File Coverage

blib/lib/OAuth/Cmdline/MicrosoftOnline.pm

Criterion	Covered	Total	%
statement	15	22	68.1
branch			n/a
condition			n/a
subroutine	5	8	62.5
pod	0	3	0.0
total	20	33	60.6

line	stmt	sub	pod	time	code
1					###########################################
2					package OAuth::Cmdline::MicrosoftOnline;
3					###########################################
4	1	1		87826	use strict;
	1			9
	1			23
5	1	1		4	use warnings;
	1			1
	1			24
6	1	1		353	use MIME::Base64;
	1			486
	1			53
7	1	1		6	use base qw( OAuth::Cmdline );
	1			2
	1			344
8	1	1		10	use Moo;
	1			2
	1			14
9
10					our $VERSION = '0.07'; # VERSION
11					# ABSTRACT: Microsoft Online-specific settings for OAuth::Cmdline
12
13					has resource => (
14					is => "rw",
15					required => 1,
16					);
17
18					###########################################
19					sub site {
20					###########################################
21	0	0	0		return "microsoft-online";
22					}
23
24					1;
25
26					###########################################
27					sub tokens_get_additional_params {
28					###########################################
29	0	0	0		my( $self, $params ) = @_;
30
31	0				push(@$params, resource => $self->resource);
32
33	0				return $params;
34					}
35
36					###########################################
37					sub update_refresh_token {
38					###########################################
39	0	0	0		my( $self, $cache, $data ) = @_;
40
41					# MS Online returns a new refresh token with every access token.
42					# We need to use this new token each time otherwise in 14 days
43					# we have to re-authorise. By updating the refresh token, we
44					# get 90 days
45	0				$cache->{ refresh_token } = $data->{ refresh_token };
46
47	0				return ($cache, $data);
48					}
49
50					__END__
51
52					=pod
53
54					=encoding UTF-8
55
56					=head1 NAME
57
58					OAuth::Cmdline::MicrosoftOnline - Microsoft Online-specific settings for OAuth::Cmdline
59
60					=head1 VERSION
61
62					version 0.07
63
64					=head1 SYNOPSIS
65
66					my $oauth = OAuth::Cmdline::MicrosoftOnline->new(
67					resource => "https://graph.microsoft.com",
68					# ...
69					);
70					$oauth->access_token();
71
72					=head1 DESCRIPTION
73
74					This class overrides methods of C<OAuth::Cmdline> if Microsoft Online's Web API
75					requires it.
76
77					The parameter 'resource' is mandatory, and is poorly described at L<https://msdn.microsoft.com/en-us/library/azure/dn645542.aspx>. It tells the OAuth API what protected resource you are trying to access. For example, to access Azure Graph (to manage user accounts in Azure AD etc.), the correct resource URI is C<https://graph.microsoft.com>. A URI does not have to be a URL, but Microsoft choose to use URLs for their URIs, so if you are trying to access a different endpoint protected by the Microsoft Online OAuth system, then it will probably look like a URL.
78
79					To use this module with Azure AD:
80
81					=over
82
83					=item *
84					Make a copy of I<eg/microsoft-online-token-init> somewhere else. You will modify this file in the following steps.
85
86					=item *
87					Sign up for a free Azure account as though you were going to deploy some infrastructure. This creates a free Azure Active Directory in your Azure tenant.
88
89					=item *
90					In the Azure portal, go to B<Default Directory > App registrations>
91
92					=item *
93					Click B<New registration>. Set the B<Name> to whatever you like, and select B<Accounts in this organizational directory only (Default Directory only - Single tenant)>. Set the B<Redirect URI> to I<http://localhost:8082/callback>. Then click B<Register> at the bottom.
94
95					=item *
96					A new page showing the new application is shown. On the B<Overview> page that is showing, under B<Essentials>, you should see the B<Application (client) ID> (a UUID). Copy it and then paste it into microsoft-online-token-init in I<client_id>.
97
98					=item *
99					Still on the same page, click the B<Endpoints> button at the top. Copy the B<OAuth 2.0 authorization endpoint (v1)> into microsoft-online-token-init as I<login_uri>. Copy the B<OAuth 2.0 token endpoint (v1)> into microsoft-online-token-init as I<token_uri>.
100
101					=item *
102					Click B<Certificates & secrets> on the left, then B<New client secret>.
103
104					=item *
105					After naming and saving your secret, take the B<Value> and put it in microsoft-online-token-init as I<client_secret>.
106
107					=item *
108					Click B<API permissions> on the left, then B<Add a permission>. Click the B<Microsoft Graph> tile, then B<Delegated permissions>. Check the box B<Directory > Directory.Read.All> then B<Add permission> at the bottom.
109
110					=item *
111					The new permission is added to the list, but now you have to click B<Grant admin consent for Default Directory> and B<Yes>. Anyone who gets hold of this client secret can now read data in the directory. These are the permissions you need to run the example code in I<eg/microsoft-online-users>. You can revoke them later after testing.
112
113					=item *
114					Run microsoft-online-token-init in a terminal and then go to http://localhost:8082 in a local browser.
115
116					=item *
117					Follow the link. Sign into Microsoft with the same account used with Azure portal, and Accept the Permissions requested.
118
119					=back
120
121					Your web service will retrieve the tokens and store them. You can then use
122
123					$oauth->access_token()
124
125					to get an access token to carry out calls against the Azure Graph API as shown in eg/microsoft-online-users.
126
127					Example code is in the eg folder
128
129					=head1 AUTHOR
130
131					Mike Schilli <cpan@perlmeister.com>
132
133					=head1 COPYRIGHT AND LICENSE
134
135					This software is copyright (c) 2022 by Mike Schilli.
136
137					This is free software; you can redistribute it and/or modify it under
138					the same terms as the Perl 5 programming language system itself.
139
140					=cut