ms::Graph method token (public)

 <instance of ms::Graph> token [ -grant_type grant_type ] \
    [ -scope scope ] [ -assertion assertion ] \
    [ -requested_token_use requested_token_use ]

Defined in packages/xooauth/tcl/ms-procs.tcl

Get bearer token (access token) from the /oauth2/v2.0/token endpoint, with timestamp validation (based on "expires_in") result. Obtaining the access token is MsGraph dependent. Probably, some of this can be factored out later to one of the super classes.

Switches:

-grant_type (optional, defaults to "client_credentials")

-scope (optional, defaults to "https://graph.microsoft.com/.default")

with prefconfigured permissions: use "https://graph.microsoft.com/.default" Comment: This method performs its own caching via nsvs. It would be better to use the ns_cache framework with it's built-in expiration methods via ns_cache_eval, but we get the expiration time provided from the non-cached call and not upfront, before this call. We do not want to use a hack with double ns_cache calls, so we leave this for the time being.

-assertion (optional)

-requested_token_use (optional)

Testcases:

No testcase defined.

Source code:

if {[nsv_get app_token [self] tokenDict] && $tokenDict ne ""} {
    set access_token [dict get $tokenDict access_token]
    set expiration_date [dict get $tokenDict expiration_date]
    #
    # If access token exists and is not expired we simply
    # return it here
    #
    if {$access_token != "" && $expiration_date > [clock seconds]} {
        #ns_log notice "---- using token and expiration_date from nsv: "  #    "$access_token / $expiration_date (vs. now: [clock seconds])"
        return $access_token
    }
}

#
# Get the access-token from /token endpoint.
# Details: https://docs.microsoft.com/en-us/graph/auth-v2-service
#
set r [:request -method POST  -content_type "application/x-www-form-urlencoded"  -vars {
               {client_secret ${:client_secret}}
               {client_id ${:client_id}}
               scope
               grant_type
               assertion
               requested_token_use
           }  -url https://login.microsoftonline.com/${:tenant}/oauth2/v2.0/token]

ns_log notice "/token POST Request Answer: $r"
if {[dict get $r status] != "200"} {
    error "[self] authentication request returned status code [dict get $r status]"
}

set jsonDict [dict get $r JSON]
if {![dict exists $jsonDict access_token]} {
    error "[self] authentication must return access_token. Got: [dict keys $jsonDict]"
}

if {[dict exists $jsonDict expires_in]} {
    set expire_secs [dict get $jsonDict expires_in]
} else {
    #
    # No "expires_in" specified, fall back to some default.
    #
    set expire_secs 99999
}

#
# Save access-token and expiration date for this request
#
set access_token [dict get $jsonDict access_token]
set expiration_date [clock add [clock seconds] $expire_secs seconds]
nsv_set app_token [self] [list  access_token $access_token  expiration_date $expiration_date]
return $access_token

XQL Not present:

Generic, PostgreSQL, Oracle