Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable passing in the raw bytes of a PKCS#12 bundle when constructing a client certificate authorizer #65

Merged
merged 1 commit into from
Jun 23, 2021
Merged

Enable passing in the raw bytes of a PKCS#12 bundle when constructing a client certificate authorizer #65

merged 1 commit into from
Jun 23, 2021

Conversation

manicminer
Copy link
Owner

@manicminer manicminer commented Jun 23, 2021
edited
Loading

  • Also, add a simple MSI authentication stub server for testing outside Azure

Example usage

// pfxData contains a PKCS#12 bundle (.pfx file contents)
auth, err := auth.NewClientCertificateAuthorizer(ctx, environments.Global, auth.MsGraph, auth.TokenVersion2, tenantId, clientId, pfxData, "", pfxPassword)

Suggestion: base64 encode the bundle for storage in CI systems

var pfxData []byte
if cert := os.Getenv("CLIENT_CERTIFICATE"); cert != "" {
	out := make([]byte, base64.StdEncoding.DecodedLen(len(cert)))
	n, err := base64.StdEncoding.Decode(out, []byte(cert))
	if err != nil {
		// handle err
	}
	pfxData = out[:n]
}

auth, err := auth.NewClientCertificateAuthorizer(ctx, environments.Global, auth.MsGraph, auth.TokenVersion2, tenantId, clientId, pfxData, "", pfxPassword)

Using NewAuthorizer()

config := &auth.Config{
	Environment:            environments.Global,
	Version:                auth.TokenVersion2,
	TenantID:               tenantId,
	ClientID:               clientId,
	ClientCertData:         pfxData,
	ClientCertPassword:     pfxPassword,
	ClientSecret:           clientSecret,
	EnableClientCertAuth:   true,
	EnableClientSecretAuth: true,
}

authorizer, err = config.NewAuthorizer(ctx, auth.MsGraph)
if err != nil {
	// handle err
}

@manicminer manicminer added enhancement New feature or request breaking change Indicates a non-backwards compatible change labels Jun 23, 2021
@manicminer manicminer added this to the v0.18.0 milestone Jun 23, 2021
@manicminer manicminer merged commit 4c9a37a into main Jun 23, 2021
@manicminer manicminer deleted the client-cert-inline branch June 23, 2021 14:39
@manicminer manicminer modified the milestones: v0.18.0, v0.19.0 Jun 23, 2021
manicminer added a commit that referenced this pull request Jun 23, 2021
@manicminer
Changelog for #65
4275555
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
breaking change Indicates a non-backwards compatible change enhancement New feature or request
Projects
None yet
Milestone
v0.19.0
Development

Successfully merging this pull request may close these issues.
1 participant
@manicminer