sso-mib 0.7.0
Library to interact with the Microsoft Device Broker for SSO
Loading...
Searching...
No Matches
sso-mib

API Docs

Single-Sign-On using Microsoft Identity Broker (SSO-MIB)

sso-mib is a lightweight C library and CLI tool for interacting with a Microsoft Identity Broker to obtain authentication tokens via DBus.

By that, it implements support for the OIDC extension [MS-OAPXBC], sections 3.1.5.1.2 Request for Primary Refresh Token, 3.1.5.1.3 Exchange Primary Refresh Token for Access Token and can be used to obtain Proof-of-Possession tokens for RDP [MS-RDPBCGR].

Dependencies

  • Gio2.0
  • JSON-Glib
  • libdbus
  • libuuid
  • libjwt (only for sso-mib-tool)

Interface

The interface of the library is defined in <sso-mib/sso-mib.h>. Only this file must be included. The semantics follow roughly the MSAL Python library.

Logging

We integrate with the GLib message logging system and use the domain ssomib. To debug the input and output parameters of the DBus calls, set the environment variable G_MESSAGES_DEBUG=ssomib.

We try to keep the interface both API and ABI compatible, however this is not guaranteed prior to version 1.0.

How do I use this library

Note: for simplicity, this code does not have error handling and cleanup logic.

#include <sso-mib/sso-mib.h>
const gchar *client_id = "<my-client-uuid>";
const gchar *authority = MIB_AUTHORITY_COMMON;
MIBClientApp *app = mib_public_client_app_new(client_id, authority, NULL, NULL);
GSList *scopes = NULL;
scopes = g_slist_append(scopes, g_strdup(MIB_SCOPE_GRAPH_DEFAULT));
MIBAccount *account = mib_client_app_get_account_by_upn(app, NULL);
MIBPrt *prt = mib_client_app_acquire_token_silent(app, account, scopes, NULL, NULL, NULL);
MIBPrtSsoCookie *prt_cookie =
mib_client_app_acquire_prt_sso_cookie(app, account, MIB_SSO_URL_DEFAULT, scopes);
const char *name = mib_prt_sso_cookie_get_name(cookie);
const char *value = mib_prt_sso_cookie_get_content(cookie);
MIBAccount
void * MIBAccount
Definition mib-account.h:30
mib_client_app_acquire_prt_sso_cookie
MIBPrtSsoCookie * mib_client_app_acquire_prt_sso_cookie(MIBClientApp *app, MIBAccount *account, const gchar *sso_url, GSList *scopes)
Acquire a PRT SSO cookie.
mib_client_app_get_account_by_upn
MIBAccount * mib_client_app_get_account_by_upn(MIBClientApp *app, const gchar *upn)
Filter the registered accounts by UPN and return the first match.
MIBClientApp
void * MIBClientApp
Definition mib-client-app.h:57
mib_client_app_acquire_token_silent
MIBPrt * mib_client_app_acquire_token_silent(MIBClientApp *app, MIBAccount *account, GSList *scopes, const gchar *claims_challenge, MIBPopParams *auth_scheme, const gchar *id_token)
Acquire a token without user interaction.
MIB_SCOPE_GRAPH_DEFAULT
#define MIB_SCOPE_GRAPH_DEFAULT
Default scope for graph API.
Definition mib-client-app.h:41
mib_public_client_app_new
MIBClientApp * mib_public_client_app_new(const gchar *client_id, const gchar *authority, GCancellable *cancellable, GError **error)
Start a new session.
MIB_AUTHORITY_COMMON
#define MIB_AUTHORITY_COMMON
Common authority for all tenants.
Definition mib-client-app.h:31
MIB_SSO_URL_DEFAULT
#define MIB_SSO_URL_DEFAULT
Default SSO URL.
Definition mib-client-app.h:36
MIBPrt
void * MIBPrt
Definition mib-prt.h:30
mib_prt_sso_cookie_get_content
const gchar * mib_prt_sso_cookie_get_content(MIBPrtSsoCookie *self)
MIBPrtSsoCookie
void * MIBPrtSsoCookie
Definition mib-prt-sso-cookie.h:31
mib_prt_sso_cookie_get_name
const gchar * mib_prt_sso_cookie_get_name(MIBPrtSsoCookie *self)

Further examples are provided in examples.

Frontend

The sso-mib-tool provides a simple frontend to interact with the library.

For example, the following can be used to obtain a token for sending mail via SMTP:

$ sso-mib-tool acquireTokenInteractive -f json \
-s <client_id> \
-r https://login.microsoftonline.com/common/oauth2/nativeclient \
-x <authority> \
-S offline_access -S 'https://outlook.office365.com/SMTP.Send'

Maintainers

Code Integrity

Since version v0.5, git release tags are signed with one of the following maintainer GPG keys:

  • AF73F6EF5A53CFE304569F50E648A311F67A50FC (Felix Moessbauer)

License

The library is licensed according to the terms of the GNU Lesser General Public License v2.1. The tooling is licensed according to the terms of the GNU Public License v2.0. The examples are licensed according to the terms of the MIT License.

Generated by doxygen 1.9.8