How to implement authorization_code grant flow in golang to login to Azure AD

[Sumesh P]

I would like to implement authorization grant flow for an application in golang. The app will then read (delegated) azure resources the user has access to.

Already combed through several dozens of samples in github and everywhere else, but they are either incomplete or doesn't bring up the login prompt as expected.

I am looking for a sample that uses purely REST (preferable). If not, using adal/msal, "golang.org/x/oauth2/microsoft" or any other method. Also need to get an access token from the request as the Go sdk for Azure doesnt cover all resources and I'd like to use the access token to make REST calls.

Any pointers to working code sample would be highly appreciated. Note: I can successfully login with other methods like client credentials. Issue is only getting auth code flow to work.

Thank you.

[Brian Candler]

Is this a web app you're writing, or a CLI app?

If it's a CLI app, then you need to trigger a request to open a browser.  There's a go library to do this: github.com/pkg/browser.  Look at how kubelogin does it: https://github.com/int128/kubelogin

If it's a web app, then the user is already using a browser so this isn't an issue.  There's plenty of sample code out there which implements OpenID Connect logins.

I would strongly recommend you make your own OIDC central service, e.g. with Keycloak, because you can have multiple apps which all integrate with that, and then separately you only need to integrate Keycloak once with Azure AD or whatever other upstream identity provider(s) you are using.

There are also plenty of cloud services which perform this function, but you have to pay for them (okta, auth0 etc)