tweak device_code behaviour to be similar to auth_code

2019-01-14 00:47:19 +11:00 · 2019-01-14 00:47:19 +11:00 · 8e66f67d2a
--- a/R/AzureToken.R
+++ b/R/AzureToken.R
@ -89,6 +89,7 @@ private=list(
        req_params <- utils::modifyList(user_params, req_params)
        self$endpoint$access <- sub("devicecode$", "token", self$endpoint$access)

+        message("Waiting for device code in browser...\nPress Esc/Ctrl + C to abort")
        interval <- as.numeric(creds$interval)
        ntries <- as.numeric(creds$expires_in) %/% interval
        for(i in seq_len(ntries))
@ -102,8 +103,7 @@ private=list(
            cont <- httr::content(res)
            if(status == 400 && cont$error == "authorization_pending")
            {
-                msg <- sub("[\r\n].*", "", cont$error_description)
-                cat(msg, "\n")
+                # do nothing
            }
            else if(status >= 300)
                httr::stop_for_status(res)
@ -138,11 +138,11 @@ private=list(

 #' Generate an Azure OAuth token
 #'
-#' This extends the OAuth functionality in httr to allow for device code authentication.
+#' This extends the OAuth functionality in httr for use with Azure Active Directory (AAD).
 #'
 #' @param resource_host URL for your resource host. For Resource Manager in the public Azure cloud, this is `https://management.azure.com/`.
-#' @param tenant Your tenant ID.
-#' @param app The client/app ID to use to authenticate with Azure Active Directory (AAD).
+#' @param tenant Your tenant. This can be a name ("myaadtenant"), a fully qualified domain name ("myaadtenant.onmicrosoft.com" or "mycompanyname.com"), or a GUID.
+#' @param app The client/app ID to use to authenticate with.
 #' @param password The password, either for the app, or your username if supplied. See 'Details' below.
 #' @param username Your AAD username, if using the resource owner grant. See 'Details' below.
 #' @param auth_type The authentication type. See 'Details' below.
@ -155,7 +155,7 @@ private=list(
 #'
 #' - Using the authorization_code method is a 3-step process. First, `get_azure_token` contacts the AAD authorization endpoint to obtain a temporary access code. It then contacts the AAD access endpoint, passing it the code. The access endpoint sends back a login URL which `get_azure_token` opens in your browser, where you can enter your credentials. Once this is completed, the endpoint returns the OAuth token via a HTTP redirect URI.
 #'
-#' - The device_code method is similar in concept to authorization_code, but is meant for situations where you are unable to browse the Internet -- for example if you don't have a browser installed or your machine has input constraints. First, `get_azure_token` contacts the AAD devicecode endpoint, which responds with a login URL and an access code. You then visit the URL, possibly using a different machine, and enter the code. Meanwhile, `get_azure_token` polls the AAD access endpoint for a token, which is provided once you have successfully entered the code.
+#' - The device_code method is similar in concept to authorization_code, but is meant for situations where you are unable to browse the Internet -- for example if you don't have a browser installed or your computer has input constraints. First, `get_azure_token` contacts the AAD devicecode endpoint, which responds with a login URL and an access code. You then visit the URL and enter the code, possibly using a different computer. Meanwhile, `get_azure_token` polls the AAD access endpoint for a token, which is provided once you have successfully entered the code.
 #'
 #' - The client_credentials method is much simpler than the above methods, requiring only one step. `get_azure_token` contacts the access endpoint, passing it the app secret (which you supplied in the `password` argument). Assuming the secret is valid, the endpoint then returns the OAuth token.
 #'
--- a/R/az_auth.R
+++ b/R/az_auth.R
@ -14,7 +14,7 @@
 #' The best way to authenticate with ARM is probably via the [create_azure_login] and [get_azure_login] functions. With these, you only have to authenticate once, after which your credentials are saved and reused for subsequent sessions.
 #'
 #' To authenticate with the `az_rm` class directly, provide the following arguments to the `new` method:
-#' - `tenant`: Your tenant ID.
+#' - `tenant`: Your tenant ID. This can be a name ("myaadtenant"), a fully qualified domain name ("myaadtenant.onmicrosoft.com" or "mycompanyname.com"), or a GUID.
 #' - `app`: The client/app ID to use to authenticate with Azure Active Directory.
 #' - `password`: if `auth_type == "client_credentials"`, the app secret; if `auth_type == "resource_owner"`, your account password.
 #' - `username`: if `auth_type == "resource_owner"`, your username.
--- a/R/az_login.R
+++ b/R/az_login.R
@ -166,11 +166,12 @@ normalize_tenant <- function(tenant)
        grepl("^\\([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\\)$", x)
    }

-    # check if supplied a guid; if not, check if a fqdn; if not, append '.onmicrosoft.com'
+    # check if supplied a guid; if not, check if a fqdn;
+    # if not, check if 'common'; if not, append '.onmicrosoft.com'
    if(is_guid(tenant))
        return(tenant)

-    if(!grepl("\\.", tenant))
+    if(!grepl("\\.", tenant) && tenant != "common")
        tenant <- paste(tenant, "onmicrosoft.com", sep=".")
    tenant
 }
--- a/man/az_rm.Rd
+++ b/man/az_rm.Rd
@ -26,7 +26,7 @@ The best way to authenticate with ARM is probably via the \link{create_azure_log

 To authenticate with the \code{az_rm} class directly, provide the following arguments to the \code{new} method:
 \itemize{
-\item \code{tenant}: Your tenant ID.
+\item \code{tenant}: Your tenant ID. This can be a name ("myaadtenant"), a fully qualified domain name ("myaadtenant.onmicrosoft.com" or "mycompanyname.com"), or a GUID.
 \item \code{app}: The client/app ID to use to authenticate with Azure Active Directory.
 \item \code{password}: if \code{auth_type == "client_credentials"}, the app secret; if \code{auth_type == "resource_owner"}, your account password.
 \item \code{username}: if \code{auth_type == "resource_owner"}, your username.
--- a/man/get_azure_token.Rd
+++ b/man/get_azure_token.Rd
@ -11,9 +11,9 @@ get_azure_token(resource_host, tenant, app, password = NULL,
 \arguments{
 \item{resource_host}{URL for your resource host. For Resource Manager in the public Azure cloud, this is \code{https://management.azure.com/}.}

-\item{tenant}{Your tenant ID.}
+\item{tenant}{Your tenant. This can be a name ("myaadtenant"), a fully qualified domain name ("myaadtenant.onmicrosoft.com" or "mycompanyname.com"), or a GUID.}

-\item{app}{The client/app ID to use to authenticate with Azure Active Directory (AAD).}
+\item{app}{The client/app ID to use to authenticate with.}

 \item{password}{The password, either for the app, or your username if supplied. See 'Details' below.}

@ -24,7 +24,7 @@ get_azure_token(resource_host, tenant, app, password = NULL,
 \item{aad_host}{URL for your AAD host. For the public Azure cloud, this is \code{https://login.microsoftonline.com/}.}
 }
 \description{
-This extends the OAuth functionality in httr to allow for device code authentication.
+This extends the OAuth functionality in httr for use with Azure Active Directory (AAD).
 }
 \details{
 This function does much the same thing as \code{\link[httr:oauth2.0_token]{httr::oauth2.0_token()}}, but customised for Azure.
@ -32,7 +32,7 @@ This function does much the same thing as \code{\link[httr:oauth2.0_token]{httr:
 The OAuth authentication type can be one of four possible values: "authorization_code", "client_credentials", "device_code", or "resource_owner". The first two are provided by the \link[httr:Token2.0]{httr::Token2.0} token class, while the last two are provided by the AzureToken class which extends httr::Token2.0. Here is a short description of these methods.
 \itemize{
 \item Using the authorization_code method is a 3-step process. First, \code{get_azure_token} contacts the AAD authorization endpoint to obtain a temporary access code. It then contacts the AAD access endpoint, passing it the code. The access endpoint sends back a login URL which \code{get_azure_token} opens in your browser, where you can enter your credentials. Once this is completed, the endpoint returns the OAuth token via a HTTP redirect URI.
-\item The device_code method is similar in concept to authorization_code, but is meant for situations where you are unable to browse the Internet -- for example if you don't have a browser installed or your machine has input constraints. First, \code{get_azure_token} contacts the AAD devicecode endpoint, which responds with a login URL and an access code. You then visit the URL, possibly using a different machine, and enter the code. Meanwhile, \code{get_azure_token} polls the AAD access endpoint for a token, which is provided once you have successfully entered the code.
+\item The device_code method is similar in concept to authorization_code, but is meant for situations where you are unable to browse the Internet -- for example if you don't have a browser installed or your computer has input constraints. First, \code{get_azure_token} contacts the AAD devicecode endpoint, which responds with a login URL and an access code. You then visit the URL and enter the code, possibly using a different computer. Meanwhile, \code{get_azure_token} polls the AAD access endpoint for a token, which is provided once you have successfully entered the code.
 \item The client_credentials method is much simpler than the above methods, requiring only one step. \code{get_azure_token} contacts the access endpoint, passing it the app secret (which you supplied in the \code{password} argument). Assuming the secret is valid, the endpoint then returns the OAuth token.
 \item The resource_owner method also requires only one step. In this method, \code{get_azure_token} passes your (personal) username and password to the AAD access endpoint, which validates your credentials and returns the token.
 }