Skip to content

Instantly share code, notes, and snippets.

@jim-minter
Created November 27, 2019 14:25
Show Gist options
  • Save jim-minter/de0b581fb74435eb5a602bf5b02668ae to your computer and use it in GitHub Desktop.
Save jim-minter/de0b581fb74435eb5a602bf5b02668ae to your computer and use it in GitHub Desktop.
package main
import (
"fmt"
"os"
"github.com/Azure/go-autorest/autorest/azure"
"github.com/Azure/go-autorest/autorest/azure/auth"
"github.com/dgrijalva/jwt-go"
)
func main() {
roles, err := appRoles()
if err != nil {
panic(err)
}
for _, role := range roles {
if role == "Application.ReadWrite.OwnedBy" {
fmt.Println("found role!")
}
}
}
type azureClaim struct {
Roles []string `json:"roles,omitempty"`
}
func (*azureClaim) Valid() error {
return fmt.Errorf("unimplemented")
}
func appRoles() (roles []string, err error) {
cc := auth.ClientCredentialsConfig{
ClientID: os.Getenv(auth.ClientID),
ClientSecret: os.Getenv(auth.ClientSecret),
TenantID: os.Getenv(auth.TenantID),
Resource: azure.PublicCloud.GraphEndpoint,
AADEndpoint: azure.PublicCloud.ActiveDirectoryEndpoint,
}
token, err := cc.ServicePrincipalToken()
if err != nil {
return
}
err = token.EnsureFresh()
if err != nil {
return
}
p := &jwt.Parser{}
c := &azureClaim{}
_, _, err = p.ParseUnverified(token.OAuthToken(), c)
if err != nil {
return
}
return c.Roles, nil
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment