From 7d8e3695ac7443d452d91a7c212c6fe59b44378f Mon Sep 17 00:00:00 2001 From: Bogdan Gavril Date: Thu, 4 Jan 2024 13:49:13 +0000 Subject: [PATCH] Address PR comments --- .../devapps/client_certificate_sample.go | 25 +++++++++---- apps/tests/devapps/client_secret_sample.go | 35 +++++++++++-------- apps/tests/devapps/main.go | 15 ++++---- 3 files changed, 46 insertions(+), 29 deletions(-) diff --git a/apps/tests/devapps/client_certificate_sample.go b/apps/tests/devapps/client_certificate_sample.go index 45a824d6..e689bca7 100644 --- a/apps/tests/devapps/client_certificate_sample.go +++ b/apps/tests/devapps/client_certificate_sample.go @@ -12,10 +12,16 @@ import ( "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential" ) -func acquireTokenClientCertificate() { - config := CreateConfig("confidential_config.json") +var _config2 *Config = CreateConfig("confidential_config.json") + +// Keep the ConfidentialClient application object around, because it maintains a token cache +// For simplicity, the sample uses global variables. +// For user flows (web site, web api) or for large multi-tenant apps use a cache per user or per tenant +var _app2 *confidential.Client = createAppWithCert() + +func createAppWithCert() *confidential.Client { - pemData, err := os.ReadFile(config.PemData) + pemData, err := os.ReadFile(_config2.PemData) if err != nil { log.Fatal(err) } @@ -30,12 +36,19 @@ func acquireTokenClientCertificate() { if err != nil { log.Fatal(err) } - app, err := confidential.New(config.Authority, config.ClientID, cred, confidential.WithCache(cacheAccessor)) + app, err := confidential.New(_config2.Authority, _config2.ClientID, cred, confidential.WithCache(cacheAccessor)) if err != nil { log.Fatal(err) } + return &app +} - result, err := app.AcquireTokenByCredential(context.Background(), config.Scopes) +func acquireTokenClientCertificate() { + + result, err := _app2.AcquireTokenByCredential(context.Background(), _config1.Scopes) + if err != nil { + log.Fatal(err) + } - fmt.Println("Got a token using the certificate. It expires on", result.ExpiresOn) + fmt.Println("A Bearer token was acquired, it expires on: ", result.ExpiresOn) } diff --git a/apps/tests/devapps/client_secret_sample.go b/apps/tests/devapps/client_secret_sample.go index d640b55b..61a8d1d3 100644 --- a/apps/tests/devapps/client_secret_sample.go +++ b/apps/tests/devapps/client_secret_sample.go @@ -11,25 +11,30 @@ import ( "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential" ) +var _config1 *Config = CreateConfig("confidential_config.json") + // Keep the ConfidentialClient application object around, because it maintains a token cache -var _app *confidential.Client +// For simplicity, the sample uses global variables. +// For user flows (web site, web api) or for large multi-tenant apps use a cache per user or per tenant +var _app1 *confidential.Client = createAppWithSecret() -func acquireTokenClientSecret() { - config := CreateConfig("confidential_config.json") - - if _app == nil { - cred, err := confidential.NewCredFromSecret(config.ClientSecret) - if err != nil { - log.Fatal(err) - } - app, err := confidential.New(config.Authority, config.ClientID, cred) - if err != nil { - log.Fatal(err) - } - _app = &app +func createAppWithSecret() *confidential.Client { + + cred, err := confidential.NewCredFromSecret(_config1.ClientSecret) + if err != nil { + log.Fatal(err) + } + app, err := confidential.New(_config1.Authority, _config1.ClientID, cred) + if err != nil { + log.Fatal(err) } - result, err := _app.AcquireTokenByCredential(context.Background(), config.Scopes) + return &app +} + +func acquireTokenClientSecret() { + + result, err := _app1.AcquireTokenByCredential(context.Background(), _config1.Scopes) if err != nil { log.Fatal(err) } diff --git a/apps/tests/devapps/main.go b/apps/tests/devapps/main.go index dcbad8e4..59672fab 100644 --- a/apps/tests/devapps/main.go +++ b/apps/tests/devapps/main.go @@ -2,7 +2,6 @@ package main import ( "context" - "os" ) var ( @@ -13,30 +12,30 @@ var ( func main() { ctx := context.Background() - // TODO(msal): This is pretty yikes. At least we should use the flag package. - exampleType := os.Args[1] + // Choose a sammple to run. + exampleType := "5" + if exampleType == "1" { acquireTokenDeviceCode() /*} else if exampleType == "2" { acquireByAuthorizationCodePublic() */ } else if exampleType == "3" { + // This sample uses a serialized cache in an ecrypted file on Windows / KeyChain on Mac / KeyRing on Linux acquireByUsernamePasswordPublic(ctx) } else if exampleType == "4" { panic("currently not implemented") //acquireByAuthorizationCodeConfidential() } else if exampleType == "5" { // This sample does not use a serialized cache - it relies on in-memory cache by reusing the app object - // This works great for app tokens, because there is only 1 token per resource, per tenant and most - // developers only require 1-2 tokens. + // This works well for app tokens, because there is only 1 token per resource, per tenant. acquireTokenClientSecret() // this time the token comes from the cache! acquireTokenClientSecret() } else if exampleType == "6" { - // This samples uses a serialized cache in a file. This is for demonstration purposes only of the caching interface. - // Production confidential client apps use in-memory cache (see above sample) if they target a small number of tenants. - // Multi-tenant apps needing tokens for million of tokens should use a distributed cache like Redis. + // This sample does not use a serialized cache - it relies on in-memory cache by reusing the app object + // This works well for app tokens, because there is only 1 token per resource, per tenant. acquireTokenClientCertificate() // this time the token comes from the cache!