Class ::ms::Authorize

::ms::Authorize[i] create ... \
           [ -after_successful_login_url (default "/pvt/") ] \
           [ -base_url base_url ] \
           [ -client_id client_id ] \
           [ -client_secret client_secret ] \
           [ -create_not_registered_users:boolean (default "false") ] \
           [ -create_with_dotlrn_role (default "") ] \
           [ -debug:boolean (default "false") ] \
           [ -login_failure_url (default "/") ] \
           [ -pretty_name (default "Azure") ] \
           [ -responder_url (default "/oauth/azure-login-handler") ] \
           [ -response_type (default "code id_token") ] \
           [ -scope (default "openid offline_access profile") ] \
           [ -tenant tenant ] \
           [ -version (default "") ]

Support for the Microsoft Microsoft identity platform ID tokens to login/logout via MS Azure accounts. https://learn.microsoft.com/en-us/azure/active-directory/develop/id-tokens
Defined in packages/xooauth/tcl/ms-procs.tcl

Class Relations

  • class: ::nx::Class[i]
  • superclass: ::xo::Authorize[i]
::nx::Class create ::ms::Authorize \
     -superclass ::xo::Authorize

Methods (to be applied on instances)

  • login_url (scripted, public)

     <instance of ms::Authorize[i]> login_url [ -prompt prompt ] \
        [ -return_url return_url ] [ -login_hint login_hint ] \
        [ -domain_hint domain_hint ] [ -code_challenge code_challenge ] \
        [ -code_challenge_method code_challenge_method ]

    Returns the URL for logging in "oauth2/authorize" is defined in RFC 6749, but requests for MS id-tokens inversion v1.0 and v2.0 are defined here: https://learn.microsoft.com/en-us/azure/active-directory/develop/id-tokens

    Switches:
    -prompt (optional)
    -return_url (optional)
    -login_hint (optional)
    -domain_hint (optional)
    -code_challenge (optional)
    -code_challenge_method (optional)

    Testcases:
    No testcase defined.
    if {${:version} in {"" "v1.0"}} {
        set base https://login.microsoftonline.com/common/oauth2/authorize
    } else {
        #
        # When version "v2.0" is used, the concrete tenant
        # (i.e. not "common" as in the earlier version) has to
        # be specified, unless the MS application is
        # configured as a multi-tenant application.
        #
        set base https://login.microsoftonline.com/${:tenant}/oauth2/${:version}/authorize
    }
    
    set client_id ${:client_id}
    set scope ${:scope}
    set response_type ${:response_type}
    set nonce [::xo::oauth::nonce]
    set response_mode form_post
    set state [:encoded_state -return_url $return_url]
    set redirect_uri [:qualified ${:responder_url}]
    
    return [export_vars -no_empty -base $base {
        client_id response_type redirect_uri response_mode
        state scope nonce prompt login_hint domain_hint
        code_challenge code_challenge_method
    }]
  • logout (scripted, public)

     <instance of ms::Authorize[i]> logout

    Perform logout operation form MS in the background (i.e. without a redirect).

    Testcases:
    No testcase defined.
    ns_http run [:logout_url]
  • logout_url (scripted, public)

     <instance of ms::Authorize[i]> logout_url \
        [ -return_url return_url ]

    Returns the URL for logging out. After the logout, azure redirects to the given page.

    Switches:
    -return_url (optional)

    Testcases:
    No testcase defined.
    set base https://login.microsoftonline.com/common/oauth2/logout
    set post_logout_redirect_uri [:qualified $return_url]
    return [export_vars -no_empty -base $base {
        post_logout_redirect_uri
    }]