authority

package

v0.2.0 Latest Latest Go to latest Published: May 4, 2021 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/AzureAD/microsoft-authentication-library-for-go

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func TrustedHost(host string) bool
type AuthParams
- func NewAuthParams(clientID string, authorityInfo Info) AuthParams
- func (a *AuthParams) AppKey() string
- func (a *AuthParams) CacheKey(isAppCache bool) string
type AuthorizeType
- func (i AuthorizeType) String() string
type Client
- func (c Client) AADInstanceDiscovery(ctx context.Context, authorityInfo Info) (InstanceDiscoveryResponse, error)
- func (c Client) GetTenantDiscoveryResponse(ctx context.Context, openIDConfigurationEndpoint string) (TenantDiscoveryResponse, error)
- func (c Client) UserRealm(ctx context.Context, authParams AuthParams) (UserRealm, error)
type Endpoints
- func NewEndpoints(authorizationEndpoint string, tokenEndpoint string, ...) Endpoints
type Info
- func NewInfoFromAuthorityURI(authorityURI string, validateAuthority bool) (Info, error)
type InstanceDiscoveryMetadata
type InstanceDiscoveryResponse
type OAuthResponseBase
type TenantDiscoveryResponse
- func (r *TenantDiscoveryResponse) Validate() error
type UserRealm
type UserRealmAccountType

Constants ¶

View Source

const (
	AAD  = "MSSTS"
	ADFS = "ADFS"
)

These are all authority types

Variables ¶

This section is empty.

Functions ¶

func TrustedHost ¶

func TrustedHost(host string) bool

TrustedHost checks if an AAD host is trusted/valid.

Types ¶

type AuthParams ¶

type AuthParams struct {
	AuthorityInfo Info
	CorrelationID string
	Endpoints     Endpoints
	ClientID      string
	// Redirecturi is used for auth flows that specify a redirect URI (e.g. local server for interactive auth flow).
	Redirecturi   string
	HomeaccountID string
	// Username is the user-name portion for username/password auth flow.
	Username string
	// Password is the password portion for username/password auth flow.
	Password string
	// Scopes is the list of scopes the user consents to.
	Scopes []string
	// AuthorizationType specifies the auth flow being used.
	AuthorizationType AuthorizeType
	// State is a random value used to prevent cross-site request forgery attacks.
	State string
	// CodeChallenge is derived from a code verifier and is sent in the auth request.
	CodeChallenge string
	// CodeChallengeMethod describes the method used to create the CodeChallenge.
	CodeChallengeMethod string
	// Prompt specifies the user prompt type during interactive auth.
	Prompt string
	// IsConfidentialClient specifies if it is a confidential client.
	IsConfidentialClient bool
	// SendX5C specifies if x5c claim(public key of the certificate) should be sent to STS.
	SendX5C bool
}

AuthParams represents the parameters used for authorization for token acquisition.

func NewAuthParams ¶

func NewAuthParams(clientID string, authorityInfo Info) AuthParams

NewAuthParams creates an authorization parameters object.

func (*AuthParams) AppKey ¶

func (a *AuthParams) AppKey() string

func (*AuthParams) CacheKey ¶

func (a *AuthParams) CacheKey(isAppCache bool) string

type AuthorizeType ¶

type AuthorizeType int

AuthorizeType represents the type of token flow.

const (
	ATUnknown AuthorizeType = iota
	ATUsernamePassword
	ATWindowsIntegrated
	ATAuthCode
	ATInteractive
	ATClientCredentials
	ATDeviceCode
	ATRefreshToken
	AccountByID
)

These are all the types of token flows.

func (AuthorizeType) String ¶

func (i AuthorizeType) String() string

type Client ¶

type Client struct {
	// Comm provides the HTTP transport client.
	Comm jsonCaller // *comm.Client
}

Client represents the REST calls to authority backends.

func (Client) AADInstanceDiscovery ¶

func (c Client) AADInstanceDiscovery(ctx context.Context, authorityInfo Info) (InstanceDiscoveryResponse, error)

func (Client) GetTenantDiscoveryResponse ¶

func (c Client) GetTenantDiscoveryResponse(ctx context.Context, openIDConfigurationEndpoint string) (TenantDiscoveryResponse, error)

func (Client) UserRealm ¶

func (c Client) UserRealm(ctx context.Context, authParams AuthParams) (UserRealm, error)

type Endpoints ¶

type Endpoints struct {
	AuthorizationEndpoint string
	TokenEndpoint         string
	// contains filtered or unexported fields
}

Endpoints consists of the endpoints from the tenant discovery response.

func NewEndpoints ¶

func NewEndpoints(authorizationEndpoint string, tokenEndpoint string, selfSignedJwtAudience string, authorityHost string) Endpoints

NewEndpoints creates an Endpoints object.

type Info ¶

type Info struct {
	Host                  string
	CanonicalAuthorityURI string
	AuthorityType         string
	UserRealmURIPrefix    string
	ValidateAuthority     bool
	Tenant                string
}

Info consists of information about the authority.

func NewInfoFromAuthorityURI ¶

func NewInfoFromAuthorityURI(authorityURI string, validateAuthority bool) (Info, error)

NewInfoFromAuthorityURI creates an AuthorityInfo instance from the authority URL provided.

type InstanceDiscoveryMetadata ¶

type InstanceDiscoveryMetadata struct {
	PreferredNetwork        string   `json:"preferred_network"`
	PreferredCache          string   `json:"preferred_cache"`
	TenantDiscoveryEndpoint string   `json:"tenant_discovery_endpoint"`
	Aliases                 []string `json:"aliases"`

	AdditionalFields map[string]interface{}
}

type InstanceDiscoveryResponse ¶

type InstanceDiscoveryResponse struct {
	TenantDiscoveryEndpoint string                      `json:"tenant_discovery_endpoint"`
	Metadata                []InstanceDiscoveryMetadata `json:"metadata"`

	AdditionalFields map[string]interface{}
}

type OAuthResponseBase ¶

type OAuthResponseBase struct {
	Error            string `json:"error"`
	SubError         string `json:"suberror"`
	ErrorDescription string `json:"error_description"`
	ErrorCodes       []int  `json:"error_codes"`
	CorrelationID    string `json:"correlation_id"`
	Claims           string `json:"claims"`
}

type TenantDiscoveryResponse ¶

type TenantDiscoveryResponse struct {
	OAuthResponseBase

	AuthorizationEndpoint string `json:"authorization_endpoint"`
	TokenEndpoint         string `json:"token_endpoint"`
	Issuer                string `json:"issuer"`

	AdditionalFields map[string]interface{}
}

TenantDiscoveryResponse is the tenant endpoints from the OpenID configuration endpoint.

func (*TenantDiscoveryResponse) Validate ¶

func (r *TenantDiscoveryResponse) Validate() error

Validate validates that the response had the correct values required.

type UserRealm ¶

type UserRealm struct {
	AccountType       UserRealmAccountType `json:"account_type"`
	DomainName        string               `json:"domain_name"`
	CloudInstanceName string               `json:"cloud_instance_name"`
	CloudAudienceURN  string               `json:"cloud_audience_urn"`

	// required if accountType is Federated
	FederationProtocol    string `json:"federation_protocol"`
	FederationMetadataURL string `json:"federation_metadata_url"`

	AdditionalFields map[string]interface{}
}

UserRealm is used for the username password request to determine user type

type UserRealmAccountType ¶

type UserRealmAccountType string

UserRealmAccountType refers to the type of user realm.

const (
	Unknown   UserRealmAccountType = ""
	Federated UserRealmAccountType = "Federated"
	Managed   UserRealmAccountType = "Managed"
)

These are the different types of user realms.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL