Documentation ¶
Overview ¶
Package storage holds all cached token information for MSAL. This storage can be augmented with third-party extensions to provide persistent storage. In that case, reads and writes in upper packages will call Marshal() to take the entire in-memory representation and write it to storage and Unmarshal() to update the entire in-memory storage with what was in the persistent storage. The persistent storage can only be accessed in this way because multiple MSAL clients written in multiple languages can access the same storage and must adhere to the same method that was defined previously.
Index ¶
- Variables
- type AccessToken
- type AppMetaData
- type Contract
- type IDToken
- type InMemoryContract
- type Manager
- func (m *Manager) Account(homeAccountID string) shared.Account
- func (m *Manager) AllAccounts() []shared.Account
- func (m *Manager) Marshal() ([]byte, error)
- func (m *Manager) Read(ctx context.Context, authParameters authority.AuthParams) (TokenResponse, error)
- func (m *Manager) RemoveAccount(account shared.Account, clientID string)
- func (m *Manager) Unmarshal(b []byte) error
- func (m *Manager) Write(authParameters authority.AuthParams, tokenResponse accesstokens.TokenResponse) (shared.Account, error)
- type PartitionedManager
- func (m *PartitionedManager) Marshal() ([]byte, error)
- func (m *PartitionedManager) Read(ctx context.Context, authParameters authority.AuthParams) (TokenResponse, error)
- func (m *PartitionedManager) Unmarshal(b []byte) error
- func (m *PartitionedManager) Write(authParameters authority.AuthParams, tokenResponse accesstokens.TokenResponse) (shared.Account, error)
- type TokenResponse
Constants ¶
This section is empty.
Variables ¶
var FakeValidate func(AccessToken) error
FakeValidate enables tests to fake access token validation
Functions ¶
This section is empty.
Types ¶
type AccessToken ¶
type AccessToken struct { HomeAccountID string `json:"home_account_id,omitempty"` Environment string `json:"environment,omitempty"` Realm string `json:"realm,omitempty"` CredentialType string `json:"credential_type,omitempty"` ClientID string `json:"client_id,omitempty"` Secret string `json:"secret,omitempty"` Scopes string `json:"target,omitempty"` ExpiresOn internalTime.Unix `json:"expires_on,omitempty"` ExtendedExpiresOn internalTime.Unix `json:"extended_expires_on,omitempty"` CachedAt internalTime.Unix `json:"cached_at,omitempty"` UserAssertionHash string `json:"user_assertion_hash,omitempty"` TokenType string `json:"token_type,omitempty"` AuthnSchemeKeyID string `json:"keyid,omitempty"` AdditionalFields map[string]interface{} }
AccessToken is the JSON representation of a MSAL access token for encoding to storage.
func NewAccessToken ¶
func NewAccessToken(homeID, env, realm, clientID string, cachedAt, expiresOn, extendedExpiresOn time.Time, scopes, token, tokenType, authnSchemeKeyID string) AccessToken
NewAccessToken is the constructor for AccessToken.
func (AccessToken) Key ¶
func (a AccessToken) Key() string
Key outputs the key that can be used to uniquely look up this entry in a map.
func (AccessToken) Validate ¶
func (a AccessToken) Validate() error
Validate validates that this AccessToken can be used.
type AppMetaData ¶
type AppMetaData struct { FamilyID string `json:"family_id,omitempty"` ClientID string `json:"client_id,omitempty"` Environment string `json:"environment,omitempty"` AdditionalFields map[string]interface{} }
AppMetaData is the JSON representation of application metadata for encoding to storage.
func NewAppMetaData ¶
func NewAppMetaData(familyID, clientID, environment string) AppMetaData
NewAppMetaData is the constructor for AppMetaData.
func (AppMetaData) Key ¶
func (a AppMetaData) Key() string
Key outputs the key that can be used to uniquely look up this entry in a map.
type Contract ¶
type Contract struct { AccessTokens map[string]AccessToken `json:"AccessToken,omitempty"` RefreshTokens map[string]accesstokens.RefreshToken `json:"RefreshToken,omitempty"` IDTokens map[string]IDToken `json:"IdToken,omitempty"` Accounts map[string]shared.Account `json:"Account,omitempty"` AppMetaData map[string]AppMetaData `json:"AppMetadata,omitempty"` AdditionalFields map[string]interface{} }
Contract is the JSON structure that is written to any storage medium when serializing the internal cache. This design is shared between MSAL versions in many languages. This cannot be changed without design that includes other SDKs.
type IDToken ¶
type IDToken struct { HomeAccountID string `json:"home_account_id,omitempty"` Environment string `json:"environment,omitempty"` Realm string `json:"realm,omitempty"` CredentialType string `json:"credential_type,omitempty"` ClientID string `json:"client_id,omitempty"` Secret string `json:"secret,omitempty"` UserAssertionHash string `json:"user_assertion_hash,omitempty"` AdditionalFields map[string]interface{} }
IDToken is the JSON representation of an MSAL id token for encoding to storage.
func NewIDToken ¶
NewIDToken is the constructor for IDToken.
type InMemoryContract ¶ added in v0.4.0
type InMemoryContract struct { AccessTokensPartition map[string]map[string]AccessToken RefreshTokensPartition map[string]map[string]accesstokens.RefreshToken IDTokensPartition map[string]map[string]IDToken AccountsPartition map[string]map[string]shared.Account AppMetaData map[string]AppMetaData }
Contract is the JSON structure that is written to any storage medium when serializing the internal cache. This design is shared between MSAL versions in many languages. This cannot be changed without design that includes other SDKs.
func NewInMemoryContract ¶ added in v0.4.0
func NewInMemoryContract() *InMemoryContract
NewContract is the constructor for Contract.
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager is an in-memory cache of access tokens, accounts and meta data. This data is updated on read/write calls. Unmarshal() replaces all data stored here with whatever was given to it on each call.
func (*Manager) AllAccounts ¶
func (*Manager) Read ¶
func (m *Manager) Read(ctx context.Context, authParameters authority.AuthParams) (TokenResponse, error)
Read reads a storage token from the cache if it exists.
func (*Manager) RemoveAccount ¶ added in v0.3.0
RemoveAccount removes all the associated ATs, RTs and IDTs from the cache associated with this account.
func (*Manager) Write ¶
func (m *Manager) Write(authParameters authority.AuthParams, tokenResponse accesstokens.TokenResponse) (shared.Account, error)
Write writes a token response to the cache and returns the account information the token is stored with.
type PartitionedManager ¶ added in v0.4.0
type PartitionedManager struct {
// contains filtered or unexported fields
}
PartitionedManager is a partitioned in-memory cache of access tokens, accounts and meta data.
func NewPartitionedManager ¶ added in v0.4.0
func NewPartitionedManager(requests *oauth.Client) *PartitionedManager
NewPartitionedManager is the constructor for PartitionedManager.
func (*PartitionedManager) Marshal ¶ added in v0.4.0
func (m *PartitionedManager) Marshal() ([]byte, error)
Marshal implements cache.Marshaler.
func (*PartitionedManager) Read ¶ added in v0.4.0
func (m *PartitionedManager) Read(ctx context.Context, authParameters authority.AuthParams) (TokenResponse, error)
Read reads a storage token from the cache if it exists.
func (*PartitionedManager) Unmarshal ¶ added in v0.4.0
func (m *PartitionedManager) Unmarshal(b []byte) error
Unmarshal implements cache.Unmarshaler.
func (*PartitionedManager) Write ¶ added in v0.4.0
func (m *PartitionedManager) Write(authParameters authority.AuthParams, tokenResponse accesstokens.TokenResponse) (shared.Account, error)
Write writes a token response to the cache and returns the account information the token is stored with.
type TokenResponse ¶
type TokenResponse struct { RefreshToken accesstokens.RefreshToken IDToken IDToken // *Credential AccessToken AccessToken Account shared.Account }
TokenResponse mimics a token response that was pulled from the cache.