AzureAD/microsoft-authentication-library-for-go

# Microsoft Authentication Library (MSAL) for Go The Microsoft Authentication Library (MSAL) for Go is part of the [Microsoft identity platform for developers](https://aka.ms/aaddevv2) (formerly named Azure AD) v2.0. It allows you to sign in users or apps with Microsoft identities ([Azure AD](https://azure.microsoft.com/services/active-directory/) and [Microsoft Accounts](https://account.microsoft.com)) and obtain tokens to call Microsoft APIs such as [Microsoft Graph](https://graph.microsoft.io/) or your own APIs registered with the Microsoft identity platform. It is built using industry standard OAuth2 and OpenID Connect protocols. The latest code resides in the `dev` branch. Quick links: ## Build Status  ## Installation ### Setting up Go To install Go, visit [this link](https://golang.org/dl/). ### Installing MSAL Go `go get -u github.com/AzureAD/microsoft-authentication-library-for-go/` ## Usage Before using MSAL Go, you will need to [register your application with the Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/quickstart-v2-register-an-app). ### Acquiring Tokens Acquiring tokens with MSAL Go follows this general pattern. There might be some slight differences for other token acquisition flows. Here is a basic example: 1. Create a client. MSAL separates [public and confidential client applications](https://tools.ietf.org/html/rfc6749#section-2.1), so call `public.New()` or `confidential.New()` to create the appropriate client for your application. * Initializing a public client: import "github.com/AzureAD/microsoft-authentication-library-for-go/apps/public" publicClient, err := public.New("client_id", public.WithAuthority("https://login.microsoftonline.com/your_tenant")) * Initializing a confidential client: import "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential" // confidential clients have a credential, such as a secret or a certificate cred, err := confidential.NewCredFromSecret("client_secret") if err != nil { // TODO: handle error } confidentialClient, err := confidential.New("https://login.microsoftonline.com/your_tenant", "client_id", cred) * Initializing a Managed Identity client for SystemAssigned: import mi "github.com/AzureAD/microsoft-authentication-library-for-go/apps/managedidentity" // Managed identity client have a type of ID required, SystemAssigned or UserAssigned miSystemAssigned, err := mi.New(mi.SystemAssigned()) if err != nil { // TODO: handle error } * Initializing a Managed Identity client for UserAssigned: import mi "github.com/AzureAD/microsoft-authentication-library-for-go/apps/managedidentity" // Managed identity client have a type of ID required, SystemAssigned or UserAssigned miSystemAssigned, err := mi.New(mi.UserAssignedClientID("YOUR_CLIENT_ID")) if err != nil { // TODO: handle error } 2. Call `AcquireTokenSilent()` to look for a cached token. If `AcquireTokenSilent()` returns an error, call another `AcquireToken...` method to authenticate. * Public clients should specify a user account, if one is available: // If your application previously authenticated a user, call AcquireTokenSilent with that user's account // to use cached authentication data. This example shows choosing an account from the cache, however this // isn't always necessary because the AuthResult returned by authentication methods includes user account // information. accounts, err := client.Accounts(context.TODO()) if err != nil { // TODO: handle error } if len(accounts) > 0 { // There may be more accounts; here we assume the first one is wanted. // AcquireTokenSilent returns a non-nil error when it can't provide a token. result, err = client.AcquireTokenSilent(context.TODO(), scopes, public.WithSilentAccount(accounts[0])) } if err != nil || len(accounts) == 0 { // cache miss, authenticate a user with another AcquireToken* method result, err = client.AcquireTokenInteractive(context.TODO(), scopes) if err != nil { // TODO: handle error } } // TODO: save the authenticated user's account, use the access token userAccount := result.Account accessToken := result.AccessToken * Confidential clients can simply call `AcquireTokenSilent()`: scopes := []string{"scope"} result, err := confidentialClient.AcquireTokenSilent(context.TODO(), scopes) if err != nil { // cache miss, authenticate with another AcquireToken... method result, err = confidentialClient.AcquireTokenByCredential(context.TODO(), scopes) if err != nil { // TODO: handle error } } accessToken := result.AccessToken * ManagedIdentity client can simply call `AcquireToken()`: resource := "" result, err := miSystemAssigned.AcquireToken(context.TODO(), resource) if err != nil { // TODO: handle error } accessToken := result.AccessToken ## Submit Feedback We'd like your thoughts on this library. Please complete [this short survey.](https://forms.office.com/r/s4waBAytFJ) ## Security Library This library controls how users sign-in and access services. We recommend you always take the latest version of our library in your app when possible. We use [semantic versioning](http://semver.org) so you can control the risk associated with updating your app. As an example, always downloading the latest minor version number (e.g. x.*y*.x) ensures you get the latest security and feature enhancements but our API surface remains the same. You can always see the latest version and release notes under the Releases tab of GitHub. ## Security Reporting If you find a security issue with our libraries or services please report it to [secure@microsoft.com](mailto:secure@microsoft.com) with as much detail as possible. Your submission may be eligible for a bounty through the [Microsoft Bounty](http://aka.ms/bugbounty) program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting [this page](https://technet.microsoft.com/en-us/security/dd252948) and subscribing to Security Advisory Alerts. Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License (the "License").

标签：EVTX分析