NAME

Azure::AD::DeviceLogin - Azure AD Device Login authentication flow

SYNOPSIS

  use Azure::AD::DeviceLogin;
  my $creds = Azure::AD::DeviceLogin->new(
    resource_id => 'https://management.core.windows.net/',
    message_handler => sub { say $_[0] },
    client_id => '',
    tenant_id => '',
  );
  say $creds->access_token;

DESCRIPTION

Implements the Azure AD Device Login flow. See Azure::AD::Auth for more information and alternative flows.

ATTRIBUTES

resource_id

The URL for which you want a token extended (the URL of the service which you want to obtain a token for).

https://graph.windows.net/ for using the MS Graph API

https://management.core.windows.net/ for using the Azure Management APIs

message_handler

Callback that receives the message for the user as it's first argument. This callback should transmit the message to the end user, who has to follow the instructions embedded in it.

tenant_id

The ID of the Azure Active Directory Tenant

client_id

The Client ID (also referred to as the Application ID) of an application

ad_url

This defaults to https://login.microsoftonline.com, and generally doesn't need to be specified. Azure AD has more endpoints for some clouds:

https://login.chinacloudapi.cn China Cloud

https://login.microsoftonline.us US Gov Cloud

https://login.microsoftonline.de German Cloud

METHODS

access_token

Returns the access token that has to be sent to the APIs you want to access. This is normally sent in the Authentication header of HTTPS requests as a Bearer token.

The call to access_token will start the Device Login flow, which involves transmitting a message to the user (see message_handler attribute). The user will have to visit a URL with a browser, insert the code in the message, authorize the application, and then the authentication will proceed. Meanwhile the call to access_code will be blocked, awaiting the user to complete the flow. Once the user completes the instructions the access_code will be returned.

The access_token is cached in the object as long as it's valid, so subsequent calls to access_token will return the appropriate token without reauthenticating to Azure AD. If the token has expired, access_token will call Azure AD to obtain a new token.

Example usage:

  my $auth = Azure::AD::DeviceLogin->new(...);

  use HTTP::Tiny;
  my $ua = HTTP::Tiny->new;
  my $response = $ua->get(
    'http://aservice.com/orders/list', 
    {
      headers => { Authorization => 'Bearer ' . $auth->access_token }
    }
  );

COPYRIGHT and LICENSE

This code is distributed under the Apache 2 License. The full text of the license can be found in the LICENSE file included with this module.

To install Azure::AD::Auth, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Azure::AD::Auth

CPAN shell

perl -MCPAN -e shell
install Azure::AD::Auth

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)