ms::Graph method token (public)
<instance of ms::Graph> token [ -grant_type grant_type ] \ [ -scope scope ] [ -assertion assertion ] \ [ -requested_token_use requested_token_use ]
Defined in packages/xooauth/tcl/ms-procs.tcl
Get bearer token (access token) from the /oauth2/v2.0/token endpoint, with timestamp validation (based on "expires_in") result. Obtaining the access token is MsGraph dependent. Probably, some of this can be factored out later to one of the super classes.
- Switches:
- -grant_type (optional, defaults to
"client_credentials"
)- -scope (optional, defaults to
"https://graph.microsoft.com/.default"
)- with prefconfigured permissions: use "https://graph.microsoft.com/.default" Comment: This method performs its own caching via nsvs. It would be better to use the ns_cache framework with it's built-in expiration methods via ns_cache_eval, but we get the expiration time provided from the non-cached call and not upfront, before this call. We do not want to use a hack with double ns_cache calls, so we leave this for the time being.
- -assertion (optional)
- -requested_token_use (optional)
- Testcases:
- No testcase defined.
Source code: if {[nsv_get app_token [self] tokenDict] && $tokenDict ne ""} { set access_token [dict get $tokenDict access_token] set expiration_date [dict get $tokenDict expiration_date] # # If access token exists and is not expired we simply # return it here # if {$access_token != "" && $expiration_date > [clock seconds]} { #ns_log notice "---- using token and expiration_date from nsv: " # "$access_token / $expiration_date (vs. now: [clock seconds])" return $access_token } } # # Get the access-token from /token endpoint. # Details: https://docs.microsoft.com/en-us/graph/auth-v2-service # set r [:request -method POST -content_type "application/x-www-form-urlencoded" -vars { {client_secret ${:client_secret}} {client_id ${:client_id}} scope grant_type assertion requested_token_use } -url https://login.microsoftonline.com/${:tenant}/oauth2/v2.0/token] ns_log notice "/token POST Request Answer: $r" if {[dict get $r status] != "200"} { error "[self] authentication request returned status code [dict get $r status]" } set jsonDict [dict get $r JSON] if {![dict exists $jsonDict access_token]} { error "[self] authentication must return access_token. Got: [dict keys $jsonDict]" } if {[dict exists $jsonDict expires_in]} { set expire_secs [dict get $jsonDict expires_in] } else { # # No "expires_in" specified, fall back to some default. # set expire_secs 99999 } # # Save access-token and expiration date for this request # set access_token [dict get $jsonDict access_token] set expiration_date [clock add [clock seconds] $expire_secs seconds] nsv_set app_token [self] [list access_token $access_token expiration_date $expiration_date] return $access_tokenXQL Not present: Generic, PostgreSQL, Oracle