omniauth-adfs-open-id-connect 0.0.1 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +24 -0
- data/.rubocop.yml +4 -1
- data/Gemfile +1 -1
- data/lib/omniauth/adfs_open_id_connect/version.rb +1 -1
- data/lib/omniauth/strategies/adfs_open_id_connect.rb +43 -9
- data/omniauth-adfs-open-id-connect.gemspec +2 -3
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fc77cec391ab75442f586b5b0aa5901644fe8af59888011aced75523b41bd9dc
|
4
|
+
data.tar.gz: ee96183ea80abc1262ca9b2fafc8b370f2444c91a9145e894834b230cdb588e2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '09f0bedcf11d83f79adbc8e9cc6e4cc2ff23b30f7b76bbfc64b45285278b699536aacfc9a02c5da13bf7db1b1a5b6df24f1ac962e597bf4555506d83378e17e4'
|
7
|
+
data.tar.gz: eacfb72c4c3e3878569960e673a43096eea871b613bce8252094b45a18930b3c0366abf79239748039bb71007529d6399a791a958f1e1555cc6fc0e431ea20a7
|
@@ -0,0 +1,24 @@
|
|
1
|
+
name: CI
|
2
|
+
on: [push]
|
3
|
+
|
4
|
+
jobs:
|
5
|
+
test:
|
6
|
+
runs-on: ubuntu-latest
|
7
|
+
steps:
|
8
|
+
- uses: actions/checkout@v2
|
9
|
+
- uses: ruby/setup-ruby@477b21f02be01bcb8030d50f37cfec92bfa615b6
|
10
|
+
with:
|
11
|
+
ruby-version: 2.7
|
12
|
+
bundler-cache: true
|
13
|
+
- run: bundle install
|
14
|
+
- run: bundle exec rspec
|
15
|
+
rubocop:
|
16
|
+
runs-on: ubuntu-latest
|
17
|
+
steps:
|
18
|
+
- uses: actions/checkout@v2
|
19
|
+
- uses: ruby/setup-ruby@477b21f02be01bcb8030d50f37cfec92bfa615b6
|
20
|
+
with:
|
21
|
+
ruby-version: 2.7
|
22
|
+
bundler-cache: true
|
23
|
+
- run: bundle install
|
24
|
+
- run: bundle exec rubocop
|
data/.rubocop.yml
CHANGED
data/Gemfile
CHANGED
@@ -10,7 +10,8 @@ module OmniAuth
|
|
10
10
|
DEFAULT_SCOPE = 'openid profile email'
|
11
11
|
|
12
12
|
def client
|
13
|
-
options.authorize_params.scope =
|
13
|
+
options.authorize_params.scope =
|
14
|
+
(options.scope if options.respond_to?(:scope) && options.scope) || DEFAULT_SCOPE
|
14
15
|
|
15
16
|
options.client_options.authorize_url = "#{options.base_adfs_url}/adfs/oauth2/authorize"
|
16
17
|
options.client_options.token_url = "#{options.base_adfs_url}/adfs/oauth2/token"
|
@@ -18,17 +19,17 @@ module OmniAuth
|
|
18
19
|
super
|
19
20
|
end
|
20
21
|
|
21
|
-
uid
|
22
|
-
raw_info['
|
23
|
-
|
22
|
+
uid do
|
23
|
+
raw_info['unique_name']
|
24
|
+
end
|
24
25
|
|
25
26
|
info do
|
26
27
|
{
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
28
|
+
name: raw_info['name'],
|
29
|
+
email: raw_info['email'] || raw_info['upn'],
|
30
|
+
nickname: raw_info['unique_name'],
|
31
|
+
first_name: raw_info['given_name'],
|
32
|
+
last_name: raw_info['family_name']
|
32
33
|
}
|
33
34
|
end
|
34
35
|
|
@@ -39,6 +40,39 @@ module OmniAuth
|
|
39
40
|
def callback_url
|
40
41
|
full_host + script_name + callback_path
|
41
42
|
end
|
43
|
+
|
44
|
+
# The omniauth-azure-activedirectory-v2 gem implements the raw_info method as follows.
|
45
|
+
# It's unclear if this is required for AD FS, but will implement with the fallback on
|
46
|
+
# the ID token just as a precaution and we can later remove and use access_token.token directly
|
47
|
+
# if it's not needed.
|
48
|
+
#
|
49
|
+
# Some account types from Microsoft seem to only have a decodable ID token,
|
50
|
+
# with JWT unable to decode the access token. Information is limited in those
|
51
|
+
# cases. Other account types provide an expanded set of data inside the auth
|
52
|
+
# token, which does decode as a JWT.
|
53
|
+
#
|
54
|
+
# Merge the two, allowing the expanded auth token data to overwrite the ID
|
55
|
+
# token data if keys collide, and use this as raw info.
|
56
|
+
#
|
57
|
+
def raw_info
|
58
|
+
if @raw_info.nil?
|
59
|
+
id_token_data = begin
|
60
|
+
::JWT.decode(access_token.params['id_token'], nil, false).first
|
61
|
+
rescue StandardError
|
62
|
+
# no-op, ignore the error if token decoding fails
|
63
|
+
end
|
64
|
+
auth_token_data = begin
|
65
|
+
::JWT.decode(access_token.token, nil, false).first
|
66
|
+
rescue StandardError
|
67
|
+
# no-op, ignore the error if token decoding fails
|
68
|
+
end
|
69
|
+
|
70
|
+
id_token_data.merge!(auth_token_data)
|
71
|
+
@raw_info = id_token_data
|
72
|
+
end
|
73
|
+
|
74
|
+
@raw_info
|
75
|
+
end
|
42
76
|
end
|
43
77
|
end
|
44
78
|
end
|
@@ -1,4 +1,3 @@
|
|
1
|
-
# -*- encoding: utf-8 -*-
|
2
1
|
# frozen_string_literal: true
|
3
2
|
|
4
3
|
lib = File.expand_path('lib', __dir__)
|
@@ -9,8 +8,8 @@ Gem::Specification.new do |s|
|
|
9
8
|
s.name = 'omniauth-adfs-open-id-connect'
|
10
9
|
s.version = OmniAuth::Adfs::OpenId::Connect::VERSION
|
11
10
|
s.summary = 'OAuth 2 authentication with Active Directory Federations Services OpenId Connect.'
|
12
|
-
s.authors = [
|
13
|
-
s.email = [
|
11
|
+
s.authors = ['Diego Marcet']
|
12
|
+
s.email = ['systems@controlshiftlabs.com']
|
14
13
|
s.homepage = 'https://github.com/controlshift/omniauth-adfs-open-id-connect'
|
15
14
|
s.license = 'MIT'
|
16
15
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-adfs-open-id-connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Diego Marcet
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-11-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: omniauth-oauth2
|
@@ -115,6 +115,7 @@ executables: []
|
|
115
115
|
extensions: []
|
116
116
|
extra_rdoc_files: []
|
117
117
|
files:
|
118
|
+
- ".github/workflows/ci.yml"
|
118
119
|
- ".gitignore"
|
119
120
|
- ".rspec"
|
120
121
|
- ".rubocop.yml"
|