Documentation
¶
Index ¶
- Constants
- func TrustedHost(host string) bool
- type AuthParams
- type AuthorizeType
- type Client
- func (c Client) AADInstanceDiscovery(ctx context.Context, authorityInfo Info) (InstanceDiscoveryResponse, error)
- func (c Client) GetTenantDiscoveryResponse(ctx context.Context, openIDConfigurationEndpoint string) (TenantDiscoveryResponse, error)
- func (c Client) UserRealm(ctx context.Context, authParams AuthParams) (UserRealm, error)
- type Endpoints
- type Info
- type InstanceDiscoveryMetadata
- type InstanceDiscoveryResponse
- type OAuthResponseBase
- type TenantDiscoveryResponse
- type UserRealm
- type UserRealmAccountType
Constants ¶
View Source
const ( AAD = "MSSTS" ADFS = "ADFS" )
These are all authority types
View Source
const (
TenantDiscoveryEndpointWithRegion = "https://%v.r.%v/%v/v2.0/.well-known/openid-configuration"
)
Variables ¶
This section is empty.
Functions ¶
func TrustedHost ¶
TrustedHost checks if an AAD host is trusted/valid.
Types ¶
type AuthParams ¶
type AuthParams struct {
AuthorityInfo Info
CorrelationID string
Endpoints Endpoints
ClientID string
// Redirecturi is used for auth flows that specify a redirect URI (e.g. local server for interactive auth flow).
Redirecturi string
HomeaccountID string
// Username is the user-name portion for username/password auth flow.
Username string
// Password is the password portion for username/password auth flow.
Password string
// Scopes is the list of scopes the user consents to.
Scopes []string
// AuthorizationType specifies the auth flow being used.
AuthorizationType AuthorizeType
// State is a random value used to prevent cross-site request forgery attacks.
State string
// CodeChallenge is derived from a code verifier and is sent in the auth request.
CodeChallenge string
// CodeChallengeMethod describes the method used to create the CodeChallenge.
CodeChallengeMethod string
// Prompt specifies the user prompt type during interactive auth.
Prompt string
// IsConfidentialClient specifies if it is a confidential client.
IsConfidentialClient bool
// SendX5C specifies if x5c claim(public key of the certificate) should be sent to STS.
SendX5C bool
// UserAssertion is the access token used to acquire token on behalf of user
UserAssertion string
}
AuthParams represents the parameters used for authorization for token acquisition.
func NewAuthParams ¶
func NewAuthParams(clientID string, authorityInfo Info) AuthParams
NewAuthParams creates an authorization parameters object.
func (*AuthParams) AppKey ¶
func (a *AuthParams) AppKey() string
func (*AuthParams) AssertionHash ¶
func (a *AuthParams) AssertionHash() string
func (*AuthParams) CacheKey ¶
func (a *AuthParams) CacheKey(isAppCache bool) string
type AuthorizeType ¶
type AuthorizeType int
AuthorizeType represents the type of token flow.
const ( ATUnknown AuthorizeType = iota ATUsernamePassword ATWindowsIntegrated ATAuthCode ATInteractive ATClientCredentials ATDeviceCode ATRefreshToken AccountByID ATOnBehalfOf )
These are all the types of token flows.
func (AuthorizeType) String ¶
func (i AuthorizeType) String() string
type Client ¶
type Client struct {
// Comm provides the HTTP transport client.
Comm jsonCaller // *comm.Client
}
Client represents the REST calls to authority backends.
func (Client) AADInstanceDiscovery ¶
func (Client) GetTenantDiscoveryResponse ¶
type Endpoints ¶
type Endpoints struct {
AuthorizationEndpoint string
TokenEndpoint string
// contains filtered or unexported fields
}
Endpoints consists of the endpoints from the tenant discovery response.
type Info ¶
type Info struct {
Host string
CanonicalAuthorityURI string
AuthorityType string
UserRealmURIPrefix string
ValidateAuthority bool
Tenant string
Region string
}
Info consists of information about the authority.
type InstanceDiscoveryResponse ¶
type InstanceDiscoveryResponse struct {
TenantDiscoveryEndpoint string `json:"tenant_discovery_endpoint"`
Metadata []InstanceDiscoveryMetadata `json:"metadata"`
AdditionalFields map[string]interface{}
}
type OAuthResponseBase ¶
type TenantDiscoveryResponse ¶
type TenantDiscoveryResponse struct {
OAuthResponseBase
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
Issuer string `json:"issuer"`
AdditionalFields map[string]interface{}
}
TenantDiscoveryResponse is the tenant endpoints from the OpenID configuration endpoint.
func (*TenantDiscoveryResponse) Validate ¶
func (r *TenantDiscoveryResponse) Validate() error
Validate validates that the response had the correct values required.
type UserRealm ¶
type UserRealm struct {
AccountType UserRealmAccountType `json:"account_type"`
DomainName string `json:"domain_name"`
CloudInstanceName string `json:"cloud_instance_name"`
CloudAudienceURN string `json:"cloud_audience_urn"`
// required if accountType is Federated
FederationProtocol string `json:"federation_protocol"`
FederationMetadataURL string `json:"federation_metadata_url"`
AdditionalFields map[string]interface{}
}
UserRealm is used for the username password request to determine user type
type UserRealmAccountType ¶
type UserRealmAccountType string
UserRealmAccountType refers to the type of user realm.
const ( Unknown UserRealmAccountType = "" Federated UserRealmAccountType = "Federated" Managed UserRealmAccountType = "Managed" )
These are the different types of user realms.
Source Files
Click to show internal directories.
Click to hide internal directories.