diff options
author | Wim <wim@42.be> | 2020-03-28 23:44:49 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-28 23:44:49 +0100 |
commit | 0df253964123537b91e5a7364c83cc52f0e88df4 (patch) | |
tree | 15b630d26fd3d5e15c489a2a0a1201f631bd9d60 /vendor/github.com/matterbridge/msgraph.go/msauth | |
parent | 0f2d8a599c6b3f2ee6cba4d0d887fe021df84ca6 (diff) | |
download | matterbridge-msglm-0df253964123537b91e5a7364c83cc52f0e88df4.tar.gz matterbridge-msglm-0df253964123537b91e5a7364c83cc52f0e88df4.tar.bz2 matterbridge-msglm-0df253964123537b91e5a7364c83cc52f0e88df4.zip |
Use upstream yaegashi/msgraph.go/msauth (msteams) (#1067)
Diffstat (limited to 'vendor/github.com/matterbridge/msgraph.go/msauth')
4 files changed, 0 insertions, 341 deletions
diff --git a/vendor/github.com/matterbridge/msgraph.go/msauth/README.md b/vendor/github.com/matterbridge/msgraph.go/msauth/README.md deleted file mode 100644 index 43aead20..00000000 --- a/vendor/github.com/matterbridge/msgraph.go/msauth/README.md +++ /dev/null @@ -1,70 +0,0 @@ -# msauth - -## Introduction - -Very simple package to authorize applications against [Microsoft identity platform]. - -It utilizes [v2.0 endpoint] so that it can authorize users using both personal (Microsoft) and organizational (Azure AD) account. - -## Usage - -### Device authorization grant - -- [OAuth 2.0 device authorization grant flow] - -```go -const ( - tenantID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" - clientID = "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY" - tokenCachePath = "token_cache.json" -) - -var scopes = []string{"openid", "profile", "offline_access", "User.Read", "Files.Read"} - - ctx := context.Background() - m := msauth.NewManager() - m.LoadFile(tokenCachePath) - ts, err := m.DeviceAuthorizationGrant(ctx, tenantID, clientID, scopes, nil) - if err != nil { - log.Fatal(err) - } - m.SaveFile(tokenCachePath) - - httpClient := oauth2.NewClient(ctx, ts) - ... -``` - -### Client credentials grant - -- [OAuth 2.0 client credentials grant flow] - -```go -const ( - tenantID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" - clientID = "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY" - clientSecret = "ZZZZZZZZZZZZZZZZZZZZZZZZ" -) - -var scopes = []string{msauth.DefaultMSGraphScope} - - ctx := context.Background() - m := msauth.NewManager() - ts, err := m.ClientCredentialsGrant(ctx, tenantID, clientID, clientSecret, scopes) - if err != nil { - log.Fatal(err) - } - - httpClient := oauth2.NewClient(ctx, ts) - ... -``` - -### Authorization code grant - -- [OAuth 2.0 authorization code grant flow] -- Not yet implemented. - -[Microsoft identity platform]: https://docs.microsoft.com/en-us/azure/active-directory/develop/ -[v2.0 endpoint]: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview -[OAuth 2.0 device authorization grant flow]: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code -[OAuth 2.0 client credentials grant flow]: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow -[OAuth 2.0 authorization code grant flow]: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
\ No newline at end of file diff --git a/vendor/github.com/matterbridge/msgraph.go/msauth/client_credentials_grant.go b/vendor/github.com/matterbridge/msgraph.go/msauth/client_credentials_grant.go deleted file mode 100644 index bc50883d..00000000 --- a/vendor/github.com/matterbridge/msgraph.go/msauth/client_credentials_grant.go +++ /dev/null @@ -1,27 +0,0 @@ -package msauth - -import ( - "context" - - "golang.org/x/oauth2" - "golang.org/x/oauth2/clientcredentials" - "golang.org/x/oauth2/microsoft" -) - -// ClientCredentialsGrant performs OAuth 2.0 client credentials grant and returns auto-refreshing TokenSource -func (m *Manager) ClientCredentialsGrant(ctx context.Context, tenantID, clientID, clientSecret string, scopes []string) (oauth2.TokenSource, error) { - config := &clientcredentials.Config{ - ClientID: clientID, - ClientSecret: clientSecret, - TokenURL: microsoft.AzureADEndpoint(tenantID).TokenURL, - Scopes: scopes, - AuthStyle: oauth2.AuthStyleInParams, - } - var err error - ts := config.TokenSource(ctx) - _, err = ts.Token() - if err != nil { - return nil, err - } - return ts, nil -} diff --git a/vendor/github.com/matterbridge/msgraph.go/msauth/device_authorization_grant.go b/vendor/github.com/matterbridge/msgraph.go/msauth/device_authorization_grant.go deleted file mode 100644 index 4baafd8d..00000000 --- a/vendor/github.com/matterbridge/msgraph.go/msauth/device_authorization_grant.go +++ /dev/null @@ -1,96 +0,0 @@ -package msauth - -import ( - "context" - "encoding/json" - "fmt" - "io/ioutil" - "net/http" - "net/url" - "os" - "strings" - "time" - - "golang.org/x/oauth2" - "golang.org/x/oauth2/microsoft" -) - -const ( - deviceCodeGrantType = "urn:ietf:params:oauth:grant-type:device_code" - authorizationPendingError = "authorization_pending" -) - -// DeviceCode is returned on device auth initiation -type DeviceCode struct { - DeviceCode string `json:"device_code"` - UserCode string `json:"user_code"` - VerificationURL string `json:"verification_url"` - ExpiresIn int `json:"expires_in"` - Interval int `json:"interval"` - Message string `json:"message"` -} - -// DeviceAuthorizationGrant performs OAuth 2.0 device authorization grant and returns auto-refreshing TokenSource -func (m *Manager) DeviceAuthorizationGrant(ctx context.Context, tenantID, clientID string, scopes []string, callback func(*DeviceCode) error) (oauth2.TokenSource, error) { - endpoint := microsoft.AzureADEndpoint(tenantID) - endpoint.AuthStyle = oauth2.AuthStyleInParams - config := &oauth2.Config{ - ClientID: clientID, - Endpoint: endpoint, - Scopes: scopes, - } - if t, ok := m.TokenCache[generateKey(tenantID, clientID)]; ok { - tt, err := config.TokenSource(ctx, t).Token() - if err == nil { - return config.TokenSource(ctx, tt), nil - } - if _, ok := err.(*oauth2.RetrieveError); !ok { - return nil, err - } - } - scope := strings.Join(scopes, " ") - res, err := http.PostForm(deviceCodeURL(tenantID), url.Values{"client_id": {clientID}, "scope": {scope}}) - if err != nil { - return nil, err - } - defer res.Body.Close() - if res.StatusCode != http.StatusOK { - b, _ := ioutil.ReadAll(res.Body) - return nil, fmt.Errorf("%s: %s", res.Status, string(b)) - } - dc := &DeviceCode{} - dec := json.NewDecoder(res.Body) - err = dec.Decode(&dc) - if err != nil { - return nil, err - } - if callback != nil { - err = callback(dc) - if err != nil { - return nil, err - } - } else { - fmt.Fprintln(os.Stderr, dc.Message) - } - values := url.Values{ - "client_id": {clientID}, - "grant_type": {deviceCodeGrantType}, - "device_code": {dc.DeviceCode}, - } - interval := dc.Interval - if interval == 0 { - interval = 5 - } - for { - time.Sleep(time.Second * time.Duration(interval)) - token, err := m.requestToken(ctx, tenantID, clientID, values) - if err == nil { - m.Cache(tenantID, clientID, token) - return config.TokenSource(ctx, token), nil - } - tokenError, ok := err.(*TokenError) - if !ok || tokenError.ErrorObject != authorizationPendingError { - return nil, err - } - } -} diff --git a/vendor/github.com/matterbridge/msgraph.go/msauth/msauth.go b/vendor/github.com/matterbridge/msgraph.go/msauth/msauth.go deleted file mode 100644 index c2a86985..00000000 --- a/vendor/github.com/matterbridge/msgraph.go/msauth/msauth.go +++ /dev/null @@ -1,148 +0,0 @@ -// Package msauth implements a library to authorize against Microsoft identity platform: -// https://docs.microsoft.com/en-us/azure/active-directory/develop/ -// -// It utilizes v2.0 endpoint -// so it can authorize users with both personal (Microsoft) and organizational (Azure AD) account. -package msauth - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "io/ioutil" - "net/http" - "net/url" - "sync" - "time" - - "golang.org/x/oauth2" -) - -const ( - // DefaultMSGraphScope is the default scope for MS Graph API - DefaultMSGraphScope = "https://graph.microsoft.com/.default" - endpointURLFormat = "https://login.microsoftonline.com/%s/oauth2/v2.0/%s" -) - -// TokenError is returned on failed authentication -type TokenError struct { - ErrorObject string `json:"error"` - ErrorDescription string `json:"error_description"` -} - -// Error implements error interface -func (t *TokenError) Error() string { - return fmt.Sprintf("%s: %s", t.ErrorObject, t.ErrorDescription) -} - -func generateKey(tenantID, clientID string) string { - return fmt.Sprintf("%s:%s", tenantID, clientID) -} - -func deviceCodeURL(tenantID string) string { - return fmt.Sprintf(endpointURLFormat, tenantID, "devicecode") -} - -func tokenURL(tenantID string) string { - return fmt.Sprintf(endpointURLFormat, tenantID, "token") -} - -type tokenJSON struct { - AccessToken string `json:"access_token"` - TokenType string `json:"token_type"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int `json:"expires_in"` -} - -func (e *tokenJSON) expiry() (t time.Time) { - if v := e.ExpiresIn; v != 0 { - return time.Now().Add(time.Duration(v) * time.Second) - } - return -} - -// Manager is oauth2 token cache manager -type Manager struct { - mu sync.Mutex - TokenCache map[string]*oauth2.Token -} - -// NewManager returns a new Manager instance -func NewManager() *Manager { - return &Manager{TokenCache: map[string]*oauth2.Token{}} -} - -// LoadBytes loads token cache from opaque bytes (it's actually JSON) -func (m *Manager) LoadBytes(b []byte) error { - m.mu.Lock() - defer m.mu.Unlock() - return json.Unmarshal(b, &m.TokenCache) -} - -// SaveBytes saves token cache to opaque bytes (it's actually JSON) -func (m *Manager) SaveBytes() ([]byte, error) { - m.mu.Lock() - defer m.mu.Unlock() - return json.Marshal(m.TokenCache) -} - -// LoadFile loads token cache from file -func (m *Manager) LoadFile(path string) error { - b, err := ioutil.ReadFile(path) - if err != nil { - return err - } - return m.LoadBytes(b) -} - -// SaveFile saves token cache to file -func (m *Manager) SaveFile(path string) error { - b, err := m.SaveBytes() - if err != nil { - return err - } - return ioutil.WriteFile(path, b, 0644) -} - -// Cache stores a token into token cache -func (m *Manager) Cache(tenantID, clientID string, token *oauth2.Token) { - m.TokenCache[generateKey(tenantID, clientID)] = token -} - -// requestToken requests a token from the token endpoint -// TODO(ctx): use http client from ctx -func (m *Manager) requestToken(ctx context.Context, tenantID, clientID string, values url.Values) (*oauth2.Token, error) { - res, err := http.PostForm(tokenURL(tenantID), values) - if err != nil { - return nil, err - } - defer res.Body.Close() - b, err := ioutil.ReadAll(res.Body) - if err != nil { - return nil, err - } - if res.StatusCode != http.StatusOK { - var terr *TokenError - err = json.Unmarshal(b, &terr) - if err != nil { - return nil, err - } - return nil, terr - } - var tj *tokenJSON - err = json.Unmarshal(b, &tj) - if err != nil { - return nil, err - } - token := &oauth2.Token{ - AccessToken: tj.AccessToken, - TokenType: tj.TokenType, - RefreshToken: tj.RefreshToken, - Expiry: tj.expiry(), - } - if token.AccessToken == "" { - return nil, errors.New("msauth: server response missing access_token") - } - return token, nil -} |