user.auth.clients.msal

Classes

`AzureADAttributes`	Holds the expected AzureAD id_token_claims used to ensure the user
`MSALClient`
`MSALConnections`

Module Contents

class user.auth.clients.msal.AzureADAttributes[source]

Holds the expected AzureAD id_token_claims used to ensure the user

source_id: str[source]

username: str[source]

first_name: str[source]

last_name: str[source]

groups: str[source]

preferred_username: str[source]

classmethod from_cfg(cfg: dict[str, Any]) → Self[source]

class user.auth.clients.msal.MSALClient[source]

AUTHORITY_BASE = 'https://login.microsoftonline.com'[source]

SIGN_OUT_ENDPOINT = '/oauth2/v2.0/logout'[source]

client_id: str[source]

client_secret: str[source]

tenant_id: str[source]

validate_authority: bool[source]

attributes: AzureADAttributes[source]

primary: bool[source]

property connection: msal.ConfidentialClientApplication[source]: Returns the msal instance. Upon initiation, the client tries to connect to the authority endpoint. msal always validate the the tenant with an tenant discovery, validate_authority will additionally check the host/instance.

property authority: str[source]

logout_url(logout_redirect: str) → str[source]

class user.auth.clients.msal.MSALConnections[source]

connections: dict[str, MSALClient][source]

client(app: onegov.user.auth.provider.HasApplicationIdAndNamespace) → MSALClient | None[source]

classmethod from_cfg(config: dict[str, Any]) → Self[source]