class ADAL::Authority

An authentication and token server with the ability to self validate.

Constants

AUTHORIZE_PATH
COMMON_TENANT
DISCOVERY_TEMPLATE
TENANT_DISCOVERY_ENDPOINT_KEY
TOKEN_PATH
WELL_KNOWN_AUTHORITY_HOSTS
WORLD_WIDE_AUTHORITY

Attributes

host[R]
tenant[R]

Public Class Methods

new(host = WORLD_WIDE_AUTHORITY, tenant = COMMON_TENANT, validate_authority = false) click to toggle source

Creates a new Authority.

@param [String] host

The host name of the authority server.

@param [String] tenant

The name of the tenant for the Authority to access.

@option [Boolean] validate_authority (false)

The setting that controls whether the Authority instance will check that
it matches a set of know authorities or can dynamically retrieve an
identifying response.
# File lib/adal/authority.rb, line 63
def initialize(host = WORLD_WIDE_AUTHORITY,
               tenant = COMMON_TENANT,
               validate_authority = false)
  @host = host
  @tenant = tenant
  @validated = !validate_authority
end

Public Instance Methods

authorize_endpoint(params = nil) click to toggle source

URI that can be used to acquire authorization codes.

@optional Hash params

Query parameters that will added to the endpoint.

@return [URI]

# File lib/adal/authority.rb, line 79
def authorize_endpoint(params = nil)
  params = params.select { |_, v| !v.nil? } if params.respond_to? :select
  if params.nil? || params.empty?
    URI::HTTPS.build(host: @host, path: '/' + @tenant + AUTHORIZE_PATH)
  else
    URI::HTTPS.build(host: @host,
                     path: '/' + @tenant + AUTHORIZE_PATH,
                     query: URI.encode_www_form(params))
  end
end
token_endpoint() click to toggle source

URI that can be used to acquire tokens.

@return [URI]

# File lib/adal/authority.rb, line 94
def token_endpoint
  URI::HTTPS.build(host: @host, path: '/' + @tenant + TOKEN_PATH)
end
validate() click to toggle source

Checks if the authority matches a set list of known authorities or if it can be resolved by the discovery endpoint.

@return [Boolean]

True if the Authority was successfully validated.
# File lib/adal/authority.rb, line 104
def validate
  @validated = validated_statically? unless validated?
  @validated = validated_dynamically? unless validated?
  @validated
end
validated?() click to toggle source

@return [Boolean]

# File lib/adal/authority.rb, line 111
def validated?
  @validated
end

Private Instance Methods

discovery_uri(host = WORLD_WIDE_AUTHORITY) click to toggle source

Creates an instance discovery endpoint url for authority that this object represents.

@return [URI]

# File lib/adal/authority.rb, line 122
def discovery_uri(host = WORLD_WIDE_AUTHORITY)
  URI(DISCOVERY_TEMPLATE.expand(host: host, endpoint: authorize_endpoint))
end
parse_dynamic_validation(response) click to toggle source

@param Hash @return Boolean

# File lib/adal/authority.rb, line 155
def parse_dynamic_validation(response)
  unless response.key? TENANT_DISCOVERY_ENDPOINT_KEY
    logger.error('Received unexpected response from instance discovery ' \
                 "endpoint: #{response}. Unable to validate dynamically.")
    return false
  end
  logger.verbose('Authority validated via dynamic instance discovery.')
  response[TENANT_DISCOVERY_ENDPOINT_KEY]
end
validated_dynamically?() click to toggle source

Performs instance discovery via a network call to well known authorities.

@return [String]

The tenant discovery endpoint, if found. Otherwise nil.
# File lib/adal/authority.rb, line 131
def validated_dynamically?
  logger.verbose("Attempting instance discovery at: #{discovery_uri}.")
  http_response = Net::HTTP.get(discovery_uri)
  if http_response.nil?
    logger.error('Dynamic validation received no response from endpoint.')
    return false
  end
  parse_dynamic_validation(JSON.parse(http_response))
end
validated_statically?() click to toggle source

@return [Boolean]

# File lib/adal/authority.rb, line 142
def validated_statically?
  logger.verbose('Performing static instance discovery.')
  found_it = WELL_KNOWN_AUTHORITY_HOSTS.include? @host
  if found_it
    logger.verbose('Authority validated via static instance discovery.')
  end
  found_it
end