sso-mib 0.10.0
Library to interact with the Microsoft Device Broker for SSO
Loading...
Searching...
No Matches
Macros | Typedefs | Enumerations | Functions
Client App

OAuth2 Client Application. More...

Macros

#define MIB_AUTHORITY_COMMON
 Common authority for all tenants.
 
#define MIB_SSO_URL_DEFAULT
 Default SSO URL.
 
#define MIB_SCOPE_GRAPH_DEFAULT
 Default scope for graph API.
 

Typedefs

typedef void * MIBClientApp
 

Enumerations

enum  MIB_PROMPT {
  MIB_PROMPT_UNSET , MIB_PROMPT_NONE , MIB_PROMPT_SELECT_ACCOUNT , MIB_PROMPT_CONSENT ,
  MIB_PROMPT_LOGIN
}
 

Functions

MIBClientAppmib_public_client_app_new (const gchar *client_id, const gchar *authority, GCancellable *cancellable, GError **error)
 Start a new session.
 
const gchar * mib_client_app_get_client_id (const MIBClientApp *self)
 
const gchar * mib_client_app_get_correlation_id (const MIBClientApp *self)
 
const gchar * mib_client_app_get_authority (const MIBClientApp *self)
 
int mib_client_app_get_enforce_interactive (const MIBClientApp *self)
 
void mib_client_app_set_enforce_interactive (MIBClientApp *self, int enforce)
 do not try silent mode first on interactive
 
gchar * mib_client_app_get_broker_redirect_uri (const MIBClientApp *self)
 Returns the client-id specific redirect URI for broker clients, according to https://msal-python.readthedocs.io/en/latest/#publicclientapplication.
 
void mib_client_app_set_redirect_uri (MIBClientApp *self, const gchar *uri)
 Override the address to return to upon receiving a response from the authority.
 
gchar * mib_client_app_get_linux_broker_version (MIBClientApp *app, const gchar *msal_cpp_version)
 Get the version of the Linux broker.
 
void mib_client_app_get_linux_broker_version_async (MIBClientApp *app, const gchar *msal_cpp_version, GAsyncReadyCallback callback, gpointer user_data)
 Get the version of the Linux broker (async)
 
gchar * mib_client_app_get_linux_broker_version_finish (MIBClientApp *app, GAsyncResult *result, GError **error)
 Finish an async get Linux broker version operation.
 
GSList * mib_client_app_get_accounts (MIBClientApp *app)
 Get the accounts associated with the session.
 
void mib_client_app_get_accounts_async (MIBClientApp *app, GAsyncReadyCallback callback, gpointer user_data)
 Get the accounts associated with the session (async)
 
GSList * mib_client_app_get_accounts_finish (MIBClientApp *app, GAsyncResult *result, GError **error)
 Finish an async get accounts operation.
 
MIBAccountmib_client_app_get_account_by_upn (MIBClientApp *app, const gchar *upn)
 Filter the registered accounts by UPN and return the first match.
 
MIBPrtmib_client_app_acquire_token_silent (MIBClientApp *app, MIBAccount *account, GSList *scopes, const gchar *claims_challenge, MIBPopParams *auth_scheme, const gchar *id_token)
 Acquire a token without user interaction.
 
void mib_client_app_acquire_token_silent_async (MIBClientApp *app, MIBAccount *account, GSList *scopes, const gchar *claims_challenge, MIBPopParams *auth_scheme, const gchar *id_token, GAsyncReadyCallback callback, gpointer user_data)
 Acquire a token without user interaction (async)
 
MIBPrtmib_client_app_acquire_token_silent_finish (MIBClientApp *app, GAsyncResult *result, GError **error)
 Finish an async silent token acquisition.
 
MIBPrtmib_client_app_acquire_token_interactive (MIBClientApp *app, GSList *scopes, enum MIB_PROMPT prompt, const gchar *login_hint, const gchar *domain_hint, const gchar *claims_challenge, MIBPopParams *auth_scheme)
 Acquire a token without with user interaction (if needed)
 
void mib_client_app_acquire_token_interactive_async (MIBClientApp *app, GSList *scopes, enum MIB_PROMPT prompt, const gchar *login_hint, const gchar *domain_hint, const gchar *claims_challenge, MIBPopParams *auth_scheme, GAsyncReadyCallback callback, gpointer user_data)
 Acquire a token with user interaction (async)
 
MIBPrtmib_client_app_acquire_token_interactive_finish (MIBClientApp *app, GAsyncResult *result, GError **error)
 Finish an async interactive token acquisition.
 
MIBPrtSsoCookiemib_client_app_acquire_prt_sso_cookie (MIBClientApp *app, MIBAccount *account, const gchar *sso_url, GSList *scopes)
 Acquire a PRT SSO cookie.
 
void mib_client_app_acquire_prt_sso_cookie_async (MIBClientApp *app, MIBAccount *account, const gchar *sso_url, GSList *scopes, GAsyncReadyCallback callback, gpointer user_data)
 Acquire a PRT SSO cookie (async)
 
MIBPrtSsoCookiemib_client_app_acquire_prt_sso_cookie_finish (MIBClientApp *app, GAsyncResult *result, GError **error)
 Finish an async PRT SSO cookie acquisition.
 
gchar * mib_client_app_generate_signed_http_request (MIBClientApp *app, MIBAccount *account, MIBPopParams *pop_params)
 Generate a signed HTTP request.
 
void mib_client_app_generate_signed_http_request_async (MIBClientApp *app, MIBAccount *account, MIBPopParams *pop_params, GAsyncReadyCallback callback, gpointer user_data)
 Generate a signed HTTP request (async)
 
gchar * mib_client_app_generate_signed_http_request_finish (MIBClientApp *app, GAsyncResult *result, GError **error)
 Finish an async signed HTTP request generation.
 
int mib_client_app_remove_account (MIBClientApp *app, MIBAccount *account)
 Signout the account and clear linked token cache.
 
void mib_client_app_remove_account_async (MIBClientApp *app, MIBAccount *account, GAsyncReadyCallback callback, gpointer user_data)
 Signout the account and clear linked token cache (async)
 
int mib_client_app_remove_account_finish (MIBClientApp *app, GAsyncResult *result, GError **error)
 Finish an async remove account operation.
 

Detailed Description

OAuth2 Client Application.

Macro Definition Documentation

◆ MIB_AUTHORITY_COMMON

#define MIB_AUTHORITY_COMMON

Common authority for all tenants.

◆ MIB_SCOPE_GRAPH_DEFAULT

#define MIB_SCOPE_GRAPH_DEFAULT

Default scope for graph API.

◆ MIB_SSO_URL_DEFAULT

#define MIB_SSO_URL_DEFAULT

Default SSO URL.

Typedef Documentation

◆ MIBClientApp

typedef void* MIBClientApp

Enumeration Type Documentation

◆ MIB_PROMPT

enum MIB_PROMPT
Enumerator
MIB_PROMPT_UNSET 
MIB_PROMPT_NONE 
MIB_PROMPT_SELECT_ACCOUNT 
MIB_PROMPT_CONSENT 
MIB_PROMPT_LOGIN 

Function Documentation

◆ mib_client_app_acquire_prt_sso_cookie()

MIBPrtSsoCookie * mib_client_app_acquire_prt_sso_cookie ( MIBClientApp app,
MIBAccount account,
const gchar *  sso_url,
GSList *  scopes 
)

Acquire a PRT SSO cookie.

This function acquires a PRT SSO cookie for the given account, SSO URL and requested scopes.

The user is responsible for freeing the object with g_object_unref .

Note
Synchronous DBus call to acquirePrtSsoCookie
Parameters
appclient app object
accountmib account reference
sso_urlSSO URL
scopeslist of scopes
Returns
PRT SSO cookie struct

◆ mib_client_app_acquire_prt_sso_cookie_async()

void mib_client_app_acquire_prt_sso_cookie_async ( MIBClientApp app,
MIBAccount account,
const gchar *  sso_url,
GSList *  scopes,
GAsyncReadyCallback  callback,
gpointer  user_data 
)

Acquire a PRT SSO cookie (async)

Asynchronous variant of mib_client_app_acquire_prt_sso_cookie.

Note
Asynchronous DBus call to acquirePrtSsoCookie
Parameters
appclient app object
accountmib account reference
sso_urlSSO URL
scopeslist of scopes
callbacka GAsyncReadyCallback to call when the request is done
user_datauser data to pass to the callback

◆ mib_client_app_acquire_prt_sso_cookie_finish()

MIBPrtSsoCookie * mib_client_app_acquire_prt_sso_cookie_finish ( MIBClientApp app,
GAsyncResult *  result,
GError **  error 
)

Finish an async PRT SSO cookie acquisition.

The user is responsible for freeing the object with g_object_unref .

Parameters
appclient app object
resultthe GAsyncResult passed to the callback
errorreturn location for a GError or NULL
Returns
PRT SSO cookie struct or NULL on error

◆ mib_client_app_acquire_token_interactive()

MIBPrt * mib_client_app_acquire_token_interactive ( MIBClientApp app,
GSList *  scopes,
enum MIB_PROMPT  prompt,
const gchar *  login_hint,
const gchar *  domain_hint,
const gchar *  claims_challenge,
MIBPopParams auth_scheme 
)

Acquire a token without with user interaction (if needed)

This function acquires a token and asks the user for the needed data. Note, that (similar to MSAL's implementation), internally a silent token acquire is performed first. In case that fails, the interactive version is performed.

The user is responsible for freeing the object with g_object_unref .

Note
Synchronous DBus call to acquireTokenInteractively
Parameters
appclient app object
scopeslist of scopes (gchar* entries)
promptwhat the user should be asked
login_hintIdentifier of the user. Generally a User Principal Name (UPN) (or NULL)
domain_hintNot Implemented (yet). Set to NULL
claims_challengestring of a JSON object which contains lists of claims being requested from these locations or NULL.
auth_schemePoP parameters or NULL

◆ mib_client_app_acquire_token_interactive_async()

void mib_client_app_acquire_token_interactive_async ( MIBClientApp app,
GSList *  scopes,
enum MIB_PROMPT  prompt,
const gchar *  login_hint,
const gchar *  domain_hint,
const gchar *  claims_challenge,
MIBPopParams auth_scheme,
GAsyncReadyCallback  callback,
gpointer  user_data 
)

Acquire a token with user interaction (async)

Asynchronous variant of mib_client_app_acquire_token_interactive. Internally, a silent token acquire is attempted first (unless mib_client_app_set_enforce_interactive is set). If that fails, the interactive acquire is performed.

Note
Asynchronous DBus call to acquireTokenInteractively
Asynchronous DBus call to getAccounts
Asynchronous DBus call to acquireTokenSilently (if interactive is not enforced)
Parameters
appclient app object
scopeslist of scopes (gchar* entries)
promptwhat the user should be asked
login_hintIdentifier of the user. Generally a User Principal Name (UPN) (or NULL)
domain_hintNot Implemented (yet). Set to NULL
claims_challengeclaims challenge or NULL
auth_schemePoP parameters or NULL
callbacka GAsyncReadyCallback to call when the request is done
user_datauser data to pass to the callback

◆ mib_client_app_acquire_token_interactive_finish()

MIBPrt * mib_client_app_acquire_token_interactive_finish ( MIBClientApp app,
GAsyncResult *  result,
GError **  error 
)

Finish an async interactive token acquisition.

The user is responsible for freeing the object with g_object_unref .

Parameters
appclient app object
resultthe GAsyncResult passed to the callback
errorreturn location for a GError or NULL
Returns
PRT token struct or NULL on error

◆ mib_client_app_acquire_token_silent()

MIBPrt * mib_client_app_acquire_token_silent ( MIBClientApp app,
MIBAccount account,
GSList *  scopes,
const gchar *  claims_challenge,
MIBPopParams auth_scheme,
const gchar *  id_token 
)

Acquire a token without user interaction.

This function acquires a token for the given account and requested scopes.

The user is responsible for freeing the object with g_object_unref .

Note
Synchronous DBus call to acquireTokenSilently
Parameters
appclient app object
accountmib account reference
scopeslist of scopes (gchar* entries)
claims_challengestring of a JSON object which contains lists of claims being requested from these locations or NULL.
auth_schemePoP parameters or NULL
id_tokenID token (NULL to request a fresh one)
Returns
PRT token struct

◆ mib_client_app_acquire_token_silent_async()

void mib_client_app_acquire_token_silent_async ( MIBClientApp app,
MIBAccount account,
GSList *  scopes,
const gchar *  claims_challenge,
MIBPopParams auth_scheme,
const gchar *  id_token,
GAsyncReadyCallback  callback,
gpointer  user_data 
)

Acquire a token without user interaction (async)

Asynchronous variant of mib_client_app_acquire_token_silent.

Note
Asynchronous DBus call to acquireTokenSilently
Parameters
appclient app object
accountmib account reference
scopeslist of scopes (gchar* entries)
claims_challengeclaims challenge or NULL
auth_schemePoP parameters or NULL
id_tokenID token or NULL
callbacka GAsyncReadyCallback to call when the request is done
user_datauser data to pass to the callback

◆ mib_client_app_acquire_token_silent_finish()

MIBPrt * mib_client_app_acquire_token_silent_finish ( MIBClientApp app,
GAsyncResult *  result,
GError **  error 
)

Finish an async silent token acquisition.

The user is responsible for freeing the object with g_object_unref .

Parameters
appclient app object
resultthe GAsyncResult passed to the callback
errorreturn location for a GError or NULL
Returns
PRT token struct or NULL on error

◆ mib_client_app_generate_signed_http_request()

gchar * mib_client_app_generate_signed_http_request ( MIBClientApp app,
MIBAccount account,
MIBPopParams pop_params 
)

Generate a signed HTTP request.

This function implements the Acquiring Access Tokens Protected with Proof-of-Possession (PoP) specification.

The user is responsible for freeing the string with g_free .

Note
Synchronous DBus call to generateSignedHttpRequest
Parameters
appclient app object
accountmib account reference
pop_paramsPoP parameters
Returns
access token (must be freed with g_free())

◆ mib_client_app_generate_signed_http_request_async()

void mib_client_app_generate_signed_http_request_async ( MIBClientApp app,
MIBAccount account,
MIBPopParams pop_params,
GAsyncReadyCallback  callback,
gpointer  user_data 
)

Generate a signed HTTP request (async)

Asynchronous variant of mib_client_app_generate_signed_http_request.

Note
Asynchronous DBus call to generateSignedHttpRequest
Parameters
appclient app object
accountmib account reference
pop_paramsPoP parameters
callbacka GAsyncReadyCallback to call when the request is done
user_datauser data to pass to the callback

◆ mib_client_app_generate_signed_http_request_finish()

gchar * mib_client_app_generate_signed_http_request_finish ( MIBClientApp app,
GAsyncResult *  result,
GError **  error 
)

Finish an async signed HTTP request generation.

The user is responsible for freeing the string with g_free .

Parameters
appclient app object
resultthe GAsyncResult passed to the callback
errorreturn location for a GError or NULL
Returns
access token (must be freed with g_free()) or NULL on error

◆ mib_client_app_get_account_by_upn()

MIBAccount * mib_client_app_get_account_by_upn ( MIBClientApp app,
const gchar *  upn 
)

Filter the registered accounts by UPN and return the first match.

Returns the first registered account that matches the provided "User Principal Name" (upn). If upn is NULL , the first account is returned.

Note
Synchronous DBus call to getAccounts
Parameters
appclient app object
upnUser Principal Name
Returns
first matching account

◆ mib_client_app_get_accounts()

GSList * mib_client_app_get_accounts ( MIBClientApp app)

Get the accounts associated with the session.

Returns a list of MIBAccount entries associated with the application. Which accounts are returned depends on the apps client_id.

The user is responsible for freeing the list, e.g. with g_slist_free_full(accounts,(GDestroyNotify)g_object_unref)

Note
Synchronous DBus call to getAccounts
Parameters
appclient app object
Returns
list of MIBAccount*

◆ mib_client_app_get_accounts_async()

void mib_client_app_get_accounts_async ( MIBClientApp app,
GAsyncReadyCallback  callback,
gpointer  user_data 
)

Get the accounts associated with the session (async)

Asynchronous variant of mib_client_app_get_accounts. When the operation is finished, callback will be called. You can then call mib_client_app_get_accounts_finish to get the result.

Note
Asynchronous DBus call to getAccounts
Parameters
appclient app object
callbacka GAsyncReadyCallback to call when the request is done
user_datauser data to pass to the callback

◆ mib_client_app_get_accounts_finish()

GSList * mib_client_app_get_accounts_finish ( MIBClientApp app,
GAsyncResult *  result,
GError **  error 
)

Finish an async get accounts operation.

Finishes an operation started with mib_client_app_get_accounts_async.

The user is responsible for freeing the list, e.g. with g_slist_free_full(accounts,(GDestroyNotify)g_object_unref)

Parameters
appclient app object
resultthe GAsyncResult passed to the callback
errorreturn location for a GError or NULL
Returns
list of MIBAccount* or NULL on error

◆ mib_client_app_get_authority()

const gchar * mib_client_app_get_authority ( const MIBClientApp self)

◆ mib_client_app_get_broker_redirect_uri()

gchar * mib_client_app_get_broker_redirect_uri ( const MIBClientApp self)

Returns the client-id specific redirect URI for broker clients, according to https://msal-python.readthedocs.io/en/latest/#publicclientapplication.

The caller is responsible for freeing the returned string.

◆ mib_client_app_get_client_id()

const gchar * mib_client_app_get_client_id ( const MIBClientApp self)

◆ mib_client_app_get_correlation_id()

const gchar * mib_client_app_get_correlation_id ( const MIBClientApp self)

◆ mib_client_app_get_enforce_interactive()

int mib_client_app_get_enforce_interactive ( const MIBClientApp self)

◆ mib_client_app_get_linux_broker_version()

gchar * mib_client_app_get_linux_broker_version ( MIBClientApp app,
const gchar *  msal_cpp_version 
)

Get the version of the Linux broker.

Note
Synchronous DBus call to getLinuxBrokerVersion
Parameters
appclient app object
msal_cpp_versionMSAL CPP version (non-empty string, e.g. 1.28.0)
Returns
broker version (or null on error, must be freed with g_free())

◆ mib_client_app_get_linux_broker_version_async()

void mib_client_app_get_linux_broker_version_async ( MIBClientApp app,
const gchar *  msal_cpp_version,
GAsyncReadyCallback  callback,
gpointer  user_data 
)

Get the version of the Linux broker (async)

Asynchronous variant of mib_client_app_get_linux_broker_version.

Note
Asynchronous DBus call to getLinuxBrokerVersion
Parameters
appclient app object
msal_cpp_versionMSAL CPP version (non-empty string, e.g. 1.28.0)
callbacka GAsyncReadyCallback to call when the request is done
user_datauser data to pass to the callback

◆ mib_client_app_get_linux_broker_version_finish()

gchar * mib_client_app_get_linux_broker_version_finish ( MIBClientApp app,
GAsyncResult *  result,
GError **  error 
)

Finish an async get Linux broker version operation.

Parameters
appclient app object
resultthe GAsyncResult passed to the callback
errorreturn location for a GError or NULL
Returns
broker version (or null on error, must be freed with g_free())

◆ mib_client_app_remove_account()

int mib_client_app_remove_account ( MIBClientApp app,
MIBAccount account 
)

Signout the account and clear linked token cache.

Note
Synchronous DBus call to removeAccount
Parameters
appclient app object
accountmib account reference
Returns
0 on success, -1 on error

◆ mib_client_app_remove_account_async()

void mib_client_app_remove_account_async ( MIBClientApp app,
MIBAccount account,
GAsyncReadyCallback  callback,
gpointer  user_data 
)

Signout the account and clear linked token cache (async)

Asynchronous variant of mib_client_app_remove_account.

Note
Asynchronous DBus call to removeAccount
Parameters
appclient app object
accountmib account reference
callbacka GAsyncReadyCallback to call when the request is done
user_datauser data to pass to the callback

◆ mib_client_app_remove_account_finish()

int mib_client_app_remove_account_finish ( MIBClientApp app,
GAsyncResult *  result,
GError **  error 
)

Finish an async remove account operation.

Parameters
appclient app object
resultthe GAsyncResult passed to the callback
errorreturn location for a GError or NULL
Returns
0 on success, -1 on error

◆ mib_client_app_set_enforce_interactive()

void mib_client_app_set_enforce_interactive ( MIBClientApp self,
int  enforce 
)

do not try silent mode first on interactive

When requesting a token via mib_client_app_acquire_token_interactive, internally a non-interactive token acquire is tried first. Only if that fails, the interactive acquire is performed. If set to true, this non-interactive part is skipped.

◆ mib_client_app_set_redirect_uri()

void mib_client_app_set_redirect_uri ( MIBClientApp self,
const gchar *  uri 
)

Override the address to return to upon receiving a response from the authority.

If this method is not called, the broker redirect URI (returned by mib_client_app_get_broker_redirect_uri ) is used.

Note
The redirect URI must be in the list of allowed redirect URIs for the target application. Otherwise, the token acquisition will not work.

◆ mib_public_client_app_new()

MIBClientApp * mib_public_client_app_new ( const gchar *  client_id,
const gchar *  authority,
GCancellable *  cancellable,
GError **  error 
)

Start a new session.

This function creates a new session for the given client_id. The user is responsible for freeing the object with g_object_unref .

Parameters
client_idAzure client application ID
authorityAzure authority URL (e.g. value from MIB_AUTHORITY_COMMON)
cancellableCancellable object or NULL
errorGError object or NULL
Returns
opaque client app object