class OmniAuth::Strategies::AzureADV2

Constants

DEFAULT_RESPONSE_MODE
DEFAULT_RESPONSE_TYPE

Public Instance Methods

callback_phase() click to toggle source
Calls superclass method
# File lib/omniauth/strategies/azure_adv2.rb, line 56
def callback_phase
  error = request.params['error_reason'] || request.params['error']
  fail(OAuthError, error) if error

  @session_state = request.params['session_state']
  @code = request.params['code']

  @access_token, @id_token = exchange_code_for_creds(@code)
  @claims, @header = validate_and_parse_id_token(@id_token)

  super
end
request_phase() click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 44
def request_phase
  uri = URI(openid_config.authorization_endpoint)
  uri.query = URI.encode_www_form(client_id: client_id,
                                  redirect_uri: callback_url,
                                  response_mode: response_mode,
                                  response_type: response_type,
                                  scope: 'openid profile email https://graph.microsoft.com/user.read',
                                  nonce: new_nonce)

  redirect uri.to_s
end

Private Instance Methods

client_id() click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 127
def client_id
  return options.client_id if options.client_id
  fail StandardError, 'No client_id specified in AzureAD configuration.'
end
client_secret() click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 132
def client_secret
  return options.client_secret if options.client_secret
  fail StandardError, 'No client_secret specified in AzureAD configuration.'
end
exchange_code_for_creds(code) click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 71
def exchange_code_for_creds(code)
  uri = URI('https://login.microsoftonline.com/common/oauth2/v2.0/token')
  res = Net::HTTP.post_form(
    uri,
    'code': code,
    'grant_type': 'authorization_code',
    'scope': 'https://graph.microsoft.com/user.read',
    'redirect_uri': callback_url,
    'client_id': client_id,
    'client_secret': client_secret,
  )

  parsed = JSON.parse(res.body)

  [parsed['access_token'], parsed['id_token']]
end
fetch_email() click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 88
def fetch_email
  uri = URI('https://graph.microsoft.com/beta/me')
  req = Net::HTTP::Get.new(uri.path)
  req.add_field('Authorization', "Bearer #{@access_token}")

  res = Net::HTTP.start(uri.host, uri.port, use_ssl: true) do |http|
      http.request(req)
  end

  parsed = JSON.parse(res.body)

  parsed['mail'].present? ? parsed['mail'] : parsed['userPrincipalName']
end
new_nonce() click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 102
def new_nonce
  session['omniauth-azure-activedirectory.nonce'] = SecureRandom.uuid
end
openid_config() click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 106
def openid_config
  OpenIDConfig.fetch(tid: 'common')
end
read_nonce() click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 137
def read_nonce
  session.delete('omniauth-azure-activedirectory.nonce')
end
response_mode() click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 114
def response_mode
  options[:response_mode] || DEFAULT_RESPONSE_MODE
end
response_type() click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 110
def response_type
  options[:response_type] || DEFAULT_RESPONSE_TYPE
end
validate_and_parse_id_token(id_token) click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 118
def validate_and_parse_id_token(id_token)
  IDTokenDecoder.new(
    id_token: id_token,
    client_id: client_id,
    nonce: read_nonce,
    keyset: openid_config.keys,
  ).run
end