### Azure Authentication Scenarios Vignette Setup in R Source: https://github.com/azure/azureauth/blob/master/NEWS.md This documentation entry refers to a vignette that outlines app registration settings and `get_azure_token` arguments for common authentication scenarios. It guides users through setting up applications and configuring token acquisition for various use cases. ```r # To view the vignette: # browseVignettes("AzureAuth") # Look for the vignette titled 'Common authentication scenarios'. ``` -------------------------------- ### Utility Functions for GUID and Tenant Normalization in R Source: https://github.com/azure/azureauth/blob/master/NEWS.md Utilize helper functions like `is_guid`, `normalize_guid`, and `normalize_tenant` for validating and normalizing GUIDs and tenant identifiers. These functions can accept vector arguments for batch processing. ```r library(AzureAuth) # Check if a string is a GUID is_guid("123e4567-e89b-12d3-a456-426614174000") # Normalize a GUID normalize_guid("123e4567e89b12d3a456426614174000") # Normalize a tenant identifier normalize_tenant("common") normalize_tenant("organizations") ``` -------------------------------- ### Authenticate with Azure using resource_owner in R Source: https://github.com/azure/azureauth/blob/master/README.md Provides an example for obtaining an Azure AD token using the `resource_owner` grant type, which involves passing the user's username and password directly to the AAD access endpoint. This method requires careful handling of credentials. ```R # obtain a token using resource_owner ``` -------------------------------- ### Get Azure Token with Different Authentication Methods in R Source: https://github.com/azure/azureauth/blob/master/NEWS.md Acquire Azure tokens using the `get_azure_token` function, which supports various authentication methods. The function can automatically detect the authentication method or be explicitly guided by the `auth_type` argument. It also allows specifying token caching behavior. ```r library(AzureAuth) # Get Azure token (authentication method is auto-detected) token_auto <- get_azure_token(resource = "https://graph.microsoft.com/") # Get Azure token with explicit authentication type (e.g., device flow) token_device <- get_azure_token(resource = "https://graph.microsoft.com/", auth_type = "device_code") # Get Azure token and skip caching token_no_cache <- get_azure_token(resource = "https://graph.microsoft.com/", use_cache = FALSE) # Get Azure token for specific tenants token_org <- get_azure_token(resource = "https://graph.microsoft.com/", tenant = "organizations") token_consumer <- get_azure_token(resource = "https://graph.microsoft.com/", tenant = "consumers") ``` -------------------------------- ### Get Azure OAuth Token with Various Methods (R) Source: https://context7.com/azure/azureauth/llms.txt Obtains an OAuth 2.0 access token from Azure Active Directory using different authentication flows. Supports automatic token caching and refresh. Requires the AzureAuth package. ```r library(AzureAuth) # Interactive authentication with authorization code flow # Opens browser for login, requires httpuv package token <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef" ) # Device code flow for browserless environments # Displays code to enter on another device token_device <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", auth_type = "device_code" ) # Client credentials with secret (for service accounts) token_service <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", password = "my-client-secret", auth_type = "client_credentials" ) # Resource owner grant with username and password token_user <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", username = "user@mycompany.com", password = "my-password", auth_type = "resource_owner" ) # AAD v2.0 with multiple scopes and refresh token token_v2 <- get_azure_token( resource = c( "https://management.azure.com/.default", "offline_access" ), tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", version = 2 ) # Microsoft Graph with multiple permissions (AAD v2.0) graph_token <- get_azure_token( resource = c( "https://graph.microsoft.com/User.Read.All", "https://graph.microsoft.com/Directory.ReadWrite.All", "offline_access" ), tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", version = 2 ) # Access the token credentials access_token <- token$credentials$access_token ``` -------------------------------- ### HTTP Request Integration with Azure Tokens (R) Source: https://context7.com/azure/azureauth/llms.txt Demonstrates how to use Azure authentication tokens to make authenticated HTTP requests to Azure services using the httr package. This includes building authorization headers and making GET and POST requests to Azure Resource Manager and Microsoft Graph API. ```r library(AzureAuth) library(httr) # Get token token <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef" ) # Build Authorization header auth_header <- add_headers( Authorization = paste("Bearer", token$credentials$access_token) ) # Make authenticated GET request response <- GET( url = "https://management.azure.com/subscriptions?api-version=2021-04-01", auth_header, content_type_json() ) # Parse response content <- content(response, "parsed") print(content) # POST request with authentication post_response <- POST( url = "https://management.azure.com/subscriptions/sub-id/resourceGroups/my-rg/providers/Microsoft.Resources/deployments/my-deployment?api-version=2021-04-01", auth_header, body = list( properties = list( mode = "Incremental", template = list() ) ), encode = "json" ) # Microsoft Graph API example graph_token <- get_azure_token( resource = "https://graph.microsoft.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef" ) graph_header <- add_headers( Authorization = paste("Bearer", graph_token$credentials$access_token) ) users <- GET( url = "https://graph.microsoft.com/v1.0/users", graph_header ) user_data <- content(users, "parsed") print(user_data$value) ``` -------------------------------- ### Decode JWT Tokens with AzureAuth Source: https://context7.com/azure/azureauth/llms.txt Provides examples of extracting and decoding JSON Web Tokens (JWTs) obtained via the AzureAuth R package. This allows inspection of token claims such as audience, expiration, issuer, and roles, which is crucial for understanding token content and validating security assertions. ```r library(AzureAuth) # Get token token <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef" ) # Extract raw JWT string access_jwt <- extract_jwt(token, "access") print(access_jwt) # Decode access token to view claims decoded_access <- decode_jwt(token, "access") print(decoded_access$header) print(decoded_access$payload$aud) # Audience print(decoded_access$payload$exp) # Expiration print(decoded_access$payload$iss) # Issuer print(decoded_access$payload$roles) # Roles # Get token with ID token id_token <- get_azure_token( resource = c("openid", "offline_access"), tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", version = 2 ) # Decode ID token decoded_id <- decode_jwt(id_token, "id") print(decoded_id$payload$name) print(decoded_id$payload$email) print(decoded_id$payload$oid) # Object ID # Decode JWT string directly jwt_string <- "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuYXp1cmUuY29tLyIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LyIsImlhdCI6MTYxNjE2MTYxNiwiZXhwIjoxNjE2MTY1NTE2fQ.signature" decoded_string <- decode_jwt(jwt_string) print(decoded_string$payload) ``` -------------------------------- ### Get Azure OAuth Token Source: https://context7.com/azure/azureauth/llms.txt Obtains an OAuth 2.0 access token from Azure Active Directory using various authentication methods. Supports automatic token caching and refresh capabilities. ```APIDOC ## GET /azure/oauth/token ### Description Obtains an OAuth 2.0 access token from Azure Active Directory using various authentication methods, with automatic token caching and refresh capabilities. ### Method GET ### Endpoint /azure/oauth/token ### Parameters #### Query Parameters - **resource** (string or array of strings) - Required - The Azure resource for which to request a token (e.g., "https://management.azure.com/"). - **tenant** (string) - Required - The Azure AD tenant ID or domain name. - **app** (string) - Required - The Azure AD application (client) ID. - **auth_type** (string) - Optional - The authentication flow to use (e.g., "authorization_code", "device_code", "client_credentials", "resource_owner"). Defaults to "authorization_code". - **password** (string) - Optional - The client secret or password for client credentials or resource owner flows. - **username** (string) - Optional - The username for the resource owner flow. - **certificate** (string or object) - Optional - Path to a certificate file (PEM or PFX) or a certificate assertion object for certificate-based authentication. - **version** (integer) - Optional - The AAD authentication protocol version (1 or 2). Defaults to 1. ### Request Example ```r library(AzureAuth) token <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", auth_type = "client_credentials", password = "my-client-secret" ) ``` ### Response #### Success Response (200) - **credentials** (object) - Contains the authentication tokens and expiry information. - **access_token** (string) - The OAuth 2.0 access token. - **refresh_token** (string) - The refresh token (if applicable). - **expires_on** (string) - The expiration time of the access token. #### Response Example ```json { "credentials": { "access_token": "ey...".", "refresh_token": "eyJ...".", "expires_on": "2023-10-27T10:00:00Z" } } ``` ``` -------------------------------- ### Azure Token Refresh and Resource Switching with AzureAuth Source: https://context7.com/azure/azureauth/llms.txt Illustrates how to refresh expired Azure AD tokens and use refresh tokens to acquire access for different resources. This is particularly useful when an application needs to interact with multiple Azure services. The examples cover both Azure AD v1.0 and v2.0 endpoints. ```r library(AzureAuth) # Get initial token with refresh capability token <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef" ) # Refresh the token when it expires token$refresh() # Use refresh token to get access to different resource (AAD v1.0) # Clone token to keep original token_graph <- token$clone() token_graph$resource <- "https://graph.microsoft.com/" token_graph$refresh() # Both tokens now valid for different resources arm_access <- token$credentials$access_token graph_access <- token_graph$credentials$access_token # Same pattern for AAD v2.0 token_v2 <- get_azure_token( resource = c("https://management.azure.com/.default", "offline_access"), tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", version = 2 ) # Switch to different resource token_storage <- token_v2$clone() token_storage$scope <- c("https://storage.azure.com/.default", "offline_access") token_storage$refresh() # Verify token details print(token_v2$resource) print(token_storage$scope) ``` -------------------------------- ### Azure B2C and Custom AAD Host Authentication (R) Source: https://context7.com/azure/azureauth/llms.txt Authenticate with Azure AD B2C or custom Azure Active Directory hosts using `get_azure_token`. This includes examples for B2C with a custom host, government clouds, China cloud, and generic tenant usage ('common', 'organizations', 'consumers'). ```r library(AzureAuth) # Azure AD B2C authentication with custom host b2c_token <- get_azure_token( resource = "https://mydomain.com", tenant = "mytenant", app = "1234abcd-5678-ef90-1234-567890abcdef", password = "client-secret", aad_host = "https://mytenant.b2clogin.com/tfp/mytenant.onmicrosoft.com/B2C_1_signupsignin/oauth2", auth_type = "client_credentials" ) # Government cloud authentication gov_token <- get_azure_token( resource = "https://management.usgovcloudapi.net/", tenant = "mygovtenant.onmicrosoft.us", app = "1234abcd-5678-ef90-1234-567890abcdef", aad_host = "https://login.microsoftonline.us/" ) # China cloud authentication china_token <- get_azure_token( resource = "https://management.chinacloudapi.cn/", tenant = "mychinatenant.partner.onmschina.cn", app = "1234abcd-5678-ef90-1234-567890abcdef", aad_host = "https://login.chinacloudapi.cn/" ) # Generic tenant usage # "common" - allows both personal and work accounts common_token <- get_azure_token( resource = "https://management.azure.com/", tenant = "common", app = "1234abcd-5678-ef90-1234-567890abcdef" ) # "organizations" - allows only work/school accounts org_token <- get_azure_token( resource = "https://management.azure.com/", tenant = "organizations", app = "1234abcd-5678-ef90-1234-567890abcdef" ) # "consumers" - allows only personal Microsoft accounts consumer_token <- get_azure_token( resource = "https://management.azure.com/", tenant = "consumers", app = "1234abcd-5678-ef90-1234-567890abcdef" ) ``` -------------------------------- ### Get Managed Identity Token in R Source: https://github.com/azure/azureauth/blob/master/NEWS.md Obtain a token for a managed identity using the `get_managed_token` function. This function is designed to work within Azure VMs, services, or containers where an identity has been assigned. It can also be used to obtain tokens with a user-defined identity. ```r library(AzureAuth) # Obtain a token for a managed identity token <- get_managed_token() # Obtain a token with a user-defined identity token_user <- get_managed_token(identity = "my-user-identity") ``` -------------------------------- ### OpenID Connect and ID Tokens in R Source: https://context7.com/azure/azureauth/llms.txt This section details how to obtain OpenID Connect (OIDC) ID tokens alongside access tokens using the AzureAuth R package. It covers both AAD v1.0 and v2.0 endpoints, explaining how to extract and decode JWT tokens for identity verification. The examples show retrieving ID tokens exclusively or in combination with access tokens for specific resources. ```r library(AzureAuth) # Get ID token with AAD v1.0 (also returns access token) # Must set use_cache=FALSE to avoid stale tokens id_token_v1 <- get_azure_token( resource = "", # blank resource for ID token only tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", use_cache = FALSE ) # Extract and decode the ID token id_jwt_v1 <- extract_jwt(id_token_v1, "id") decoded_v1 <- decode_jwt(id_token_v1, "id") print(decoded_v1$payload$name) print(decoded_v1$payload$email) # Get ID token with AAD v2.0 (recommended method) # Include "openid" scope, optionally "offline_access" for refresh id_token_v2 <- get_azure_token( resource = c("openid", "offline_access"), tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", version = 2 ) # Extract and decode ID token id_jwt_v2 <- extract_jwt(id_token_v2, "id") decoded_v2 <- decode_jwt(id_token_v2, "id") print(decoded_v2$payload) # Get both access and ID tokens for a resource combined_token <- get_azure_token( resource = c( "https://management.azure.com/.default", "openid", "offline_access" ), tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", version = 2 ) # Access both tokens access_jwt <- extract_jwt(combined_token, "access") id_jwt <- extract_jwt(combined_token, "id") ``` -------------------------------- ### Get Managed Identity Tokens in R Source: https://context7.com/azure/azureauth/llms.txt Retrieves Azure AD access tokens using managed identities. This function is designed to run within an Azure VM, container, or service. It supports system-assigned, user-assigned (by client ID, object ID, or resource ID) managed identities. The obtained access token can then be extracted for use in HTTP requests. ```r library(AzureAuth) # Must run from within Azure VM, container, or service token_managed <- get_managed_token( resource = "https://management.azure.com/" ) # Get token with user-assigned managed identity by client ID token_user_mi <- get_managed_token( resource = "https://management.azure.com/", token_args = list( client_id = "1234abcd-5678-ef90-1234-567890abcdef" ) ) # Get token with user-assigned identity by object ID token_obj_mi <- get_managed_token( resource = "https://management.azure.com/", token_args = list( object_id = "abcd1234-5678-ef90-1234-567890abcdef" ) ) # Get token with user-assigned identity by resource ID token_res_mi <- get_managed_token( resource = "https://management.azure.com/", token_args = list( mi_res_id = "/subscriptions/sub-id/resourceGroups/my-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/my-identity" ) ) # Access the token for HTTP requests access_token <- token_managed$credentials$access_token ``` -------------------------------- ### Web and Shiny App Authentication Flows with AzureAuth Source: https://context7.com/azure/azureauth/llms.txt Demonstrates how to implement authentication flows for web applications and Shiny apps using the AzureAuth R package. It covers building authorization URIs for redirect-based flows and handling device code grants for custom user interfaces, separating the authorization and token acquisition steps. ```r library(AzureAuth) library(shiny) # Build authorization URI for redirect auth_uri <- build_authorization_uri( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", redirect_uri = "http://localhost:8100" ) # Use in Shiny app UI # The auth_uri would be set as a link or redirect # After user logs in and returns with auth code # Extract code from query parameters and get token token <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", auth_code = "code-from-redirect-query-param", auth_type = "authorization_code" ) # Device code flow separated for custom UI device_creds <- get_device_creds( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef" ) # Display to user in custom interface cat(device_creds$message) cat("\nVerification URI:", device_creds$verification_uri) cat("\nUser code:", device_creds$user_code) cat("\nExpires in:", device_creds$expires_in, "seconds") # After user enters code, acquire token with creds token_device <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", auth_type = "device_code", device_creds = device_creds ) ``` -------------------------------- ### Integrate Azure Authentication in Shiny Web Apps using R Source: https://github.com/azure/azureauth/blob/master/NEWS.md Initiate the Azure authorization process from within a Shiny web app using `build_authorization_uri` and `get_device_creds`. The `get_azure_token` function accepts `auth_code` and `device_creds` arguments for passing authorization details obtained separately. ```r library(AzureAuth) # Within a Shiny app, you might build the authorization URI auth_uri <- build_authorization_uri(resource = "https://graph.microsoft.com/") # Get device credentials separately (e.g., user enters code) # device_credentials <- get_device_creds(resource = "https://graph.microsoft.com/") # Then use these to get the token # token <- get_azure_token(resource = "https://graph.microsoft.com/", # auth_code = "your_auth_code", # device_creds = device_credentials) # See the 'Authenticating from Shiny' vignette for a skeleton example app. ``` -------------------------------- ### Authenticate with Azure using device_code in R Source: https://github.com/azure/azureauth/blob/master/README.md Shows how to obtain an Azure AD token using the `device_code` flow, suitable for environments without a browser. The user is provided with a URL and a code to authenticate on another device. The function polls for the token. ```R # obtain a token using device_code # no user credentials needed get_azure_token("myresource", "mytenant", "app_id", auth_type="device_code") ``` -------------------------------- ### Manage Azure Tokens: Hash, Load, Delete, and Clean Source: https://context7.com/azure/azureauth/llms.txt Demonstrates how to manage Azure AD tokens using the AzureAuth R package. This includes computing token hashes for efficient management, loading tokens by hash, deleting specific tokens by credentials or hash, and cleaning the entire token cache directory. Ensure to handle sensitive information and confirm deletions. ```r library(AzureAuth) # Compute token hash without creating token hash <- token_hash( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef" ) print(hash) # Load token by hash loaded_token <- load_azure_token(hash) # Delete specific token by credentials delete_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", confirm = FALSE ) # Delete token by hash delete_azure_token(hash = "7ea491716e5b10a77a673106f3f53bfd", confirm = FALSE) # Clean entire token cache directory clean_token_directory(confirm = FALSE) ``` -------------------------------- ### Authenticate with Azure using client_credentials in R Source: https://github.com/azure/azureauth/blob/master/README.md Demonstrates obtaining an Azure AD token using the `client_credentials` grant type. This method uses a client secret or a certificate for authentication. The secret is passed via the `password` argument, and certificates can be provided as file paths or Key Vault objects. ```R # obtain a token using client_credentials # supply credentials in password arg get_azure_token("myresource", "mytenant", "app_id", password="client_secret", auth_type="client_credentials") # can also supply a client certificate as a PEM/PFX file... get_azure_token("myresource", "mytenant", "app_id", certificate="mycert.pem", auth_type="client_credentials") # ... or as an object in Azure Key Vault cert <- AzureKeyVault::key_vault("myvault")$certificates$get("mycert") get_azure_token("myresource", "mytenant", "app_id", certificate=cert, auth_type="client_credentials") ``` -------------------------------- ### Authenticate with Azure using authorization_code in R Source: https://github.com/azure/azureauth/blob/master/README.md Illustrates obtaining an Azure AD token via the `authorization_code` grant type. This method involves a browser-based login flow and requires the `httpuv` package to listen for redirects. No user credentials are directly supplied in the code. ```R # obtain a token using authorization_code # no user credentials needed get_azure_token("myresource", "mytenant", "app_id", auth_type="authorization_code") ``` -------------------------------- ### Authenticate with Username and Password Source: https://github.com/azure/azureauth/blob/master/README.md This function authenticates to Azure using the resource owner flow with provided username and password. It requires the resource, tenant, client ID, username, password, and authentication type as arguments. ```r # supply credentials in username and password args get_azure_token("myresource", "mytenant", "app_id", username="myusername", password="mypassword", auth_type="resource_owner") ``` -------------------------------- ### Certificate Authentication for Azure Tokens (R) Source: https://context7.com/azure/azureauth/llms.txt Authenticates to Azure services using SSL/TLS certificates, enhancing security for service accounts. Supports PEM, PFX, and custom assertions. Requires AzureAuth package; AzureKeyVault for Key Vault integration. ```r library(AzureAuth) # Authenticate with PEM certificate file token_cert <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", certificate = "mycert.pem", auth_type = "client_credentials" ) # Authenticate with PFX certificate file token_pfx <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", certificate = "mycert.pfx", auth_type = "client_credentials" ) # Custom certificate assertion with 2-hour validity token_custom <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", certificate = cert_assertion( certificate = "mycert.pem", duration = 2 * 3600, signature_size = 256 ), auth_type = "client_credentials" ) # Using certificate from Azure Key Vault # Requires AzureKeyVault package vault <- AzureKeyVault::key_vault("myvault") cert <- vault$certificates$get("mycert") token_kv <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", certificate = cert, auth_type = "client_credentials" ) ``` -------------------------------- ### Obtain Azure Token using get_azure_token in R Source: https://github.com/azure/azureauth/blob/master/README.md Demonstrates the primary function `get_azure_token` to acquire an OAuth token from Azure Active Directory. The token is cached for future use. This function requires specifying the resource, tenant, and application ID. Dependencies include the AzureAuth package itself. ```R library(AzureAuth) token <- get_azure_token(resource="myresource", tenant="mytenant", app="app_id", ...) ``` -------------------------------- ### On-Behalf-Of Authentication for Multiple Tokens Source: https://github.com/azure/azureauth/blob/master/README.md The on_behalf_of method allows an application to obtain tokens for multiple resources by passing a pre-obtained token. This is useful for intermediate applications that need to authenticate users for various resources after a single user login. ```r # obtaining multiple tokens: authenticate (interactively) once... tok0 <- get_azure_token("serviceapp_id", "mytenant", "clientapp_id", auth_type="authorization_code") # ...then get tokens for each resource with on_behalf_of tok1 <- get_azure_token("resource1", "mytenant," "serviceapp_id", password="serviceapp_secret", auth_type="on_behalf_of", on_behalf_of=tok0) tok2 <- get_azure_token("resource2", "mytenant," "serviceapp_id", password="serviceapp_secret", auth_type="on_behalf_of", on_behalf_of=tok0) ``` -------------------------------- ### Manage Azure Token Cache Directory in R Source: https://github.com/azure/azureauth/blob/master/NEWS.md Control the token caching directory using environment variables or explicit function calls. The `R_AZURE_DATA_DIR` environment variable can specify the location, and `create_AzureR_dir` can manually create this directory, useful for non-interactive sessions. ```r library(AzureAuth) # Set the cache directory using an environment variable (example) # Sys.setenv(R_AZURE_DATA_DIR = "/path/to/your/cache") # Manually create the directory # create_AzureR_dir() # Clean the token directory (deletes all files within) # clean_token_directory() ``` -------------------------------- ### Token Cache Management in R with AzureAuth Source: https://context7.com/azure/azureauth/llms.txt This snippet illustrates how to manage OAuth tokens cached on disk using the AzureAuth R package. It covers locating the cache directory, manually creating it, listing all cached tokens, retrieving tokens (which utilizes the cache by default), and forcing a fresh token retrieval by bypassing the cache. ```r library(AzureAuth) # Get location of token cache directory cache_dir <- AzureR_dir() print(cache_dir) # Create cache directory manually (useful in non-interactive sessions) create_AzureR_dir() # List all cached tokens all_tokens <- list_azure_tokens() print(names(all_tokens)) # Shows MD5 hashes print(length(all_tokens)) # Get token (uses cache if available) token <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef" ) # Force new token, bypass cache token_fresh <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", use_cache = FALSE ) ``` -------------------------------- ### Azure Authentication with Custom Redirect URI (R) Source: https://context7.com/azure/azureauth/llms.txt Obtain an Azure access token for web applications using a custom redirect URI. This requires specifying the resource, tenant, application ID, and authorization arguments, including the redirect URI and authentication type. ```r token_webapp <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", authorize_args = list(redirect_uri = "http://localhost:8000"), auth_type = "authorization_code" ) ``` -------------------------------- ### Handle Token Caching in Shiny Apps with R Source: https://github.com/azure/azureauth/blob/master/NEWS.md Manage token caching behavior within Shiny applications. By default, caching is disabled when running inside Shiny to avoid issues. Functions like `create_AzureR_dir` can be used for manual cache directory creation. ```r library(AzureAuth) # In a Shiny app, caching is often disabled by default: # token <- get_azure_token(resource = "https://graph.microsoft.com/") # Caching disabled # Manually create the caching directory if needed # create_AzureR_dir() # Example of cleaning the token directory # clean_token_directory() ``` -------------------------------- ### On-Behalf-Of Authentication Flow in R Source: https://context7.com/azure/azureauth/llms.txt Demonstrates the on-behalf-of authentication flow using the AzureAuth R package. This pattern allows a service to obtain tokens for other services by impersonating a user or another service. It involves an initial interactive authentication followed by subsequent token requests for different resources without re-authentication, suitable for multi-service applications. ```r library(AzureAuth) # Step 1: Authenticate once interactively initial_token <- get_azure_token( resource = "1234abcd-5678-ef90-1234-567890abcdef", # service app ID tenant = "mycompany.onmicrosoft.com", app = "abcd1234-5678-ef90-1234-567890abcdef", # client app ID auth_type = "authorization_code" ) # Step 2: Get token for Azure Resource Manager using on-behalf-of arm_token <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", # service app ID password = "service-app-secret", auth_type = "on_behalf_of", on_behalf_of = initial_token ) # Step 3: Get token for Microsoft Graph using same initial token graph_token <- get_azure_token( resource = "https://graph.microsoft.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", # service app ID password = "service-app-secret", auth_type = "on_behalf_of", on_behalf_of = initial_token ) # All subsequent tokens derived without user re-authentication storage_token <- get_azure_token( resource = "https://storage.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", password = "service-app-secret", auth_type = "on_behalf_of", on_behalf_of = initial_token ) ``` -------------------------------- ### JWT Token Handling in R Source: https://github.com/azure/azureauth/blob/master/NEWS.md Decode and extract JSON Web Tokens (JWT) using generic functions `decode_jwt` and `extract_jwt`. These functions support various input types, including character strings and AzureToken objects. ```r library(AzureAuth) # Assuming you have a JWT as a string jwt_string <- "eyJ..." # Decode the JWT decoded_token <- decode_jwt(jwt_string) # Extract the JWT from an object # extracted_jwt <- extract_jwt(azure_token_object) ``` -------------------------------- ### Load Azure Token from Cache in R Source: https://github.com/azure/azureauth/blob/master/NEWS.md Retrieve a previously cached Azure token using its hash value with the `load_azure_token` function. This is useful for restoring authentication state without re-authenticating. ```r library(AzureAuth) # Assuming you have a token hash token_hash <- "your_token_hash_here" # Load the token from the cache loaded_token <- load_azure_token(hash = token_hash) ``` -------------------------------- ### Certificate Authentication Source: https://context7.com/azure/azureauth/llms.txt Authenticates using SSL/TLS certificates instead of client secrets, providing enhanced security for service accounts. ```APIDOC ## POST /azure/certificate/authenticate ### Description Authenticates using SSL/TLS certificates instead of client secrets, providing enhanced security for service accounts. ### Method POST ### Endpoint /azure/certificate/authenticate ### Parameters #### Request Body - **resource** (string or array of strings) - Required - The Azure resource for which to request a token. - **tenant** (string) - Required - The Azure AD tenant ID or domain name. - **app** (string) - Required - The Azure AD application (client) ID. - **certificate** (object) - Required - Certificate details, including the certificate itself (path or object) and potentially assertion parameters. - **certificate** (string or object) - Path to a certificate file (PEM or PFX) or a certificate assertion object. - **duration** (integer) - Optional - The duration for which the certificate assertion is valid, in seconds. - **signature_size** (integer) - Optional - The size of the signature for certificate assertion. - **auth_type** (string) - Optional - Set to "client_credentials" for certificate-based client authentication. ### Request Example ```r library(AzureAuth) token_cert <- get_azure_token( resource = "https://management.azure.com/", tenant = "mycompany.onmicrosoft.com", app = "1234abcd-5678-ef90-1234-567890abcdef", certificate = "mycert.pem", auth_type = "client_credentials" ) ``` ### Response #### Success Response (200) - **credentials** (object) - Contains the authentication tokens and expiry information. - **access_token** (string) - The OAuth 2.0 access token. - **expires_on** (string) - The expiration time of the access token. #### Response Example ```json { "credentials": { "access_token": "eyJ...".", "expires_on": "2023-10-27T11:00:00Z" } } ``` ``` -------------------------------- ### Managed Identity Token Acquisition (R) Source: https://context7.com/azure/azureauth/llms.txt Obtains authentication tokens from Azure managed identities (VMs, containers, services) without needing stored credentials. Uses the `get_managed_token` function from the AzureAuth package. ```r library(AzureAuth) # Get token using system-assigned managed identity ``` -------------------------------- ### Obtain ID Token with AAD v1.0 Source: https://github.com/azure/azureauth/blob/master/README.md This code snippet demonstrates how to obtain an ID token using AAD v1.0 by specifying an empty resource and setting use_cache to FALSE. It then extracts the ID token from the obtained credentials. ```r # ID token with AAD v1.0 tok <- get_azure_token("", "mytenant", "app_id", use_cache=FALSE) extract_jwt(tok, "id") ``` -------------------------------- ### Managed Identity Authentication Source: https://context7.com/azure/azureauth/llms.txt Obtains tokens from within Azure managed identities (VMs, containers, services) without requiring stored credentials. ```APIDOC ## GET /azure/managed/token ### Description Obtains tokens from within Azure managed identities (VMs, containers, services) without requiring stored credentials. ### Method GET ### Endpoint /azure/managed/token ### Parameters #### Query Parameters - **resource** (string) - Required - The Azure resource for which to request a token. - **identity_type** (string) - Optional - Specifies the managed identity type (e.g., "system", "user"). Defaults to "system". - **identity_id** (string) - Optional - The client ID of the user-assigned managed identity. ### Request Example ```r library(AzureAuth) # Get token using system-assigned managed identity token_mi <- get_managed_token( resource = "https://management.azure.com/" ) ``` ### Response #### Success Response (200) - **access_token** (string) - The OAuth 2.0 access token. - **expires_on** (string) - The expiration time of the access token. #### Response Example ```json { "access_token": "eyJ...".", "expires_on": "2023-10-27T12:00:00Z" } ``` ``` -------------------------------- ### Obtain Managed Identity Token Source: https://github.com/azure/azureauth/blob/master/README.md The get_managed_token function retrieves authentication tokens from a managed identity. This is designed to be run within Azure VMs, services, or containers, eliminating the need for storing secrets. ```r # run this from within an Azure VM or container for which an identity has been setup get_managed_token("myresource") ``` -------------------------------- ### Obtain ID Token with AAD v2.0 Source: https://github.com/azure/azureauth/blob/master/README.md This code snippet shows how to obtain an ID token with AAD v2.0 by including the 'openid' and 'offline_access' scopes and setting the version to 2. It then extracts the ID token. ```r # ID token with AAD v2.0 (recommended) tok2 <- get_azure_token(c("openid", "offline_access"), "mytenant", "app_id", version=2) extract_jwt(tok2, "id") ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.