Documentation
¶
Index ¶
- func DeleteToken(profileName string) error
- func GraphScopes(scopes []string) []string
- func LoginAppOnly(ctx context.Context, profile *config.Profile, clientSecret string, ...) (azcore.AccessToken, error)
- func LoginCertificate(ctx context.Context, profile *config.Profile, pemPath string, ipv4Only bool) (azcore.AccessToken, error)
- func LoginDelegated(ctx context.Context, profile *config.Profile, ipv4Only bool) (azcore.AccessToken, error)
- func RefreshAppOnly(ctx context.Context, profile *config.Profile, cache *TokenCache, ipv4Only bool) (azcore.AccessToken, error)
- func ShouldUseIPv4(cfg *config.Config) bool
- func StoreToken(profileName string, cache *TokenCache) error
- type TokenCache
- type TokenInfo
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GraphScopes ¶
GraphScopes converts a list of short scope names to full URIs
func LoginAppOnly ¶
func LoginAppOnly(ctx context.Context, profile *config.Profile, clientSecret string, ipv4Only bool) (azcore.AccessToken, error)
LoginAppOnly performs client credentials flow authentication (app-only). The client secret is stored encrypted for unattended token refresh.
func LoginCertificate ¶
func LoginCertificate(ctx context.Context, profile *config.Profile, pemPath string, ipv4Only bool) (azcore.AccessToken, error)
LoginCertificate performs certificate-based authentication (app-only). The PEM file must contain both the certificate and private key.
func LoginDelegated ¶
func LoginDelegated(ctx context.Context, profile *config.Profile, ipv4Only bool) (azcore.AccessToken, error)
LoginDelegated performs device-code flow authentication
func RefreshAppOnly ¶
func RefreshAppOnly(ctx context.Context, profile *config.Profile, cache *TokenCache, ipv4Only bool) (azcore.AccessToken, error)
RefreshAppOnly uses a stored client secret to get a fresh app-only token. Returns the new token and updates the cache in place. Caller must persist the cache.
func ShouldUseIPv4 ¶
ShouldUseIPv4 returns true if IPv4-only transport should be used. Checks CB365_IPV4_ONLY env var and config setting.
func StoreToken ¶
func StoreToken(profileName string, cache *TokenCache) error
StoreToken securely stores a token
Types ¶
type TokenCache ¶
type TokenCache struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token,omitempty"`
ClientSecret string `json:"client_secret,omitempty"`
ExpiresAt string `json:"expires_at"`
TokenType string `json:"token_type"`
Scope string `json:"scope"`
}
TokenCache represents cached authentication data SECURITY: Never log or print this struct — it contains secrets
func LoadToken ¶
func LoadToken(profileName string) (*TokenCache, error)
LoadToken retrieves a token
type TokenInfo ¶
type TokenInfo struct {
Subject string `json:"subject,omitempty"`
UPN string `json:"upn,omitempty"`
Name string `json:"name,omitempty"`
TenantID string `json:"tenant_id,omitempty"`
AppName string `json:"app_name,omitempty"`
Scopes []string `json:"scopes,omitempty"`
ExpiresAt string `json:"expires_at,omitempty"`
ValidFor string `json:"valid_for,omitempty"`
IsExpired bool `json:"is_expired"`
}
TokenInfo represents decoded JWT claims for display SECURITY: This is for display only — never contains the raw token
func DecodeTokenInfo ¶
DecodeTokenInfo extracts display-safe info from a JWT access token SECURITY: Only extracts claims — does NOT validate the token signature
Source Files