|
sso-mib 0.6.0
Library to interact with the Microsoft Device Broker for SSO
|
OAuth2 Client Application. More...
Macros | |
| #define | MIB_AUTHORITY_COMMON |
| Common authority for all tenants. | |
| #define | MIB_SSO_URL_DEFAULT |
| Default SSO URL. | |
| #define | MIB_SCOPE_GRAPH_DEFAULT |
| Default scope for graph API. | |
Typedefs | |
| typedef void * | MIBClientApp |
Enumerations | |
| enum | MIB_PROMPT { MIB_PROMPT_UNSET , MIB_PROMPT_NONE , MIB_PROMPT_SELECT_ACCOUNT , MIB_PROMPT_CONSENT , MIB_PROMPT_LOGIN } |
Functions | |
| MIBClientApp * | mib_public_client_app_new (const gchar *client_id, const gchar *authority, GCancellable *cancellable, GError **error) |
| Start a new session. | |
| const gchar * | mib_client_app_get_client_id (const MIBClientApp *self) |
| const gchar * | mib_client_app_get_correlation_id (const MIBClientApp *self) |
| const gchar * | mib_client_app_get_authority (const MIBClientApp *self) |
| int | mib_client_app_get_enforce_interactive (const MIBClientApp *self) |
| void | mib_client_app_set_enforce_interactive (MIBClientApp *self, int enforce) |
| do not try silent mode first on interactive | |
| gchar * | mib_client_app_get_broker_redirect_uri (const MIBClientApp *self) |
| Returns the client-id specific redirect URI for broker clients, according to https://msal-python.readthedocs.io/en/latest/#publicclientapplication. | |
| void | mib_client_app_set_redirect_uri (MIBClientApp *self, const gchar *uri) |
| Override the address to return to upon receiving a response from the authority. | |
| gchar * | mib_client_app_get_linux_broker_version (MIBClientApp *app, const gchar *msal_cpp_version) |
| Get the version of the Linux broker. | |
| GSList * | mib_client_app_get_accounts (MIBClientApp *app) |
| Get the accounts associated with the session. | |
| MIBAccount * | mib_client_app_get_account_by_upn (MIBClientApp *app, const gchar *upn) |
| Filter the registered accounts by UPN and return the first match. | |
| MIBPrt * | mib_client_app_acquire_token_silent (MIBClientApp *app, MIBAccount *account, GSList *scopes, const gchar *claims_challenge, MIBPopParams *auth_scheme, const gchar *id_token) |
| Acquire a token without user interaction. | |
| MIBPrt * | mib_client_app_acquire_token_interactive (MIBClientApp *app, GSList *scopes, enum MIB_PROMPT prompt, const gchar *login_hint, const gchar *domain_hint, const gchar *claims_challenge, MIBPopParams *auth_scheme) |
| Acquire a token without with user interaction (if needed) | |
| MIBPrtSsoCookie * | mib_client_app_acquire_prt_sso_cookie (MIBClientApp *app, MIBAccount *account, const gchar *sso_url, GSList *scopes) |
| Acquire a PRT SSO cookie. | |
| gchar * | mib_client_app_generate_signed_http_request (MIBClientApp *app, MIBAccount *account, MIBPopParams *pop_params) |
| Generate a signed HTTP request. | |
| int | mib_client_app_remove_account (MIBClientApp *app, MIBAccount *account) |
| Signout the account and clear linked token cache. | |
OAuth2 Client Application.
| #define MIB_AUTHORITY_COMMON |
Common authority for all tenants.
| #define MIB_SCOPE_GRAPH_DEFAULT |
Default scope for graph API.
| #define MIB_SSO_URL_DEFAULT |
Default SSO URL.
| typedef void* MIBClientApp |
| enum MIB_PROMPT |
| MIBPrtSsoCookie * mib_client_app_acquire_prt_sso_cookie | ( | MIBClientApp * | app, |
| MIBAccount * | account, | ||
| const gchar * | sso_url, | ||
| GSList * | scopes | ||
| ) |
Acquire a PRT SSO cookie.
This function acquires a PRT SSO cookie for the given account, SSO URL and requested scopes.
The user is responsible for freeing the object with g_object_unref .
acquirePrtSsoCookie | app | client app object |
| account | mib account reference |
| sso_url | SSO URL |
| scopes | list of scopes |
| MIBPrt * mib_client_app_acquire_token_interactive | ( | MIBClientApp * | app, |
| GSList * | scopes, | ||
| enum MIB_PROMPT | prompt, | ||
| const gchar * | login_hint, | ||
| const gchar * | domain_hint, | ||
| const gchar * | claims_challenge, | ||
| MIBPopParams * | auth_scheme | ||
| ) |
Acquire a token without with user interaction (if needed)
This function acquires a token and asks the user for the needed data. Note, that (similar to MSAL's implementation), internally a silent token acquire is performed first. In case that fails, the interactive version is performed.
The user is responsible for freeing the object with g_object_unref .
acquireTokenInteractively | app | client app object |
| scopes | list of scopes (gchar* entries) |
| prompt | what the user should be asked |
| login_hint | Identifier of the user. Generally a User Principal Name (UPN) (or NULL) |
| domain_hint | Not Implemented (yet). Set to NULL |
| claims_challenge | string of a JSON object which contains lists of claims being requested from these locations or NULL. |
| auth_scheme | PoP parameters or NULL |
| MIBPrt * mib_client_app_acquire_token_silent | ( | MIBClientApp * | app, |
| MIBAccount * | account, | ||
| GSList * | scopes, | ||
| const gchar * | claims_challenge, | ||
| MIBPopParams * | auth_scheme, | ||
| const gchar * | id_token | ||
| ) |
Acquire a token without user interaction.
This function acquires a token for the given account and requested scopes.
The user is responsible for freeing the object with g_object_unref .
acquireTokenSilently | app | client app object |
| account | mib account reference |
| scopes | list of scopes (gchar* entries) |
| claims_challenge | string of a JSON object which contains lists of claims being requested from these locations or NULL. |
| auth_scheme | PoP parameters or NULL |
| id_token | ID token (NULL to request a fresh one) |
| gchar * mib_client_app_generate_signed_http_request | ( | MIBClientApp * | app, |
| MIBAccount * | account, | ||
| MIBPopParams * | pop_params | ||
| ) |
Generate a signed HTTP request.
This function implements the Acquiring Access Tokens Protected with Proof-of-Possession (PoP) specification.
The user is responsible for freeing the string with g_free .
generateSignedHttpRequest | app | client app object |
| account | mib account reference |
| pop_params | PoP parameters |
| MIBAccount * mib_client_app_get_account_by_upn | ( | MIBClientApp * | app, |
| const gchar * | upn | ||
| ) |
Filter the registered accounts by UPN and return the first match.
Returns the first registered account that matches the provided "User Principal Name" (upn). If upn is NULL , the first account is returned.
getAccounts | app | client app object |
| upn | User Principal Name |
| GSList * mib_client_app_get_accounts | ( | MIBClientApp * | app | ) |
Get the accounts associated with the session.
Returns a list of MIBAccount entries associated with the application. Which accounts are returned depends on the apps client_id.
The user is responsible for freeing the list, e.g. with g_slist_free_full(accounts,(GDestroyNotify)g_object_unref)
getAccounts | app | client app object |
| const gchar * mib_client_app_get_authority | ( | const MIBClientApp * | self | ) |
| gchar * mib_client_app_get_broker_redirect_uri | ( | const MIBClientApp * | self | ) |
Returns the client-id specific redirect URI for broker clients, according to https://msal-python.readthedocs.io/en/latest/#publicclientapplication.
The caller is responsible for freeing the returned string.
| const gchar * mib_client_app_get_client_id | ( | const MIBClientApp * | self | ) |
| const gchar * mib_client_app_get_correlation_id | ( | const MIBClientApp * | self | ) |
| int mib_client_app_get_enforce_interactive | ( | const MIBClientApp * | self | ) |
| gchar * mib_client_app_get_linux_broker_version | ( | MIBClientApp * | app, |
| const gchar * | msal_cpp_version | ||
| ) |
Get the version of the Linux broker.
getLinuxBrokerVersion | app | client app object |
| msal_cpp_version | MSAL CPP version (non-empty string, e.g. 1.28.0) |
| int mib_client_app_remove_account | ( | MIBClientApp * | app, |
| MIBAccount * | account | ||
| ) |
Signout the account and clear linked token cache.
removeAccount | app | client app object |
| account | mib account reference |
| void mib_client_app_set_enforce_interactive | ( | MIBClientApp * | self, |
| int | enforce | ||
| ) |
do not try silent mode first on interactive
When requesting a token via mib_client_app_acquire_token_interactive, internally a non-interactive token acquire is tried first. Only if that fails, the interactive acquire is performed. If set to true, this non-interactive part is skipped.
| void mib_client_app_set_redirect_uri | ( | MIBClientApp * | self, |
| const gchar * | uri | ||
| ) |
Override the address to return to upon receiving a response from the authority.
If this method is not called, the broker redirect URI (returned by mib_client_app_get_broker_redirect_uri ) is used.
| MIBClientApp * mib_public_client_app_new | ( | const gchar * | client_id, |
| const gchar * | authority, | ||
| GCancellable * | cancellable, | ||
| GError ** | error | ||
| ) |
Start a new session.
This function creates a new session for the given client_id. The user is responsible for freeing the object with g_object_unref .
| client_id | Azure client application ID |
| authority | Azure authority URL (e.g. value from MIB_AUTHORITY_COMMON) |
| cancellable | Cancellable object or NULL |
| error | GError object or NULL |
1.9.8