omniauth-azure-activedirectory-v2 1.0.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 93067d480339eb28720e1297cf883ce0b0a42b8819b0d14a41bca5e6975177bd
-  data.tar.gz: b1cd8703ea172ac050e4ec98f3802ff2e139de51757991361469c41d0bf88c7b
+  metadata.gz: c7b7178785e2c99c41ee6151625a0fe7015b6d739b6acec990869170ccc9279b
+  data.tar.gz: 212532541fef751fb142fc03c6bcc52edf120300732f0b475c05ee0ac22ee7e1
 SHA512:
-  metadata.gz: fb55fde94be440fb50dd32814fd678240d3ea6bb60f680b867ba05bfc6ab68fbf1790c3f4dacb5560578dd9ce3b3dd74d02888bea706e825e4fa7ce9ffa58a7a
-  data.tar.gz: 4063dfcc43fc849ed19c020bff4eede55e9ba33084d58cd939fe482c3191599a87ead2f7123d55b6cc6c9bff0fdd669f59b92cd53116b827bcee67557968adb8
+  metadata.gz: 27831a75a2ced722e99022c230d1c2fa9beaeaafc692ccb4248ad58532321895e1b95764a9f25ee031d6c58e8a5dbae6ec4aa1b937988f65a7d43928b32611b2
+  data.tar.gz: decf7f79d5998bce54df815bf286f681101a8bcdbac134e6c9856c53c619bcd5e218fe9643724f5caaca415911c24f576da25eafe6f76422998d284fc426819a

data/CHANGELOG.md

@@ -1,5 +1,22 @@
 # Change Log
 
+## v2.0.1 (2023-01-11)
+
+Renames:
+
+* RIPGlobal -> RIPAGlobal
+* Omniauth -> OmniAuth
+
+_No functional change._
+
+## v2.0.0 (2022-09-14)
+
+Makes compatible with OmniAuth 2 and requires it.
+
+Note: https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/pull/6 for reasoning - Thanks @jessieay
+
+_Major version bump as no longer supports OmniAuth 1._
+
 ## v1.0.0 (2020-09-25)
 
 Removes use of the https://graph.microsoft.com/v1.0/me API.
@@ -13,7 +30,7 @@ Removes use of the https://graph.microsoft.com/v1.0/me API.
   - All the data provided in `info` exists in the JWT anyway, so this
     cuts down on API calls
 
-* Conforms to the Omniauth Auth Hash Schema (1.0 and later) - see:
+* Conforms to the OmniAuth Auth Hash Schema (1.0 and later) - see:
   https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema
 
   - Expose `raw_info`

data/CODE_OF_CONDUCT.md

@@ -55,7 +55,7 @@ further defined and clarified by project maintainers.
 ## Enforcement
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at jesse.whitham@gmail.com. All
+reported by contacting the project team at dev@ripaglobal.com. All
 complaints will be reviewed and investigated and will result in a response that
 is deemed necessary and appropriate to the circumstances. The project team is
 obligated to maintain confidentiality with regard to the reporter of an incident.

data/README.md

@@ -1,8 +1,8 @@
-# Omniauth::Azure::Activedirectory::V2
+# OmniAuth::Azure::Activedirectory::V2
 
 [![Gem Version](https://badge.fury.io/rb/omniauth-azure-activedirectory-v2.svg)](https://badge.fury.io/rb/omniauth-azure-activedirectory-v2)
-[![Build Status](https://travis-ci.org/RIPGlobal/omniauth-azure-activedirectory-v2.svg)](https://travis-ci.org/RIPGlobal/omniauth-azure-activedirectory-v2)
-[![License](https://img.shields.io/github/license/RIPGlobal/omniauth-azure-activedirectory-v2.svg)](LICENSE.md)
+[![Build Status](https://app.travis-ci.com/RIPAGlobal/omniauth-azure-activedirectory-v2.svg?branch=master)](https://app.travis-ci.com/github/RIPAGlobal/omniauth-azure-activedirectory-v2)
+[![License](https://img.shields.io/github/license/RIPAGlobal/omniauth-azure-activedirectory-v2.svg)](LICENSE.md)
 
 OAuth 2 authentication with [Azure ActiveDirectory's V2 API](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview). Rationale:
 
@@ -35,13 +35,126 @@ Or install it yourself as:
 
 ## Usage
 
-See https://github.com/marknadig/omniauth-azure-oauth2 for background information.
+Please start by reading https://github.com/marknadig/omniauth-azure-oauth2 for basic configuration and background information. Note that with this gem, you must use strategy name `azure_activedirectory_v2` rather than `azure_oauth2`. Additional configuration information is given below.
+
+### Configuration
+
+#### With `OmniAuth::Builder`
+
+You can do something like this for a static / fixed configuration:
+
+```ruby
+use OmniAuth::Builder do
+  provider(
+    :azure_activedirectory_v2,
+    {
+      client_id:     ENV['AZURE_CLIENT_ID'],
+      client_secret: ENV['AZURE_CLIENT_SECRET']
+    }
+  )
+end
+```
+
+...or, if using a custom provider class (called `YouTenantProvider` in this example):
+
+```ruby
+use OmniAuth::Builder do
+  provider(
+    :azure_activedirectory_v2,
+    YouTenantProvider
+  )
+end
+```
+
+#### With Devise
+
+In your `config/initializers/devise.rb` file you can do something like this for a static / fixed configuration:
+
+```ruby
+config.omniauth(
+  :azure_activedirectory_v2,
+  {
+    client_id:     ENV['AZURE_CLIENT_ID'],
+    client_secret: ENV['AZURE_CLIENT_SECRET']
+  }
+)
+```
+
+...or, if using a custom provider class (called `YouTenantProvider` in this example):
+
+```ruby
+config.omniauth(
+  :azure_activedirectory_v2,
+  YouTenantProvider
+)
+```
+
+### Configuration options
+
+All of the items listed below are optional, unless noted otherwise. They can be provided either in a static configuration Hash as shown in examples above, or via *read accessor instance methods* in a provider class (more on this later).
+
+| Option | Use |
+| ------ | --- |
+| `client_id`        | **Mandatory.** Client ID for the 'application' (integration) configured on the Azure side. Found via the Azure UI. |
+| `client_secret`    | **Mandatory.** Client secret for the 'application' (integration) configured on the Azure side. Found via the Azure UI. |
+| `base_azure_url`   | Location of Azure login page, for specialised requirements; default is `OmniAuth::Strategies::AzureActivedirectoryV2::BASE_AZURE_URL` (at the time of writing, this is `https://login.microsoftonline.com`). |
+| `tenant_id`        | _Azure_ tenant ID for multi-tenanted use. Default is `common`. Forms part of the Azure OAuth URL - `{base}/{tenant_id}/oauth2/v2.0/...` |
+| `authorize_params` | Additional parameters passed as URL query data in the initial OAuth redirection to Microsoft. See below for more. Empty Hash default. |
+| `domain_hint`      | If defined, sets (overwriting, if already present) `domain_hint` inside `authorize_params`. Default `nil` / none. |
+| `scope`            | If defined, sets (overwriting, if already present) `scope` inside `authorize_params`. Default is `OmniAuth::Strategies::AzureActivedirectoryV2::DEFAULT_SCOPE` (at the time of writing, this is `'openid profile email'`). |
+
+In addition, as a special case, if the request URL contains a query parameter `prompt`, then this will be written into `authorize_params` under that key, overwriting if present any other value there. Note that this comes from the current request URL at the time OAuth flow is commencing, _not_ via static options Hash data or via a custom provider class - but you _could_ just as easily set `scope` inside a custom `authorize_params` returned from a provider class, as shown in an example later; the request URL query mechanism is just another way of doing the same thing.
+
+#### Explaining `authorize_params`
+
+The `authorize_params` hash-like object contains key-value pairs which are transformed into URL query string data and added to existing standard OAuth query data in the URL used for the initial redirection from your web site, to the Microsoft Azure AD login page, at the start of OAuth flow. You can find these listed some way down the table just below an OAuth URL example at:
+
+* https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#code-try-1
+
+...looking for in particular items from `prompt` onwards.
+
+#### Dynamic options via a custom provider class
+
+Documentation mentioned earlier at https://github.com/marknadig/omniauth-azure-oauth2#usage gives an example of setting tenant ID dynamically via a custom provider class. We can also use that class in other ways. For example, let's rewrite it thus:
+
+```ruby
+class YouTenantProvider
+  def initialize(strategy)
+    @strategy = strategy
+  end
+
+  def client_id
+    ENV['AZURE_CLIENT_ID']
+  end
+
+  def client_secret
+    ENV['AZURE_CLIENT_SECRET']
+  end
+
+  def authorize_params
+    ap = {}
+
+    if @strategy.request && @strategy.request.params['login_hint']
+      ap['login_hint'] = @strategy.request.params['login_hint']
+    end
+
+    return ap
+  end
+end
+```
+
+In this example, we're providing custom `authorize_params`. You can just return a standard Ruby Hash here, using lower case String or Symbol keys. The `strategy` value given to the initializer is an instance of [`OmniAuth::StrategiesAzureActivedirectoryV2`](https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/blob/master/lib/omniauth/strategies/azure_activedirectory_v2.rb) which is a subclass of [`OmniAuth::Strategies::OAuth2`](https://www.rubydoc.info/gems/omniauth-oauth2/1.8.0/OmniAuth/Strategies/OAuth2), but that's not all that helpful! What's more useful is to know that **the Rails `request` object is available via `@strategy.request` and, likewise, the session store via `@strategy.session`**. This gives you a lot of flexibility for responding to an inbound request or user session, varying the parameters used for the Azure OAuth flow.
+
+In method `#authorize_params` above, the request object is used to look for a `login_hint` query string entry, set in whichever view(s) is/are presented by your application for use when your users need to be redirected to the OmniAuth controller in order to kick off OAuth with Azure. The value is copied into the `authorize_params` Hash. Earlier, it was mentioned that there was a special case of `prompt` being pulled from the request URL query data, but that this could also be done via a custom provider - here, you can see how; just check `@strategy.request.params['prompt']` and copy that into `authorize_params` if preset.
+
+> **NB:** Naming things is hard! The predecessor gem used the name `YouTenantProvider` since it was focused on custom tenant provision, but if using this in a more generic way, perhaps consider a more generic name such as, say, `CustomOmniAuthAzureProvider`.
+
 
 
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2. This project is intended to be a safe, welcoming space for collaboration so contributors must adhere to the [code of conduct](https://github.com/[USERNAME]/omniauth-azure-activedirectory-v2/blob/master/CODE_OF_CONDUCT.md).
+Bug reports and pull requests are welcome on GitHub at https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2. This project is intended to be a safe, welcoming space for collaboration so contributors must adhere to the [code of conduct](https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/blob/master/CODE_OF_CONDUCT.md).
 
 
 
@@ -53,4 +166,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
 
 ## Code of Conduct
 
-Everyone interacting in this project's codebases, issue trackers, chat rooms and mailing lists must follow the [code of conduct](https://github.com/[USERNAME]/omniauth-azure-activedirectory-v2/blob/master/CODE_OF_CONDUCT.md).
+Everyone interacting in this project's codebases, issue trackers, chat rooms and mailing lists must follow the [code of conduct](https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/blob/master/CODE_OF_CONDUCT.md).

data/lib/omniauth/azure_activedirectory_v2/version.rb

@@ -1,9 +1,9 @@
-module Omniauth
+module OmniAuth
   module Azure
     module Activedirectory
       module V2
-        VERSION = "1.0.0"
-        DATE    = "2020-09-25"
+        VERSION = "2.0.1"
+        DATE    = "2023-01-11"
       end
     end
   end

data/lib/omniauth/strategies/azure_activedirectory_v2.rb

@@ -57,7 +57,7 @@ module OmniAuth
       end
 
       def callback_url
-        full_host + script_name + callback_path
+        full_host + callback_path
       end
 
       # https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens
@@ -84,4 +84,4 @@ module OmniAuth
 
     end
   end
-end
+end

data/omniauth-azure-activedirectory-v2.gemspec

@@ -9,13 +9,13 @@ require 'omniauth/azure_activedirectory_v2/version'
 #
 Gem::Specification.new do |s|
   s.name                  = 'omniauth-azure-activedirectory-v2'
-  s.version               = Omniauth::Azure::Activedirectory::V2::VERSION
-  s.date                  = Omniauth::Azure::Activedirectory::V2::DATE
+  s.version               = OmniAuth::Azure::Activedirectory::V2::VERSION
+  s.date                  = OmniAuth::Azure::Activedirectory::V2::DATE
   s.summary               = 'OAuth 2 authentication with the Azure ActiveDirectory V2 API.'
-  s.authors               = [ 'RIP Global'        ]
-  s.email                 = [ 'dev@ripglobal.com' ]
+  s.authors               = [ 'RIPA Global'        ]
+  s.email                 = [ 'dev@ripaglobal.com' ]
   s.licenses              = [ 'MIT'               ]
-  s.homepage              = 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2'
+  s.homepage              = 'https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2'
 
   s.required_ruby_version = Gem::Requirement.new('>= 2.3.0')
   s.require_paths         = ['lib']
@@ -39,11 +39,11 @@ Gem::Specification.new do |s|
   }
 
   s.metadata = {
-    'homepage_uri'    => 'https://www.ripglobal.com/',
-    'bug_tracker_uri' => 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/issues/',
-    'changelog_uri'   => 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/blob/master/CHANGELOG.md',
-    'source_code_uri' => 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2'
+    'homepage_uri'    => 'https://www.ripaglobal.com/',
+    'bug_tracker_uri' => 'https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/issues/',
+    'changelog_uri'   => 'https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/blob/master/CHANGELOG.md',
+    'source_code_uri' => 'https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2'
   }
 
-  s.add_runtime_dependency('omniauth-oauth2', '~> 1.7')
+  s.add_runtime_dependency('omniauth-oauth2', '~> 1.8')
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-azure-activedirectory-v2
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 2.0.1
 platform: ruby
 authors:
-- RIP Global
+- RIPA Global
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-09-25 00:00:00.000000000 Z
+date: 2023-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
@@ -16,17 +16,17 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '1.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '1.8'
 description:
 email:
-- dev@ripglobal.com
+- dev@ripaglobal.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -43,14 +43,14 @@ files:
 - lib/omniauth/azure_activedirectory_v2/version.rb
 - lib/omniauth/strategies/azure_activedirectory_v2.rb
 - omniauth-azure-activedirectory-v2.gemspec
-homepage: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2
+homepage: https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://www.ripglobal.com/
-  bug_tracker_uri: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/issues/
-  changelog_uri: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/blob/master/CHANGELOG.md
-  source_code_uri: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2
+  homepage_uri: https://www.ripaglobal.com/
+  bug_tracker_uri: https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/issues/
+  changelog_uri: https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/blob/master/CHANGELOG.md
+  source_code_uri: https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -66,7 +66,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: OAuth 2 authentication with the Azure ActiveDirectory V2 API.