Last active
July 30, 2020 08:50
-
-
Save vladbarosan/74019046b8e9c9a49ff67d6634e7736d to your computer and use it in GitHub Desktop.
aadAuthCodeExample.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"fmt" | |
"math/rand" | |
"net/http" | |
"github.com/Azure/go-autorest/autorest/adal" | |
"github.com/Azure/go-autorest/autorest/azure" | |
) | |
const ( | |
clientID = "<clientId>" //AAD App Client Id | |
clientSecret = "<clientsecret>" //AAD App Client Secret | |
tenant = "<tenant>" //Tenant of the AAD App | |
redirectURI = "http://localhost:3000/getAToken" //Redirect URI to be used by AAD after auth of user. This is user the Auth code is sent | |
resource = "<AAD resource to auth>" // ex: azure.PublicCloud.ResourceManagerEndpoint | |
) | |
var () | |
// Auth handler which will redirect to AAD | |
func authHandler(w http.ResponseWriter, r *http.Request) { | |
token := randToken(48) | |
ck := http.Cookie{ | |
Name: "state", | |
Value: token, | |
} | |
http.SetCookie(w, &ck) | |
authorizationURL := fmt.Sprintf("https://login.microsoftonline.com/%v/oauth2/authorize?response_type=code&client_id=%v&redirect_uri=%v&state=%v&resource=%v", tenant, clientID, redirectURI, token, resource) | |
http.Redirect(w, r, authorizationURL, 301) | |
} | |
// process the redirection from AAD | |
func aadAuthHandler(w http.ResponseWriter, r *http.Request) { | |
authorizationCode := r.URL.Query().Get("code") | |
env := azure.PublicCloud | |
ck, err := r.Cookie("state") | |
if err == nil && r.URL.Query().Get("state") != ck.Value { | |
fmt.Fprintf(w, "Error: State is not the same") | |
} | |
oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, tenant) | |
if err != nil { | |
fmt.Print(err) | |
} | |
spToken, err := adal.NewServicePrincipalTokenFromAuthorizationCode(*oauthConfig, clientID, clientSecret, authorizationCode, redirectURI, resource) | |
err = spToken.Refresh() | |
if err == nil { | |
fmt.Fprintf(w, "Hello with token %v", spToken.Token) | |
} else { | |
fmt.Fprintf(w, "Error receiving token %v", err) | |
} | |
} | |
func randToken(n int) string { | |
letters := []rune("ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") | |
b := make([]rune, n) | |
for i := range b { | |
b[i] = letters[rand.Intn(len(letters))] | |
} | |
return string(b) | |
} | |
func main() { | |
http.HandleFunc("/auth", authHandler) | |
http.HandleFunc("/getAToken", aadAuthHandler) | |
http.ListenAndServe(":3000", nil) | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"context" | |
"fmt" | |
"math/rand" | |
"net/http" | |
"golang.org/x/oauth2" | |
"golang.org/x/oauth2/microsoft" | |
) | |
const ( | |
clientID = "<clientId>" //AAD App Client Id | |
clientSecret = "<clientSecret>" //AAD App Client Secret | |
tenant = "<tenant>" //Tenant of the AAD App | |
redirectURI = "http://localhost:3011/getAToken" //Redirect URI to be used by AAD after auth of user. This is user the Auth code is sent | |
scope = "<AAD scope>" // ex: https://graph.microsoft.com/mail.read | |
) | |
var ( | |
xOauth2Config = oauth2.Config{ | |
ClientID: clientID, | |
ClientSecret: clientSecret, | |
RedirectURL: redirectURI, | |
Endpoint: microsoft.AzureADEndpoint(tenant), | |
Scopes: []string{scope}, | |
} | |
) | |
// Auth handler which will redirect to AAD | |
func authHandler(w http.ResponseWriter, r *http.Request) { | |
state := randToken(48) | |
authorizationURL := xOauth2Config.AuthCodeURL(state) | |
http.Redirect(w, r, authorizationURL, 301) | |
} | |
// process the redirection from AAD | |
func aadAuthHandler(w http.ResponseWriter, r *http.Request) { | |
authorizationCode := r.URL.Query().Get("code") | |
ck, err := r.Cookie("state") | |
if err == nil && (r.URL.Query().Get("state") != ck.Value) { | |
fmt.Fprintf(w, "Error: State is not the same") | |
} | |
oAuthToken, err := xOauth2Config.Exchange(context.Background(), authorizationCode) | |
if err != nil { | |
fmt.Print(err) | |
} | |
fmt.Fprintf(w, "Hello with Oauth token %v", oAuthToken) | |
} | |
func homeHandler(w http.ResponseWriter, r *http.Request) { | |
fmt.Fprintf(w, "Welcome to testing golang") | |
} | |
func randToken(n int) string { | |
letters := []rune("ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") | |
b := make([]rune, n) | |
for i := range b { | |
b[i] = letters[rand.Intn(len(letters))] | |
} | |
return string(b) | |
} | |
func main() { | |
http.HandleFunc("/auth", authHandler) | |
http.HandleFunc("/getAToken", aadAuthHandler) | |
http.HandleFunc("/", homeHandler) | |
http.ListenAndServe(":3011", nil) | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment