adal 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c96492646dd174e111a054d678cd34b5563ff70a
+  data.tar.gz: 7066e6d539a67d4f13f4a1c2aca63f85308c3cd8
+SHA512:
+  metadata.gz: c4563d608dac6f70d178c553bbbb146b0d6821e0aeae7b45bac8f6ae95923845d26fda3018fe9cc96ac20fc42005e689d39fd72f4695c6da8621d1c611bcad3e
+  data.tar.gz: ff604ebc6495fa3509bcb4411c51bde99d08597a8c91755be7b4d44b71a6245469533894d93c95e7767c5f3fd67195a39cb2b6d8a1faeeab98cc4aeefb242099

data/.gitignore

@@ -0,0 +1,5 @@
+*.swp
+*.gem
+Gemfile.lock
+doc
+coverage

data/.rubocop.yml

@@ -0,0 +1,7 @@
+# This file lists exceptions to the default configuration, which can be found at
+# https://github.com/bbatsov/rubocop/tree/master/config.
+
+AllCops:
+  Exclude:
+    # Ignore XML templates.
+    - '**/*.erb'

data/.travis.yml

@@ -0,0 +1,7 @@
+language: ruby
+
+rvm:
+  - 2.1
+  - 2.2
+
+script: bundle exec rake spec

data/Gemfile

@@ -0,0 +1,25 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+source 'https://rubygems.org'
+
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Micorosft Corporation
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,97 @@
+# Windows Azure Active Directory Authentication Library (ADAL) for Ruby
+[![Build Status](https://travis-ci.org/Azure/azure-activedirectory-library-for-ruby.png?branch=dev)](https://travis-ci.org/AzureAD/azure-activedirectory-library-for-ruby)
+
+The ADAL for Ruby library makes it easy for Ruby applications to authenticate to AAD in order to access AAD protected web resources.
+
+## Installation
+
+You can install the ADAL gem with Rubygems.
+
+```
+gem install adal
+```
+
+Alternatively, you can build the gem from scratch.
+
+```
+git clone git@github.com:AzureAD/azure-activedirectory-for-ruby.git
+cd azure-activedirectory-for-ruby
+gem build adal.gemspec
+gem install adal
+```
+
+## Samples
+
+The `samples` folder contains several applications demonstrating different ways to authenticate. None of the samples will work out of the box, they require set-up and configuration through the Azure portal. Make sure to check out the README for each sample to get them running.
+
+## How to run tests
+
+The tests in this repo use the RSpec framework for behavior-driven testing. RSpec can be invoked directly or as a Rake task. The preferred way to execute the test suite is
+
+Checkout the repo
+
+`git clone git@github.com:AzureAD/azure-activedirectory-library-for-ruby`
+
+Install the dependencies
+
+`bundle install`
+
+Run the tests
+
+`bundle exec rake spec`
+
+## How to run Rubocop
+
+This gem abides by the [Rubocop](https://github.com/bbatsov/rubocop) defaults. Rubocop is set up as a Rake task. The preferred way to execute Rubocop for this repo is
+
+Checkout the repo
+
+`git clone git@github.com:AzureAD/azure-activedirectory-library-for-ruby`
+
+Install the dependencies
+
+`bundle install`
+
+Run Rubocop
+
+`bundle exec rake rubocop`
+
+## Diagnostics
+
+**Logs, correlation ids and timestamps are required with all requests for help in debugging.**
+
+You can configure ADAL to generate log messages that you can use to help diagnose issues. The log outputs are standard to Ruby's built-in logger. An example ADAL log message looks like this:
+
+```
+I, [2015-08-18T06:58:12.767490 #9231]  INFO -- 969f3e30-8f42-4342-b135-f5c754a6b4a8: Multiple WS-Trust endpoints were found in the mex response. Only one was used.
+```
+
+The `I` is a shorthand for `INFO` that makes parsing logs easier. ADAL supports five different logging levels, `VERBOSE`, `INFO`, `WARN`, `ERROR` and `FATAL`. The timestamp is taken from the client machine. The GUID before the message is a correlation id that is used to track logs from the client to the server.
+
+
+To set the lowest log level to output, include something like this in your configuration:
+
+```
+ADAL::Logging.log_level = ADAL::Logger::VERBOSE
+```
+
+By default, ADAL logs are printed to `STDOUT`. To change the log output, pass a Ruby `IO` object to ADAL like this in your configuration:
+
+```
+ADAL::Logging.log_output = File.open('/path/to/adal.logs', 'w')
+```
+
+## Community Help and Support
+
+We leverage [Stack Overflow](http://stackoverflow.com/) to work with the community on supporting Azure Active Directory and its SDKs, including this one! We highly recommend you ask your questions on Stack Overflow (we're all on there!) Also browse existing issues to see if someone has had your question before.
+
+We recommend you use the "adal" tag so we can see it! Here is the latest Q&A on Stack Overflow for ADAL: [http://stackoverflow.com/questions/tagged/adal](http://stackoverflow.com/questions/tagged/adal)
+
+## Contributing
+
+All code is licensed under the MIT license and we triage actively on GitHub. We enthusiastically welcome contributions and feedback. You can fork the repo and start contributing now. [More details](https://github.com/AzureAD/azure-activedirectory-library-for-ruby/blob/master/contributing.md) about contributing.
+
+
+## License
+
+Copyright (c) Microsoft Corporation. Licensed under the MIT License.

data/Rakefile

@@ -0,0 +1,39 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require 'rake'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+
+# This can be run with `bundle exec rake spec`.
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.pattern = `git ls-files`.split("\n").select { |f| f.end_with? 'spec.rb' }
+  t.rspec_opts = '--format documentation'
+end
+
+# This can be run with `bundle exec rake rubocop`.
+RuboCop::RakeTask.new(:rubocop) do |t|
+  t.patterns = `git ls-files`.split("\n").select { |f| f.end_with? '.rb' }
+  t.fail_on_error = false
+end
+
+task default: :spec

data/adal.gemspec

@@ -0,0 +1,52 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require File.expand_path('../lib/adal/version', __FILE__)
+
+Gem::Specification.new do |s|
+  s.name = 'adal'
+  s.version = ADAL::Version
+
+  s.summary = 'ADAL for Ruby'
+  s.description = 'Windows Azure Active Directory authentication client library'
+  s.homepage = 'http://github.com/AzureAD/azure-activedirectory-library-for-ruby'
+  s.license = 'MIT'
+
+  s.require_paths = ['lib']
+  s.files = `git ls-files`.split("\n")
+
+  s.author = 'Microsoft Corporation'
+  s.email = 'nugetaad@microsoft.com'
+
+  s.required_ruby_version = '>= 2.1.0'
+
+  s.add_runtime_dependency 'jwt', '~> 1.5'
+  s.add_runtime_dependency 'nokogiri', '~> 1.6'
+  s.add_runtime_dependency 'uri_template', '~> 0.7'
+
+  s.add_development_dependency 'rake', '~> 10.4'
+  s.add_development_dependency 'rspec', '~> 3.3'
+  s.add_development_dependency 'rubocop', '~> 0.32'
+  s.add_development_dependency 'simplecov', '~> 0.10'
+  s.add_development_dependency 'sinatra', '~> 1.4'
+  s.add_development_dependency 'webmock', '~> 1.21'
+end

data/contributing.md

@@ -0,0 +1,127 @@
+# CONTRIBUTING
+
+Azure Active Directory SDK projects welcomes new contributors.  This document will guide you
+through the process.
+
+### CONTRIBUTOR LICENSE AGREEMENT
+
+Please visit [https://cla.microsoft.com/](https://cla.microsoft.com/) and sign the Contributor License
+Agreement.  You only need to do that once. We can not look at your code until you've submitted this request.
+
+
+### FORK
+
+Fork the project [on GitHub][] and check out
+your copy.
+
+Example for Ruby:
+
+```
+$ git clone git@github.com:username/azure-activedirectory-library-for-ruby.git
+$ cd azure-activedirectory-library-for-ruby
+$ git remote add upstream git@github.com:AzureAD/azure-activedirectory-library-for-ruby.git
+```
+
+Now decide if you want your feature or bug fix to go into the dev branch
+or the master branch.  **All bug fixes and new features should go into the dev branch.**
+
+The master branch is effectively frozen; patches that change the SDKs
+protocols or API surface area or affect the run-time behavior of the SDK will be rejected.
+
+Some of our SDKs have bundled dependencies that are not part of the project proper.  Any changes to files in those directories or its subdirectories should be sent to their respective
+projects.  Do not send your patch to us, we cannot accept it.
+
+In case of doubt, open an issue in the [issue tracker][].
+
+Especially do so if you plan to work on a major change in functionality.  Nothing is more
+frustrating than seeing your hard work go to waste because your vision
+does not align with our goals for the SDK.
+
+
+### BRANCH
+
+Okay, so you have decided on the proper branch.  Create a feature branch
+and start hacking:
+
+```
+$ git checkout -b topic/my-feature-branch 
+```
+
+
+### COMMIT
+
+Make sure git knows your name and email address:
+
+```
+$ git config --global user.name "J. Random User"
+$ git config --global user.email "j.random.user@example.com"
+```
+
+Writing good commit logs is important.  A commit log should describe what
+changed and why.  Follow these guidelines when writing one:
+
+1. The first line should be 50 characters or less and contain a short
+   description of the change prefixed with the name of the changed
+   subsystem (e.g. "net: add localAddress and localPort to Socket").
+2. Keep the second line blank.
+3. Wrap all other lines at 72 columns.
+
+A good commit log looks like this:
+
+```
+fix: explaining the commit in one line
+
+Body of commit message is a few lines of text, explaining things
+in more detail, possibly giving some background about the issue
+being fixed, etc etc.
+
+The body of the commit message can be several paragraphs, and
+please do proper word-wrap and keep columns shorter than about
+72 characters or so. That way `git log` will show things
+nicely even when it is indented.
+```
+
+The header line should be meaningful; it is what other people see when they
+run `git shortlog` or `git log --oneline`.
+
+Check the output of `git log --oneline files_that_you_changed` to find out
+what directories your changes touch.
+
+
+### REBASE
+
+Use `git rebase` (not `git merge`) to sync your work from time to time.
+
+```
+$ git fetch upstream
+$ git rebase upstream/v0.1  # or upstream/master
+```
+
+
+### TEST
+
+Bug fixes and features should come with tests.  Add your tests in the
+test directory. This varies by repository but often follows the same convention of /src/test.  Look at other tests to see how they should be
+structured (license boilerplate, common includes, etc.).
+
+
+Make sure that all tests pass.
+
+
+### PUSH
+
+```
+$ git push origin topic/my-feature-branch
+```
+
+Go to https://github.com/username/azure-activedirectory-library-for-ruby.git and select your feature branch.  Click
+the 'Pull Request' button and fill out the form.
+
+Pull requests are usually reviewed within a few days.  If there are comments
+to address, apply your changes in a separate commit and push that to your
+feature branch.  Post a comment in the pull request afterwards; GitHub does
+not send out notifications when you add commits.
+
+
+[on GitHub]: https://github.com/AzureAD/azure-activedirectory-library-for-ruby
+[issue tracker]: https://github.com/AzureAD/azure-activedirectory-library-for-ruby/issues

data/lib/adal.rb

@@ -0,0 +1,24 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+# Extract all Ruby files in $DIR/lib/adal/ regardless of where the gem is built.
+Dir[File.expand_path('../adal/*.rb', __FILE__)].each { |f| require_relative f }

data/lib/adal/authentication_context.rb

@@ -0,0 +1,202 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require_relative './authority'
+require_relative './core_ext'
+require_relative './memory_cache'
+require_relative './request_parameters'
+require_relative './token_request'
+require_relative './util'
+
+using ADAL::CoreExt
+
+module ADAL
+  # Retrieves authentication tokens from Azure Active Directory and ADFS
+  # services. For most users, this is the primary class to authenticate an
+  # application.
+  class AuthenticationContext
+    include RequestParameters
+    include Util
+
+    ##
+    # Creates a new AuthenticationContext.
+    #
+    # @param String authority_host
+    #   The host name of the authority to verify against, e.g.
+    #   'login.windows.net'.
+    # @param String tenant
+    #   The tenant to authenticate to, e.g. 'contoso.onmicrosoft.com'.
+    # @optional Boolean validate_authority
+    #   Whether the authority should be checked for validity before making
+    #   token requests. Defaults to false.
+    # @optional TokenCache token_cache
+    #   An cache that ADAL will use to store access tokens and refresh tokens
+    #   in. By default an empty in-memory cache is created. An existing cache
+    #   can be used to data persistence.
+    def initialize(authority_host = Authority::WORLD_WIDE_AUTHORITY,
+                   tenant = Authority::COMMON_TENANT,
+                   options = {})
+      fail_if_arguments_nil(authority_host, tenant)
+      validate_authority = options[:validate_authority] || false
+      @authority = Authority.new(authority_host, tenant, validate_authority)
+      @token_cache = options[:token_cache] || MemoryCache.new
+    end
+
+    public
+
+    ##
+    # Gets an access token with only the clients credentials and no user
+    # information.
+    #
+    # @param String resource
+    #   The resource being requested.
+    # @param ClientCredential|ClientAssertion|ClientAssertionCertificate
+    #   An object that validates the client application by adding
+    #   #request_params to the OAuth request.
+    # @return TokenResponse
+    def acquire_token_for_client(resource, client_cred)
+      fail_if_arguments_nil(resource, client_cred)
+      token_request_for(client_cred).get_for_client(resource)
+    end
+
+    ##
+    # Gets an access token with a previously acquire authorization code.
+    #
+    # @param String auth_code
+    #   The authorization code that was issued by the authorization server.
+    # @param URI redirect_uri
+    #   The URI that was passed to the authorization server with the request
+    #   for the authorization code.
+    # @param ClientCredential|ClientAssertion|ClientAssertionCertificate
+    #   An object that validates the client application by adding
+    #   #request_params to the OAuth request.
+    # @optional String resource
+    #   The resource being requested.
+    # @return TokenResponse
+    def acquire_token_with_authorization_code(
+      auth_code, redirect_uri, client_cred, resource = nil)
+      fail_if_arguments_nil(auth_code, redirect_uri, client_cred)
+      token_request_for(client_cred)
+        .get_with_authorization_code(auth_code, redirect_uri, resource)
+    end
+
+    ##
+    # Gets an access token using a previously acquire refresh token.
+    #
+    # @param String refresh_token
+    #   The previously acquired refresh token.
+    # @param String|ClientCredential|ClientAssertion|ClientAssertionCertificate
+    #   The client application can be validated in four different manners,
+    #   depending on the OAuth flow. This object must support #request_params.
+    # @optional String resource
+    #   The resource being requested.
+    # @return TokenResponse
+    def acquire_token_with_refresh_token(
+      refresh_token, client_cred, resource = nil)
+      fail_if_arguments_nil(refresh_token, client_cred)
+      token_request_for(client_cred)
+        .get_with_refresh_token(refresh_token, resource)
+    end
+
+    ##
+    # Gets an acccess token with a previously acquired user token.
+    # Gets an access token for a specific user. This method is relevant for
+    # three authentication scenarios:
+    #
+    # 1. Username/Password flow:
+    # Pass in the username and password wrapped in an ADAL::UserCredential.
+    #
+    # 2. On-Behalf-Of flow:
+    # This allows web services to accept access tokens users and then exchange
+    # them for access tokens for a different resource. Note that to use this
+    # flow you must properly configure permissions settings in the Azure web
+    # portal. Pass in the access token wrapped in an ADAL::UserAssertion.
+    #
+    # 3. User Identifier flow:
+    # This will not make any network connections but will merely check the cache
+    # for existing tokens matching the request.
+    #
+    # @param String resource
+    #   The intended recipient of the requested token.
+    # @param ClientCredential|ClientAssertion|ClientAssertionCertificate
+    #   An object that validates the client application by adding
+    #   #request_params to the OAuth request.
+    # @param UserAssertion|UserCredential|UserIdentifier
+    #   An object that validates the client that the requested access token is
+    #   for. See the description above of the various flows.
+    # @return TokenResponse
+    def acquire_token_for_user(resource, client_cred, user)
+      fail_if_arguments_nil(resource, client_cred, user)
+      token_request_for(client_cred)
+        .get_with_user_credential(user, resource)
+    end
+
+    ##
+    # Constructs a URL for an authorization endpoint using query parameters.
+    #
+    # @param String resource
+    #   The intended recipient of the requested token.
+    # @param String client_id
+    #   The identifier of the calling client application.
+    # @param URI redirect_uri
+    #   The URI that the the authorization code should be sent back to.
+    # @optional Hash extra_query_params
+    #   Any remaining query parameters to add to the URI.
+    # @return URI
+    def authorization_request_url(
+      resource, client_id, redirect_uri, extra_query_params = {})
+      @authority.authorize_endpoint(
+        extra_query_params.reverse_merge(
+          client_id: client_id,
+          response_mode: FORM_POST,
+          redirect_uri: redirect_uri,
+          resource: resource,
+          response_type: CODE))
+    end
+
+    ##
+    # Sets the correlation id that will be used in all future request headers
+    # and logs.
+    #
+    # @param String value
+    #   The UUID to use as the correlation for all subsequent requests.
+    def correlation_id=(value)
+      Logging.correlation_id = value
+    end
+
+    private
+
+    # Helper function for creating token requests based on client credentials
+    # and the current authentication context.
+    def token_request_for(client_cred)
+      TokenRequest.new(@authority, wrap_client_cred(client_cred), @token_cache)
+    end
+
+    def wrap_client_cred(client_cred)
+      if client_cred.is_a? String
+        ClientCredential.new(client_cred)
+      else
+        client_cred
+      end
+    end
+  end
+end