public Package
import "github.com/AzureAD/microsoft-authentication-library-for-go/apps/public"
Package public provides a client for authentication of "public" applications. A "public" application is defined as an app that runs on client devices (android, ios, windows, linux, ...). These devices are "untrusted" and access resources via web APIs that must authenticate.
func WithChallenge
func WithChallenge(challenge string) interface {
AcquireByAuthCodeOption
options.CallOption
}
WithChallenge allows you to provide a code for the .AcquireTokenByAuthCode() call.
func WithClaims
func WithClaims(claims string) interface {
AcquireByAuthCodeOption
AcquireByDeviceCodeOption
AcquireByUsernamePasswordOption
AcquireInteractiveOption
AcquireSilentOption
AuthCodeURLOption
options.CallOption
}
WithClaims sets additional claims to request for the token, such as those required by conditional access policies. Use this option when Azure AD returned a claims challenge for a prior request. The argument must be decoded. This option is valid for any token acquisition method.
func WithDomainHint
func WithDomainHint(domain string) interface {
AcquireInteractiveOption
AuthCodeURLOption
options.CallOption
}
WithDomainHint adds the IdP domain as domain_hint query parameter in the auth url.
func WithLoginHint
func WithLoginHint(username string) interface {
AcquireInteractiveOption
AuthCodeURLOption
options.CallOption
}
WithLoginHint pre-populates the login prompt with a username.
func WithRedirectURI
func WithRedirectURI(redirectURI string) interface {
AcquireInteractiveOption
options.CallOption
}
WithRedirectURI sets a port for the local server used in interactive authentication, for example http://localhost:port. All URI components other than the port are ignored.
func WithSilentAccount
func WithSilentAccount(account Account) interface {
AcquireSilentOption
options.CallOption
}
WithSilentAccount uses the passed account during an AcquireTokenSilent() call.
func WithTenantID
func WithTenantID(tenantID string) interface {
AcquireByAuthCodeOption
AcquireByDeviceCodeOption
AcquireByUsernamePasswordOption
AcquireInteractiveOption
AcquireSilentOption
AuthCodeURLOption
options.CallOption
}
WithTenantID specifies a tenant for a single authentication. It may be different than the tenant set in [New] by [WithAuthority]. This option is valid for any token acquisition method.
type Account
type Account = shared.Account
type AcquireByAuthCodeOption
AcquireByAuthCodeOption is implemented by options for AcquireTokenByAuthCode
type AcquireByAuthCodeOption interface {
// contains filtered or unexported methods
}
type AcquireByDeviceCodeOption
AcquireByDeviceCodeOption is implemented by options for AcquireTokenByDeviceCode
type AcquireByDeviceCodeOption interface {
// contains filtered or unexported methods
}
type AcquireByUsernamePasswordOption
AcquireByUsernamePasswordOption is implemented by options for AcquireTokenByUsernamePassword
type AcquireByUsernamePasswordOption interface {
// contains filtered or unexported methods
}
type AcquireInteractiveOption
AcquireInteractiveOption is implemented by options for AcquireTokenInteractive
type AcquireInteractiveOption interface {
// contains filtered or unexported methods
}
type AcquireSilentOption
AcquireSilentOption is implemented by options for AcquireTokenSilent
type AcquireSilentOption interface {
// contains filtered or unexported methods
}
type AuthCodeURLOption
AuthCodeURLOption is implemented by options for AuthCodeURL
type AuthCodeURLOption interface {
// contains filtered or unexported methods
}
type AuthResult
AuthResult contains the results of one token acquisition operation. For details see https://aka.ms/msal-net-authenticationresult
type AuthResult = base.AuthResult
type Client
Client is a representation of authentication client for public applications as defined in the package doc. For more information, see documentation on MSAL client applications.
type Client struct {
// contains filtered or unexported fields
}
func New
func New(clientID string, options ...Option) (Client, error)
New is the constructor for Client.
func (Client) Accounts
func (pca Client) Accounts(ctx context.Context) ([]Account, error)
Accounts gets all the accounts in the token cache. If there are no accounts in the cache the returned slice is empty.
func (Client) AcquireTokenByAuthCode
func (pca Client) AcquireTokenByAuthCode(ctx context.Context, code string, redirectURI string, scopes []string, opts ...AcquireByAuthCodeOption) (AuthResult, error)
AcquireTokenByAuthCode is a request to acquire a security token from the authority, using an authorization code. The specified redirect URI must be the same URI that was used when the authorization code was requested.
Options: [WithChallenge], [WithClaims], [WithTenantID]
func (Client) AcquireTokenByDeviceCode
func (pca Client) AcquireTokenByDeviceCode(ctx context.Context, scopes []string, opts ...AcquireByDeviceCodeOption) (DeviceCode, error)
AcquireTokenByDeviceCode acquires a security token from the authority, by acquiring a device code and using that to acquire the token. Users need to create an AcquireTokenDeviceCodeParameters instance and pass it in.
Options: [WithClaims], [WithTenantID]
func (Client) AcquireTokenByUsernamePassword
func (pca Client) AcquireTokenByUsernamePassword(ctx context.Context, scopes []string, username, password string, opts ...AcquireByUsernamePasswordOption) (AuthResult, error)
AcquireTokenByUsernamePassword acquires a security token from the authority, via Username/Password Authentication. NOTE: this flow is NOT recommended.
Options: [WithClaims], [WithTenantID]
func (Client) AcquireTokenInteractive
func (pca Client) AcquireTokenInteractive(ctx context.Context, scopes []string, opts ...AcquireInteractiveOption) (AuthResult, error)
AcquireTokenInteractive acquires a security token from the authority using the default web browser to select the account. See documentation on interactive and non-interactive flows.
Options: [WithDomainHint], [WithLoginHint], [WithRedirectURI], [WithTenantID]
func (Client) AcquireTokenSilent
func (pca Client) AcquireTokenSilent(ctx context.Context, scopes []string, opts ...AcquireSilentOption) (AuthResult, error)
AcquireTokenSilent acquires a token from either the cache or using a refresh token.
Options: [WithClaims], [WithSilentAccount], [WithTenantID]
func (Client) AuthCodeURL
func (pca Client) AuthCodeURL(ctx context.Context, clientID, redirectURI string, scopes []string, opts ...AuthCodeURLOption) (string, error)
AuthCodeURL creates a URL used to acquire an authorization code.
Options: [WithClaims], [WithDomainHint], [WithLoginHint], [WithTenantID]
func (Client) RemoveAccount
func (pca Client) RemoveAccount(ctx context.Context, account Account) error
RemoveAccount signs the account out and forgets account from token cache.
type DeviceCode
DeviceCode provides the results of the device code flows first stage (containing the code) that must be entered on the second device and provides a method to retrieve the AuthenticationResult once that code has been entered and verified.
type DeviceCode struct {
// Result holds the information about the device code (such as the code).
Result DeviceCodeResult
// contains filtered or unexported fields
}
func (DeviceCode) AuthenticationResult
func (d DeviceCode) AuthenticationResult(ctx context.Context) (AuthResult, error)
AuthenticationResult retreives the AuthenticationResult once the user enters the code on the second device. Until then it blocks until the .AcquireTokenByDeviceCode() context is cancelled or the token expires.
type DeviceCodeResult
type DeviceCodeResult = accesstokens.DeviceCodeResult
type Option
Option is an optional argument to the New constructor.
type Option func(o *clientOptions)
func WithAuthority
func WithAuthority(authority string) Option
WithAuthority allows for a custom authority to be set. This must be a valid https url.
func WithCache
func WithCache(accessor cache.ExportReplace) Option
WithCache provides an accessor that will read and write authentication data to an externally managed cache.
func WithClientCapabilities
func WithClientCapabilities(capabilities []string) Option
WithClientCapabilities allows configuring one or more client capabilities such as "CP1"
func WithHTTPClient
func WithHTTPClient(httpClient ops.HTTPClient) Option
WithHTTPClient allows for a custom HTTP client to be set.
func WithInstanceDiscovery
func WithInstanceDiscovery(enabled bool) Option
WithInstanceDiscovery set to false to disable authority validation (to support private cloud scenarios)