MSAL
The purpose of this project is to implement MSAL for Rust, based on the specifications found in the Microsoft API Reference for ClientApplication Class and PublicClientApplication Class. These are Python references which will be mimicked in Rust here.
NOTE: Implementing the ConfidentialClientApplication Class is not currently a target for this project. If you are interested in volunteering to implement the ConfidentialClientApplication Class, please contact the maintainer.
In addition to the ClientApplication Class implementations, a goal of this project will also be to implement [MS-OAPXBC] sections 3.1.5.1.2 Request for Primary Refresh Token and 3.1.5.1.3 Exchange Primary Refresh Token for Access Token. These are not implemented in Microsoft's MSAL libraries, but are possible when authenticating from an enrolled device.
How do I use this library?
Import the module into your project, then include the PublicClientApplication:
use PublicClientApplication;
Create an instance of the PublicClientApplication, then authenticate:
let authority_host = "login.microsoftonline.com";
let app = new;
let scope = vec!;
let token = app.acquire_token_by_username_password.await?;
You can obtain your client_id and tenant_id from the Azure portal.
You can perform a silent auth using a previously obtained refresh token:
let token = app.acquire_token_silent.await?;
Or finally, you can perform a Device Authorization Grant:
let flow = app.initiate_device_flow.await?;
// Prompt the user with the message found in flow.message
let token = app.acquire_token_by_device_flow.await?;
If msal is built with the prt feature, you can enroll the device, then request a PRT:
use register_device;
let token = app.acquire_token_for_device_enrollment.await?;
let = register_device.await?;
let prt = app.acquire_user_prt_by_username_password.await?;
The tpm parameters come from Kanidm's hsm_crypto crate. See the Kanidm hsm_crypto documentation for an understanding of how to use the tpm code.