mirror of
https://github.com/mattermost/mattermost.git
synced 2026-02-03 20:40:00 -05:00
4589005a54
Some checks are pending
API / build (push) Waiting to run
Server CI / Compute Go Version (push) Waiting to run
Server CI / Check mocks (push) Blocked by required conditions
Server CI / Check go mod tidy (push) Blocked by required conditions
Server CI / check-style (push) Blocked by required conditions
Server CI / Check serialization methods for hot structs (push) Blocked by required conditions
Server CI / Vet API (push) Blocked by required conditions
Server CI / Check migration files (push) Blocked by required conditions
Server CI / Generate email templates (push) Blocked by required conditions
Server CI / Check store layers (push) Blocked by required conditions
Server CI / Check mmctl docs (push) Blocked by required conditions
Server CI / Postgres with binary parameters (push) Blocked by required conditions
Server CI / Postgres (push) Blocked by required conditions
Server CI / Postgres (FIPS) (push) Blocked by required conditions
Server CI / Generate Test Coverage (push) Blocked by required conditions
Server CI / Run mmctl tests (push) Blocked by required conditions
Server CI / Run mmctl tests (FIPS) (push) Blocked by required conditions
Server CI / Build mattermost server app (push) Blocked by required conditions
Web App CI / check-lint (push) Waiting to run
Web App CI / check-i18n (push) Waiting to run
Web App CI / check-types (push) Waiting to run
Web App CI / test (push) Waiting to run
Web App CI / build (push) Waiting to run
* Add Entra ID token authentication and Intune MAM config exposure * Add Intune MAM toggle to Mobile Security admin console * Add IntuneSettings with the AuthService to use and its own TenantID andClientID for the Entra App registration Include Admin console changes switch from /oauth/entra to /oauth/intune endpoint * openAPI documentation --------- Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: yasser khan <attitude3cena.yf@gmail.com>
34 lines
1.5 KiB
Go
34 lines
1.5 KiB
Go
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
// See LICENSE.txt for license information.
|
|
|
|
package einterfaces
|
|
|
|
import (
|
|
"github.com/mattermost/mattermost/server/public/model"
|
|
"github.com/mattermost/mattermost/server/public/shared/request"
|
|
)
|
|
|
|
// IntuneInterface provides methods for Microsoft Intune MAM authentication.
|
|
// This allows mobile users to authenticate via Microsoft Entra ID (Azure AD) MSAL tokens
|
|
// and map to existing users who login via Office 365 or SAML on other clients.
|
|
type IntuneInterface interface {
|
|
// IsConfigured checks if Intune MAM is properly configured and enabled.
|
|
// Returns true if IntuneSettings.Enable is true and all required configuration is present.
|
|
IsConfigured() bool
|
|
|
|
// Login authenticates a user using a Microsoft Entra ID access_token from MSAL.
|
|
// The token is validated against Microsoft's JWKS endpoint with proper key rollover support.
|
|
// The access_token's audience claim is validated against the tenant-specific IntuneScope
|
|
// to ensure proper tenant isolation.
|
|
// The user is then matched to an existing user based on the configured AuthService
|
|
// (either 'office365' or 'saml'), or a new user is created if allowed.
|
|
//
|
|
// Parameters:
|
|
// - rctx: Request context for logging and tracing
|
|
// - accessToken: The access_token from MSAL authentication
|
|
//
|
|
// Returns:
|
|
// - user: The authenticated user (matched or newly created)
|
|
// - appError: Error if authentication fails
|
|
Login(rctx request.CTX, accessToken string) (*model.User, *model.AppError)
|
|
}
|