WeaviateEx.Auth.Azure (WeaviateEx v0.7.4)
View SourceAzure-specific OIDC handling.
Detects Azure/Microsoft endpoints and applies appropriate defaults for authentication configuration.
Azure OIDC Specifics
- Uses
{client_id}/.defaultscope format - Different token endpoint patterns for v1 and v2
- Resource-based authentication for v1 endpoints
Examples
# Check if endpoint is Azure
Azure.azure_endpoint?("https://login.microsoftonline.com/tenant/oauth2/token")
# => true
# Apply Azure defaults to auth options
opts = [token_endpoint: "https://login.microsoftonline.com/...", client_id: "my-id"]
Azure.apply_azure_defaults(opts)
# => [token_endpoint: "...", client_id: "my-id", scopes: ["my-id/.default"]]Summary
Functions
Apply Azure-specific defaults to authentication options.
Check if a token endpoint is an Azure/Microsoft endpoint.
Build Azure-specific token request parameters.
Get default scopes for Azure authentication.
Detect Azure endpoint version from URL.
Format resource for Azure v1 endpoints.
Check if password flow (ROPC) is configured in the auth options.
Validates Microsoft/Azure password flow requirements.
Functions
Apply Azure-specific defaults to authentication options.
If the token endpoint is detected as Azure and no scopes are provided,
automatically adds the .default scope.
Examples
opts = [
token_endpoint: "https://login.microsoftonline.com/tenant/oauth2/token",
client_id: "my-client-id"
]
Azure.apply_azure_defaults(opts)
# => [token_endpoint: "...", client_id: "my-client-id", scopes: ["my-client-id/.default"]]Check if a token endpoint is an Azure/Microsoft endpoint.
Examples
Azure.azure_endpoint?("https://login.microsoftonline.com/tenant/oauth2/token")
# => true
Azure.azure_endpoint?("https://auth.example.com/token")
# => falseBuild Azure-specific token request parameters.
For v1 endpoints, uses resource parameter.
For v2 endpoints, uses scope parameter.
Examples
Azure.build_token_params(:v2, "my-client-id")
# => [{"scope", "my-client-id/.default"}]Get default scopes for Azure authentication.
Azure uses the {client_id}/.default scope format to request
all configured permissions for the application.
Examples
Azure.default_scopes("my-client-id")
# => ["my-client-id/.default"]@spec detect_version(String.t()) :: :v1 | :v2 | :unknown
Detect Azure endpoint version from URL.
Returns :v1 or :v2 based on the endpoint URL pattern.
Examples
Azure.detect_version("https://login.microsoftonline.com/tenant/oauth2/v2.0/token")
# => :v2
Azure.detect_version("https://login.microsoftonline.com/tenant/oauth2/token")
# => :v1Format resource for Azure v1 endpoints.
Some Azure v1 endpoints use resource instead of scope.
Examples
Azure.format_resource("my-client-id")
# => "my-client-id"Check if password flow (ROPC) is configured in the auth options.
Examples
Azure.password_flow_configured?(%{type: :oidc_password, username: "user", password: "pass"})
# => true
Azure.password_flow_configured?(%{type: :api_key})
# => falseValidates Microsoft/Azure password flow requirements.
Microsoft password flow (ROPC - Resource Owner Password Credential) requires:
- Username (must be a valid email address for Microsoft auth)
- Password (non-empty)
- Client ID
Examples
Azure.validate_password_flow(%{username: "user@example.com", password: "pass", client_id: "id"})
# => :ok
Azure.validate_password_flow(%{username: "invalid", password: "pass", client_id: "id"})
# => {:error, "Username must be a valid email address for Microsoft auth"}
Azure.validate_password_flow(%{password: "pass"})
# => {:error, "Microsoft password flow requires username, password, and client_id"}