class OmniAuth::Strategies::AzureADV2
Constants
- DEFAULT_RESPONSE_MODE
- DEFAULT_RESPONSE_TYPE
Public Instance Methods
callback_phase()
click to toggle source
Calls superclass method
# File lib/omniauth/strategies/azure_adv2.rb, line 56 def callback_phase error = request.params['error_reason'] || request.params['error'] fail(OAuthError, error) if error @session_state = request.params['session_state'] @code = request.params['code'] @access_token, @id_token = exchange_code_for_creds(@code) @claims, @header = validate_and_parse_id_token(@id_token) super end
request_phase()
click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 44 def request_phase uri = URI(openid_config.authorization_endpoint) uri.query = URI.encode_www_form(client_id: client_id, redirect_uri: callback_url, response_mode: response_mode, response_type: response_type, scope: 'openid profile email https://graph.microsoft.com/user.read', nonce: new_nonce) redirect uri.to_s end
Private Instance Methods
client_id()
click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 127 def client_id return options.client_id if options.client_id fail StandardError, 'No client_id specified in AzureAD configuration.' end
client_secret()
click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 132 def client_secret return options.client_secret if options.client_secret fail StandardError, 'No client_secret specified in AzureAD configuration.' end
exchange_code_for_creds(code)
click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 71 def exchange_code_for_creds(code) uri = URI('https://login.microsoftonline.com/common/oauth2/v2.0/token') res = Net::HTTP.post_form( uri, 'code': code, 'grant_type': 'authorization_code', 'scope': 'https://graph.microsoft.com/user.read', 'redirect_uri': callback_url, 'client_id': client_id, 'client_secret': client_secret, ) parsed = JSON.parse(res.body) [parsed['access_token'], parsed['id_token']] end
fetch_email()
click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 88 def fetch_email uri = URI('https://graph.microsoft.com/beta/me') req = Net::HTTP::Get.new(uri.path) req.add_field('Authorization', "Bearer #{@access_token}") res = Net::HTTP.start(uri.host, uri.port, use_ssl: true) do |http| http.request(req) end parsed = JSON.parse(res.body) parsed['mail'].present? ? parsed['mail'] : parsed['userPrincipalName'] end
new_nonce()
click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 102 def new_nonce session['omniauth-azure-activedirectory.nonce'] = SecureRandom.uuid end
openid_config()
click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 106 def openid_config OpenIDConfig.fetch(tid: 'common') end
read_nonce()
click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 137 def read_nonce session.delete('omniauth-azure-activedirectory.nonce') end
response_mode()
click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 114 def response_mode options[:response_mode] || DEFAULT_RESPONSE_MODE end
response_type()
click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 110 def response_type options[:response_type] || DEFAULT_RESPONSE_TYPE end
validate_and_parse_id_token(id_token)
click to toggle source
# File lib/omniauth/strategies/azure_adv2.rb, line 118 def validate_and_parse_id_token(id_token) IDTokenDecoder.new( id_token: id_token, client_id: client_id, nonce: read_nonce, keyset: openid_config.keys, ).run end