Add --origin Argument for Handling Single Page Application Refresh Tokens #99
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull requests includes updates to roadlib's auth.py and roadrecon's gather.py. The changes add the argument --origin which appends a header origin value to refresh token requests which is required when using Single Page Application (SPA) refresh tokens such as the Azure portal or Office Online Application portal. Users obtain a refresh token from an authenticated browser session, supply the SPA client-id, and pass an '--origin' value such as 'https://portal.azure.com' so they can then obtain an access token. Example syntax when using a refresh token from the Azure portal : roadtx gettokens -c c44b4083-3bb0-49c1-b47d-974e53cbdf3c --origin "https://portal.azure.com" --refresh-token ""
These changes have been tested and allow running collections and obtaining tokens in hardened Azure environments where device-code flow, external applications, and Selenium browser implementations are not an option. Obtaining refresh tokens from a user's authenticated browser session logged into one of the portals and supplying it to obtain an access token makes for a simple and efficient workflow. The checktoken function of gather.py was modified to handle requesting a new token with the appropriate origin header value for collections in large tenants.