#active-directory #access-token #jwt #certificate #msal #azure #microsoft

msal-cert

A library for handling Microsoft Authentication Library (MSAL) certificates

1 unstable release

0.1.0 May 29, 2024

#701 in Authentication

MIT license

12KB
169 lines

msal-cert

msal-cert is a Rust library for handling Microsoft Authentication Library (MSAL) certificates. It provides functionality for generating JWT tokens signed with a certificate, and acquiring access tokens from Azure Active Directory using client credentials.

Table of Contents

Installation

Add the following to your Cargo.toml:

[dependencies]
msal-cert = "0.1.0"

Usage

Generating a JWT Token

You can generate a JWT token using your public and private keys.

use msal_cert::token::{Header, Payload};
use msal_cert::lib::acquire_token;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Your tenant ID and client ID
    let tenant_id = "your_tenant_id".to_string();
    let client_id = "your_client_id".to_string();
    let scope = "your_scope".to_string();

    // Load your private and public key PEM files
    let private_key_pem = include_bytes!("../keys/private_key.pem").to_vec(); // Update with path to your private key
    let public_key_pem = include_bytes!("../keys/public_key.pem").to_vec(); // Update with path to your public key

    // Acquire token
    let token_response = acquire_token(tenant_id, client_id, scope, &private_key_pem, &public_key_pem).await?;

    println!("Access Token: {}", token_response.access_token);

    Ok(())
}

Defining the Header and Payload

The Header and Payload structs are provided to facilitate JWT token creation:

use msal_cert::token::{Header, Payload};

// Initialize Header
let public_key_pem = include_bytes!("../keys/public_key.pem").to_vec();
let header = Header::new(&public_key_pem)?;

// Initialize Payload
let tenant_id = "your_tenant_id".to_string();
let client_id = "your_client_id".to_string();
let payload = Payload::new(tenant_id.clone(), client_id.clone());

Testing

Run tests using the following command:

cargo test

Note: Ensure that you have your key files in the correct paths specified in the test functions.

#[tokio::test]
#[ignore]
async fn test_acquire_token() -> Result<(), Box<dyn std::error::Error>> {
    let tenant_id = "your_tenant_id".to_string();
    let client_id = "your_client_id".to_string();
    let scope = "your_scope".to_string();
    let private_key_pem = include_bytes!("../keys/private_key.pem").to_vec();
    let public_key_pem = include_bytes!("../keys/public_key.pem").to_vec();

    let token_response = acquire_token(tenant_id, client_id, scope, &private_key_pem, &public_key_pem).await?;

    assert_eq!(token_response.token_type, "Bearer");
    assert!(token_response.expires_in > 0);
    assert!(token_response.access_token.len() > 0);
    Ok(())
}

License

This project is licensed under the MIT License. See the LICENSE file for more details.

Dependencies

~9–24MB
~372K SLoC