support b2c login paths (#11)

2019-04-30 05:24:29 +10:00 · 2019-04-30 05:24:29 +10:00 · be46fe2447
--- a/R/AzureToken.R
+++ b/R/AzureToken.R
@ -186,7 +186,9 @@ private=list(
    aad_endpoint=function(type)
    {
        uri <- httr::parse_url(self$aad_host)
-        uri$path <- file.path(self$tenant, "oauth2", type)
+        uri$path <- if(nchar(uri$path) == 0)
+            file.path(self$tenant, "oauth2", type)
+        else file.path(uri$path, type)
        httr::build_url(uri)
    }

@ -220,7 +222,9 @@ private=list(
    aad_endpoint=function(type)
    {
        uri <- httr::parse_url(self$aad_host)
-        uri$path <- file.path(self$tenant, "oauth2/v2.0", type)
+        uri$path <- if(nchar(uri$path) == 0)
+            file.path(self$tenant, "oauth2/v2.0", type)
+        else file.path(uri$path, type)
        httr::build_url(uri)
    }
 ))
--- a/R/token.R
+++ b/R/token.R
@ -9,7 +9,7 @@
 #' @param username Your AAD username, if using the resource owner grant. See 'Details' below.
 #' @param certificate A certificate to authenticate with.
 #' @param auth_type The authentication type. See 'Details' below.
-#' @param aad_host URL for your AAD host. For the public Azure cloud, this is `https://login.microsoftonline.com/`. Change this if you are using a government or private cloud.
+#' @param aad_host URL for your AAD host. For the public Azure cloud, this is `https://login.microsoftonline.com/`. Change this if you are using a government or private cloud. Can also be a full URL, eg `https://mydomain.b2clogin.com/mydomain/other/path/names/oauth2`.
 #' @param version The AAD version, either 1 or 2.
 #' @param authorize_args An optional list of further parameters for the AAD authorization endpoint. These will be included in the request URI as query parameters. Only used if `auth_type="authorization_code"`.
 #' @param token_args An optional list of further parameters for the token endpoint. These will be included in the body of the request.
@ -19,6 +19,8 @@
 #'
 #' The `resource` arg should be a single URL or GUID for AAD v1.0, and a vector of scopes for AAD v2.0. The latter consist of a URL or a GUID, along with a path that designates the scope. If a v2.0 scope doesn't have a path, `get_azure_token` will append the `/.default` path with a warning. A special scope is `offline_access`, which requests a refresh token from AAD along with the access token: without this scope, you will have to reauthenticate if you want to refresh the token.
 #'
+#' For B2C logins, the `aad_host` argument can be a full URL including the tenant and arbitrary path components, but excluding the specific endpoint.
+#'
 #' `token_hash` computes the MD5 hash of its arguments. This is used by AzureAuth to identify tokens for caching purposes.
 #'
 #' Note that tokens are only cached if you allowed AzureAuth to create a data directory at package startup.
--- a/man/get_azure_token.Rd
+++ b/man/get_azure_token.Rd
@ -52,7 +52,7 @@ is_azure_v2_token(object)

 \item{auth_type}{The authentication type. See 'Details' below.}

-\item{aad_host}{URL for your AAD host. For the public Azure cloud, this is \code{https://login.microsoftonline.com/}. Change this if you are using a government or private cloud.}
+\item{aad_host}{URL for your AAD host. For the public Azure cloud, this is \code{https://login.microsoftonline.com/}. Change this if you are using a government or private cloud. Can also be a full URL, eg \code{https://mydomain.b2clogin.com/mydomain/other/path/names/oauth2}.}

 \item{version}{The AAD version, either 1 or 2.}

@ -74,6 +74,8 @@ These functions extend the OAuth functionality in httr for use with Azure Active

 The \code{resource} arg should be a single URL or GUID for AAD v1.0, and a vector of scopes for AAD v2.0. The latter consist of a URL or a GUID, along with a path that designates the scope. If a v2.0 scope doesn't have a path, \code{get_azure_token} will append the \code{/.default} path with a warning. A special scope is \code{offline_access}, which requests a refresh token from AAD along with the access token: without this scope, you will have to reauthenticate if you want to refresh the token.

+For B2C logins, the \code{aad_host} argument can be a full URL including the tenant and arbitrary path components, but excluding the specific endpoint.
+
 \code{token_hash} computes the MD5 hash of its arguments. This is used by AzureAuth to identify tokens for caching purposes.

 Note that tokens are only cached if you allowed AzureAuth to create a data directory at package startup.
--- a/tests/testthat/test01_v1_token.R
+++ b/tests/testthat/test01_v1_token.R
@ -89,3 +89,12 @@ test_that("Providing optional args works",
        delete_azure_token(res, tenant, native_app, username=username, auth_type="authorization_code", confirm=FALSE))
 })

+
+test_that("Providing path in aad_host works",
+{
+    res <- "https://management.azure.com/.default"
+    aad_url <- file.path("https://login.microsoftonline.com", normalize_tenant(tenant), "oauth2")
+
+    tok <- get_azure_token(res, tenant, app, password=password, aad_host=aad_url)
+    expect_true(is_azure_token(tok))
+})
--- a/tests/testthat/test02_v2_token.R
+++ b/tests/testthat/test02_v2_token.R
@ -126,3 +126,13 @@ test_that("Dubious requests handled gracefully",
    expect_warning(tok <- get_azure_token(nopath, tenant, app, password=password, version=2))
    expect_equal(tok$scope, "https://management.azure.com/.default")
 })
+
+
+test_that("Providing path in aad_host works",
+{
+    res <- "https://management.azure.com/"
+    aad_url <- file.path("https://login.microsoftonline.com", normalize_tenant(tenant), "oauth2/v2.0")
+
+    tok <- get_azure_token(res, tenant, app, password=password, aad_host=aad_url, version=2)
+    expect_true(is_azure_token(tok))
+})