// DiscoverAuthorizationID returns the OAuth authorization URI for the given
// subscription ID. This can be used to determine the AD tenant ID.
func DiscoverAuthorizationURI(client subscriptions.Client, subscriptionID string) (*url.URL, error) {
// We make an unauthenticated request to the Azure API, which
// responds with the authentication URL with the tenant ID in it.
result, err := client.Get(subscriptionID)
if err == nil {
return nil, errors.New("expected unauthorized error response")
}
if result.Response.Response == nil {
return nil, errors.Trace(err)
}
if result.StatusCode != http.StatusUnauthorized {
return nil, errors.Annotatef(err, "expected unauthorized error response, got %v", result.StatusCode)
}
header := result.Header.Get(authenticateHeaderKey)
if header == "" {
return nil, errors.Errorf("%s header not found", authenticateHeaderKey)
}
match := authorizationUriRegexp.FindStringSubmatch(header)
if match == nil {
return nil, errors.Errorf(
"authorization_uri not found in %s header (%q)",
authenticateHeaderKey, header,
)
}
return url.Parse(match[1])
}
