user.auth.clients.msal
======================

.. py:module:: user.auth.clients.msal


Classes
-------

.. autoapisummary::

   user.auth.clients.msal.AzureADAttributes
   user.auth.clients.msal.MSALClient
   user.auth.clients.msal.MSALConnections


Module Contents
---------------

.. py:class:: AzureADAttributes

   Holds the expected AzureAD id_token_claims used to ensure the user 


   .. py:attribute:: source_id
      :type:  str


   .. py:attribute:: username
      :type:  str


   .. py:attribute:: first_name
      :type:  str


   .. py:attribute:: last_name
      :type:  str


   .. py:attribute:: groups
      :type:  str


   .. py:attribute:: preferred_username
      :type:  str


   .. py:method:: from_cfg(cfg: dict[str, Any]) -> Self
      :classmethod:



.. py:class:: MSALClient

   .. py:attribute:: AUTHORITY_BASE
      :value: 'https://login.microsoftonline.com'



   .. py:attribute:: SIGN_OUT_ENDPOINT
      :value: '/oauth2/v2.0/logout'



   .. py:attribute:: client_id
      :type:  str


   .. py:attribute:: client_secret
      :type:  str


   .. py:attribute:: tenant_id
      :type:  str


   .. py:attribute:: validate_authority
      :type:  bool


   .. py:attribute:: attributes
      :type:  AzureADAttributes


   .. py:attribute:: primary
      :type:  bool


   .. py:property:: connection
      :type: msal.ConfidentialClientApplication


      Returns the msal instance. Upon initiation, the client tries to
      connect to the authority endpoint. msal always validate the the tenant
      with an tenant discovery, `validate_authority` will additionally check
      the host/instance.



   .. py:property:: authority
      :type: str



   .. py:method:: logout_url(logout_redirect: str) -> str


.. py:class:: MSALConnections

   .. py:attribute:: connections
      :type:  dict[str, MSALClient]


   .. py:method:: client(app: onegov.user.auth.provider.HasApplicationIdAndNamespace) -> MSALClient | None


   .. py:method:: from_cfg(config: dict[str, Any]) -> Self
      :classmethod: