omniauth-azure-activedirectory-v2 0.1.1 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 80a76c16a7b809e84e27846806c3f8aa685ef765f7abc836006d17b602223a28
-  data.tar.gz: 1c6d60e594ee6002bfdf958c5d6db5a14f4f3dec4f76d71cd0ed65df1cbbfb10
+  metadata.gz: 6292ee8af704acb7005d47fa78c9ebae4ae9e49bc677dcaff08e087560004013
+  data.tar.gz: 418effa55080e12e2371804f2634c67977c782c7fa9a4bbb3fafbae253e69307
 SHA512:
-  metadata.gz: 125ae35a66c2a79a19cca02e628d0e825d4835ff2e82d74ba2f9da604eb80edd58bb8119ff4bab51a76be1240b8646155c2c89e33d0f3f34486dcbfce9cf7347
-  data.tar.gz: cdf8f67104262494e48d50ed872a30bc6963c0ebbb8ebbd4c251d9b0ea50133bd897bf3a417ab4c0eaff5e3ad63ac4b7812de07599ff6c1bf425871f7a2b4686
+  metadata.gz: 89d6e827e31cb60be2c30fbc464360bc355b0381ec653874535125da81fa596e7c2ec43134183417c8ff29ce631737e0ce2bb79ff1876354a67a45fd1eccbef6
+  data.tar.gz: 5e551b04a716d10745cd913af183ba1997c705f16edb39e925c2cdff59b4905a39b113c333fa2f1b927179eef58383be150c6012f31627e5f14776830f6dacf5

data/CHANGELOG.md

@@ -0,0 +1,34 @@
+# Change Log
+
+## v2.0.0 (2022-09-14)
+
+Makes compatible with OmniAuth 2 and requires it.
+
+Note: https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/pull/6 for reasoning - Thanks @jessieay
+
+_Major version bump as no longer supports Omniauth 1._
+
+## v1.0.0 (2020-09-25)
+
+Removes use of the https://graph.microsoft.com/v1.0/me API.
+
+* One of the key differences for the V2 API vs V1 is the differences
+  between who can sign with the addition of Personal Accounts - see:
+  https://nicolgit.github.io/AzureAD-Endopoint-V1-vs-V2-comparison/
+
+  - In testing we found that these accounts may not have access to
+    this endpoint
+  - All the data provided in `info` exists in the JWT anyway, so this
+    cuts down on API calls
+
+* Conforms to the Omniauth Auth Hash Schema (1.0 and later) - see:
+  https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema
+
+  - Expose `raw_info`
+  - Remove `id` from `info`
+    - *NB: This could be a breaking change for some, but most will
+           already be using the correct property name of `uid`.*
+
+## v0.1.1 (2020-09-23)
+
+- First release.

data/CODE_OF_CONDUCT.md

@@ -55,7 +55,7 @@ further defined and clarified by project maintainers.
 ## Enforcement
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at jesse.whitham@gmail.com. All
+reported by contacting the project team at dev@ripglobal.com. All
 complaints will be reviewed and investigated and will result in a response that
 is deemed necessary and appropriate to the circumstances. The project team is
 obligated to maintain confidentiality with regard to the reporter of an incident.

data/README.md

@@ -1,11 +1,15 @@
 # Omniauth::Azure::Activedirectory::V2
 
+[![Gem Version](https://badge.fury.io/rb/omniauth-azure-activedirectory-v2.svg)](https://badge.fury.io/rb/omniauth-azure-activedirectory-v2)
+[![Build Status](https://travis-ci.org/RIPGlobal/omniauth-azure-activedirectory-v2.svg)](https://travis-ci.org/RIPGlobal/omniauth-azure-activedirectory-v2)
+[![License](https://img.shields.io/github/license/RIPGlobal/omniauth-azure-activedirectory-v2.svg)](LICENSE.md)
+
 OAuth 2 authentication with [Azure ActiveDirectory's V2 API](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview). Rationale:
 
 * https://github.com/marknadig/omniauth-azure-oauth2 is no longer maintained.
 * https://github.com/marknadig/omniauth-azure-oauth2/pull/29 contains important additions.
 
-This gem combines the two.
+This gem combines the two and makes some changes to support the full V2 API.
 
 The ActiveDirectory V1 auth API used OpenID Connect. If you need this, a gem from Microsoft [is available here](https://github.com/AzureAD/omniauth-azure-activedirectory), but seems to be abandoned.
 
@@ -37,7 +41,7 @@ See https://github.com/marknadig/omniauth-azure-oauth2 for background informatio
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2. This project is intended to be a safe, welcoming space for collaboration so contributors must adhere to the [code of conduct](https://github.com/[USERNAME]/omniauth-azure-activedirectory-v2/blob/master/CODE_OF_CONDUCT.md).
+Bug reports and pull requests are welcome on GitHub at https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2. This project is intended to be a safe, welcoming space for collaboration so contributors must adhere to the [code of conduct](https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/blob/master/CODE_OF_CONDUCT.md).
 
 
 
@@ -49,4 +53,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
 
 ## Code of Conduct
 
-Everyone interacting in this project's codebases, issue trackers, chat rooms and mailing lists must follow the [code of conduct](https://github.com/[USERNAME]/omniauth-azure-activedirectory-v2/blob/master/CODE_OF_CONDUCT.md).
+Everyone interacting in this project's codebases, issue trackers, chat rooms and mailing lists must follow the [code of conduct](https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/blob/master/CODE_OF_CONDUCT.md).

data/lib/omniauth/azure_activedirectory_v2/version.rb

@@ -2,7 +2,8 @@ module Omniauth
   module Azure
     module Activedirectory
       module V2
-        VERSION = "0.1.1"
+        VERSION = "2.0.0"
+        DATE    = "2022-09-14"
       end
     end
   end

data/lib/omniauth/strategies/azure_activedirectory_v2.rb

@@ -9,7 +9,6 @@ module OmniAuth
       option :tenant_provider, nil
 
       DEFAULT_SCOPE = 'openid profile email'
-      USER_INFO_URL = 'https://graph.microsoft.com/v1.0/me'
 
       # tenant_provider must return client_id, client_secret and optionally tenant_id and base_azure_url
       args [:tenant_provider]
@@ -40,27 +39,49 @@ module OmniAuth
       end
 
       uid {
-        raw_info['id']
+        raw_info['oid']
       }
 
       info do
         {
-            name: raw_info['displayName'],
-            first_name: raw_info['givenName'],
-            last_name: raw_info['surname'],
-            email: raw_info['userPrincipalName'],
-            id: raw_info['id'],
+            name: raw_info['name'],
+            email: raw_info['email'] || raw_info['upn'],
+            nickname: raw_info['unique_name'],
+            first_name: raw_info['given_name'],
+            last_name: raw_info['family_name']
         }
       end
 
+      extra do
+        { raw_info: raw_info }
+      end
+
       def callback_url
-        full_host + script_name + callback_path
+        full_host + callback_path
       end
 
+      # https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens
+      #
+      # Some account types from Microsoft seem to only have a decodable ID token,
+      # with JWT unable to decode the access token. Information is limited in those
+      # cases. Other account types provide an expanded set of data inside the auth
+      # token, which does decode as a JWT.
+      #
+      # Merge the two, allowing the expanded auth token data to overwrite the ID
+      # token data if keys collide, and use this as raw info.
+      #
       def raw_info
-        @raw_info ||= access_token.get(USER_INFO_URL).parsed
+        if @raw_info.nil?
+          id_token_data   = ::JWT.decode(access_token.params['id_token'], nil, false).first rescue {}
+          auth_token_data = ::JWT.decode(access_token.token,              nil, false).first rescue {}
+
+          id_token_data.merge!(auth_token_data)
+          @raw_info = id_token_data
+        end
+
+        @raw_info
       end
 
     end
   end
-end
+end

data/omniauth-azure-activedirectory-v2.gemspec

@@ -1,29 +1,49 @@
-require_relative 'lib/omniauth/azure_activedirectory_v2/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = 'omniauth-azure-activedirectory-v2'
-  spec.version       = Omniauth::Azure::Activedirectory::V2::VERSION
-  spec.authors       = ['RIP Global']
-  spec.email         = ['dev@ripglobal.com']
-
-  spec.summary       = %q{OAuth 2 authentication with Azure ActiveDirectory's V2 API}
-  spec.homepage      = 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2'
-  spec.license       = 'MIT'
-  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
-
-  spec.metadata['homepage_uri']    = spec.homepage
-  spec.metadata['source_code_uri'] = 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2'
-  spec.metadata['bug_tracker_uri'] = 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/issues/'
-  spec.metadata['changelog_uri']   = 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/blob/master/CHANGELOG.md'
-
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
-    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  end
-  spec.bindir        = 'exe'
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ['lib']
-
-  spec.add_dependency 'omniauth-oauth2'
+# -*- encoding: utf-8 -*-
+# frozen_string_literal: true
+# stub: omniauth-azure-activedirectory-v2 1.0.0 ruby lib
+
+$:.push File.expand_path( '../lib', __FILE__ )
+require 'omniauth/azure_activedirectory_v2/version'
+
+# https://guides.rubygems.org/specification-reference/
+#
+Gem::Specification.new do |s|
+  s.name                  = 'omniauth-azure-activedirectory-v2'
+  s.version               = Omniauth::Azure::Activedirectory::V2::VERSION
+  s.date                  = Omniauth::Azure::Activedirectory::V2::DATE
+  s.summary               = 'OAuth 2 authentication with the Azure ActiveDirectory V2 API.'
+  s.authors               = [ 'RIP Global'        ]
+  s.email                 = [ 'dev@ripglobal.com' ]
+  s.licenses              = [ 'MIT'               ]
+  s.homepage              = 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2'
+
+  s.required_ruby_version = Gem::Requirement.new('>= 2.3.0')
+  s.require_paths         = ['lib']
+  s.bindir                = 'exe'
+  s.files                 = %w{
+    README.md
+    CHANGELOG.md
+    CODE_OF_CONDUCT.md
+    LICENSE.txt
+
+    Gemfile
+    bin/console
+    bin/setup
+
+    lib/omniauth-azure-activedirectory-v2.rb
+    lib/omniauth/azure_activedirectory_v2.rb
+    lib/omniauth/azure_activedirectory_v2/version.rb
+    lib/omniauth/strategies/azure_activedirectory_v2.rb
+
+    omniauth-azure-activedirectory-v2.gemspec
+  }
+
+  s.metadata = {
+    'homepage_uri'    => 'https://www.ripglobal.com/',
+    'bug_tracker_uri' => 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/issues/',
+    'changelog_uri'   => 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/blob/master/CHANGELOG.md',
+    'source_code_uri' => 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2'
+  }
+
+  s.add_runtime_dependency('omniauth-oauth2', '~> 1.8')
 end

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-azure-activedirectory-v2
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 2.0.0
 platform: ruby
 authors:
 - RIP Global
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-09-23 00:00:00.000000000 Z
+date: 2022-09-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.8'
 description:
 email:
 - dev@ripglobal.com
@@ -31,14 +31,11 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- ".rspec"
-- ".travis.yml"
+- CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
 - LICENSE.txt
 - README.md
-- Rakefile
 - bin/console
 - bin/setup
 - lib/omniauth-azure-activedirectory-v2.rb
@@ -50,10 +47,10 @@ homepage: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2
-  source_code_uri: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2
+  homepage_uri: https://www.ripglobal.com/
   bug_tracker_uri: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/issues/
   changelog_uri: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/blob/master/CHANGELOG.md
+  source_code_uri: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -69,8 +66,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
-summary: OAuth 2 authentication with Azure ActiveDirectory's V2 API
+summary: OAuth 2 authentication with the Azure ActiveDirectory V2 API.
 test_files: []

data/.gitignore

@@ -1,16 +0,0 @@
-Gemfile.lock
-
-/.bundle/
-/.yardoc
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/tmp/
-
-# rspec failure tracking
-.rspec_status
-
-# ide
-.idea

data/.rspec

@@ -1,3 +0,0 @@
---format documentation
---color
---require spec_helper

data/.travis.yml

@@ -1,6 +0,0 @@
----
-language: ruby
-cache: bundler
-rvm:
-  - 2.7.0
-before_install: gem install bundler -v 2.1.2

data/Rakefile

@@ -1,6 +0,0 @@
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
-
-RSpec::Core::RakeTask.new(:spec)
-
-task :default => :spec