

WithHTTPClient allows for a custom HTTP client to be set.

func WithInstanceDiscovery 

func WithInstanceDiscovery(enabled bool) Option

WithInstanceDiscovery set to false to disable authority validation (to support private cloud scenarios)

type Options 

type Options struct {
	// Accessor controls cache persistence. By default there is no cache persistence.
	// This can be set with the WithCache() option.
	Accessor cache.ExportReplace

	// The host of the Azure Active Directory authority. The default is https://login.microsoftonline.com/common.
	// This can be changed with the WithAuthority() option.
	Authority string

	// The HTTP client used for making requests.
	// It defaults to a shared http.Client.
	HTTPClient ops.HTTPClient
	// contains filtered or unexported fields
}

Options configures the Client's behavior.

Source Files

public.go

Version
v0.8.0
Published
Jan 23, 2023
Platform
darwin/amd64
Imports
18 packages
Last checked
2 weeks ago

Tools for package owners.