`user.auth.clients.msal`¶

Module Contents¶

Classes¶

`AzureADAttributes`	Holds the expected AzureAD id_token_claims used to ensure the user
`MSALClient`
`MSALConnections`

class user.auth.clients.msal.AzureADAttributes[source]¶

Holds the expected AzureAD id_token_claims used to ensure the user

source_id: str[source]¶

username: str[source]¶

first_name: str[source]¶

last_name: str[source]¶

groups: str[source]¶

preferred_username: str[source]¶

classmethod from_cfg(cfg: dict[str, Any]) → typing_extensions.Self[source]¶

class user.auth.clients.msal.MSALClient[source]¶

property authority: str[source]¶

AUTHORITY_BASE = 'https://login.microsoftonline.com'[source]¶

SIGN_OUT_ENDPOINT = '/oauth2/v2.0/logout'[source]¶

client_id: str[source]¶

client_secret: str[source]¶

tenant_id: str[source]¶

validate_authority: bool[source]¶

attributes: AzureADAttributes[source]¶

primary: bool[source]¶

connection() → msal.ConfidentialClientApplication[source]¶: Returns the msal instance. Upon initiation, the client tries to connect to the authority endpoint. msal always validate the the tenant with an tenant discovery, validate_authority will additionally check the host/instance.

logout_url(logout_redirect: str) → str[source]¶

class user.auth.clients.msal.MSALConnections[source]¶

connections: dict[str, MSALClient][source]¶

client(app: onegov.user.auth.provider.HasApplicationIdAndNamespace) → MSALClient | None[source]¶

classmethod from_cfg(config: dict[str, Any]) → typing_extensions.Self[source]¶