omniauth-azure-activedirectory-v2 0.1.1 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +26 -0
- data/README.md +5 -1
- data/lib/omniauth/azure_activedirectory_v2/version.rb +2 -1
- data/lib/omniauth/strategies/azure_activedirectory_v2.rb +29 -8
- data/omniauth-azure-activedirectory-v2.gemspec +48 -28
- metadata +10 -13
- data/.gitignore +0 -16
- data/.rspec +0 -3
- data/.travis.yml +0 -6
- data/Rakefile +0 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 93067d480339eb28720e1297cf883ce0b0a42b8819b0d14a41bca5e6975177bd
|
4
|
+
data.tar.gz: b1cd8703ea172ac050e4ec98f3802ff2e139de51757991361469c41d0bf88c7b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fb55fde94be440fb50dd32814fd678240d3ea6bb60f680b867ba05bfc6ab68fbf1790c3f4dacb5560578dd9ce3b3dd74d02888bea706e825e4fa7ce9ffa58a7a
|
7
|
+
data.tar.gz: 4063dfcc43fc849ed19c020bff4eede55e9ba33084d58cd939fe482c3191599a87ead2f7123d55b6cc6c9bff0fdd669f59b92cd53116b827bcee67557968adb8
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,26 @@
|
|
1
|
+
# Change Log
|
2
|
+
|
3
|
+
## v1.0.0 (2020-09-25)
|
4
|
+
|
5
|
+
Removes use of the https://graph.microsoft.com/v1.0/me API.
|
6
|
+
|
7
|
+
* One of the key differences for the V2 API vs V1 is the differences
|
8
|
+
between who can sign with the addition of Personal Accounts - see:
|
9
|
+
https://nicolgit.github.io/AzureAD-Endopoint-V1-vs-V2-comparison/
|
10
|
+
|
11
|
+
- In testing we found that these accounts may not have access to
|
12
|
+
this endpoint
|
13
|
+
- All the data provided in `info` exists in the JWT anyway, so this
|
14
|
+
cuts down on API calls
|
15
|
+
|
16
|
+
* Conforms to the Omniauth Auth Hash Schema (1.0 and later) - see:
|
17
|
+
https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema
|
18
|
+
|
19
|
+
- Expose `raw_info`
|
20
|
+
- Remove `id` from `info`
|
21
|
+
- *NB: This could be a breaking change for some, but most will
|
22
|
+
already be using the correct property name of `uid`.*
|
23
|
+
|
24
|
+
## v0.1.1 (2020-09-23)
|
25
|
+
|
26
|
+
- First release.
|
data/README.md
CHANGED
@@ -1,11 +1,15 @@
|
|
1
1
|
# Omniauth::Azure::Activedirectory::V2
|
2
2
|
|
3
|
+
[![Gem Version](https://badge.fury.io/rb/omniauth-azure-activedirectory-v2.svg)](https://badge.fury.io/rb/omniauth-azure-activedirectory-v2)
|
4
|
+
[![Build Status](https://travis-ci.org/RIPGlobal/omniauth-azure-activedirectory-v2.svg)](https://travis-ci.org/RIPGlobal/omniauth-azure-activedirectory-v2)
|
5
|
+
[![License](https://img.shields.io/github/license/RIPGlobal/omniauth-azure-activedirectory-v2.svg)](LICENSE.md)
|
6
|
+
|
3
7
|
OAuth 2 authentication with [Azure ActiveDirectory's V2 API](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview). Rationale:
|
4
8
|
|
5
9
|
* https://github.com/marknadig/omniauth-azure-oauth2 is no longer maintained.
|
6
10
|
* https://github.com/marknadig/omniauth-azure-oauth2/pull/29 contains important additions.
|
7
11
|
|
8
|
-
This gem combines the two.
|
12
|
+
This gem combines the two and makes some changes to support the full V2 API.
|
9
13
|
|
10
14
|
The ActiveDirectory V1 auth API used OpenID Connect. If you need this, a gem from Microsoft [is available here](https://github.com/AzureAD/omniauth-azure-activedirectory), but seems to be abandoned.
|
11
15
|
|
@@ -9,7 +9,6 @@ module OmniAuth
|
|
9
9
|
option :tenant_provider, nil
|
10
10
|
|
11
11
|
DEFAULT_SCOPE = 'openid profile email'
|
12
|
-
USER_INFO_URL = 'https://graph.microsoft.com/v1.0/me'
|
13
12
|
|
14
13
|
# tenant_provider must return client_id, client_secret and optionally tenant_id and base_azure_url
|
15
14
|
args [:tenant_provider]
|
@@ -40,25 +39,47 @@ module OmniAuth
|
|
40
39
|
end
|
41
40
|
|
42
41
|
uid {
|
43
|
-
raw_info['
|
42
|
+
raw_info['oid']
|
44
43
|
}
|
45
44
|
|
46
45
|
info do
|
47
46
|
{
|
48
|
-
name: raw_info['
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
47
|
+
name: raw_info['name'],
|
48
|
+
email: raw_info['email'] || raw_info['upn'],
|
49
|
+
nickname: raw_info['unique_name'],
|
50
|
+
first_name: raw_info['given_name'],
|
51
|
+
last_name: raw_info['family_name']
|
53
52
|
}
|
54
53
|
end
|
55
54
|
|
55
|
+
extra do
|
56
|
+
{ raw_info: raw_info }
|
57
|
+
end
|
58
|
+
|
56
59
|
def callback_url
|
57
60
|
full_host + script_name + callback_path
|
58
61
|
end
|
59
62
|
|
63
|
+
# https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens
|
64
|
+
#
|
65
|
+
# Some account types from Microsoft seem to only have a decodable ID token,
|
66
|
+
# with JWT unable to decode the access token. Information is limited in those
|
67
|
+
# cases. Other account types provide an expanded set of data inside the auth
|
68
|
+
# token, which does decode as a JWT.
|
69
|
+
#
|
70
|
+
# Merge the two, allowing the expanded auth token data to overwrite the ID
|
71
|
+
# token data if keys collide, and use this as raw info.
|
72
|
+
#
|
60
73
|
def raw_info
|
61
|
-
@raw_info
|
74
|
+
if @raw_info.nil?
|
75
|
+
id_token_data = ::JWT.decode(access_token.params['id_token'], nil, false).first rescue {}
|
76
|
+
auth_token_data = ::JWT.decode(access_token.token, nil, false).first rescue {}
|
77
|
+
|
78
|
+
id_token_data.merge!(auth_token_data)
|
79
|
+
@raw_info = id_token_data
|
80
|
+
end
|
81
|
+
|
82
|
+
@raw_info
|
62
83
|
end
|
63
84
|
|
64
85
|
end
|
@@ -1,29 +1,49 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
# frozen_string_literal: true
|
3
|
+
# stub: omniauth-azure-activedirectory-v2 1.0.0 ruby lib
|
4
|
+
|
5
|
+
$:.push File.expand_path( '../lib', __FILE__ )
|
6
|
+
require 'omniauth/azure_activedirectory_v2/version'
|
7
|
+
|
8
|
+
# https://guides.rubygems.org/specification-reference/
|
9
|
+
#
|
10
|
+
Gem::Specification.new do |s|
|
11
|
+
s.name = 'omniauth-azure-activedirectory-v2'
|
12
|
+
s.version = Omniauth::Azure::Activedirectory::V2::VERSION
|
13
|
+
s.date = Omniauth::Azure::Activedirectory::V2::DATE
|
14
|
+
s.summary = 'OAuth 2 authentication with the Azure ActiveDirectory V2 API.'
|
15
|
+
s.authors = [ 'RIP Global' ]
|
16
|
+
s.email = [ 'dev@ripglobal.com' ]
|
17
|
+
s.licenses = [ 'MIT' ]
|
18
|
+
s.homepage = 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2'
|
19
|
+
|
20
|
+
s.required_ruby_version = Gem::Requirement.new('>= 2.3.0')
|
21
|
+
s.require_paths = ['lib']
|
22
|
+
s.bindir = 'exe'
|
23
|
+
s.files = %w{
|
24
|
+
README.md
|
25
|
+
CHANGELOG.md
|
26
|
+
CODE_OF_CONDUCT.md
|
27
|
+
LICENSE.txt
|
28
|
+
|
29
|
+
Gemfile
|
30
|
+
bin/console
|
31
|
+
bin/setup
|
32
|
+
|
33
|
+
lib/omniauth-azure-activedirectory-v2.rb
|
34
|
+
lib/omniauth/azure_activedirectory_v2.rb
|
35
|
+
lib/omniauth/azure_activedirectory_v2/version.rb
|
36
|
+
lib/omniauth/strategies/azure_activedirectory_v2.rb
|
37
|
+
|
38
|
+
omniauth-azure-activedirectory-v2.gemspec
|
39
|
+
}
|
40
|
+
|
41
|
+
s.metadata = {
|
42
|
+
'homepage_uri' => 'https://www.ripglobal.com/',
|
43
|
+
'bug_tracker_uri' => 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/issues/',
|
44
|
+
'changelog_uri' => 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/blob/master/CHANGELOG.md',
|
45
|
+
'source_code_uri' => 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2'
|
46
|
+
}
|
47
|
+
|
48
|
+
s.add_runtime_dependency('omniauth-oauth2', '~> 1.7')
|
29
49
|
end
|
metadata
CHANGED
@@ -1,29 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-azure-activedirectory-v2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- RIP Global
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-09-
|
11
|
+
date: 2020-09-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: omniauth-oauth2
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '
|
19
|
+
version: '1.7'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '
|
26
|
+
version: '1.7'
|
27
27
|
description:
|
28
28
|
email:
|
29
29
|
- dev@ripglobal.com
|
@@ -31,14 +31,11 @@ executables: []
|
|
31
31
|
extensions: []
|
32
32
|
extra_rdoc_files: []
|
33
33
|
files:
|
34
|
-
-
|
35
|
-
- ".rspec"
|
36
|
-
- ".travis.yml"
|
34
|
+
- CHANGELOG.md
|
37
35
|
- CODE_OF_CONDUCT.md
|
38
36
|
- Gemfile
|
39
37
|
- LICENSE.txt
|
40
38
|
- README.md
|
41
|
-
- Rakefile
|
42
39
|
- bin/console
|
43
40
|
- bin/setup
|
44
41
|
- lib/omniauth-azure-activedirectory-v2.rb
|
@@ -50,10 +47,10 @@ homepage: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2
|
|
50
47
|
licenses:
|
51
48
|
- MIT
|
52
49
|
metadata:
|
53
|
-
homepage_uri: https://
|
54
|
-
source_code_uri: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2
|
50
|
+
homepage_uri: https://www.ripglobal.com/
|
55
51
|
bug_tracker_uri: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/issues/
|
56
52
|
changelog_uri: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/blob/master/CHANGELOG.md
|
53
|
+
source_code_uri: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2
|
57
54
|
post_install_message:
|
58
55
|
rdoc_options: []
|
59
56
|
require_paths:
|
@@ -72,5 +69,5 @@ requirements: []
|
|
72
69
|
rubygems_version: 3.1.2
|
73
70
|
signing_key:
|
74
71
|
specification_version: 4
|
75
|
-
summary: OAuth 2 authentication with Azure ActiveDirectory
|
72
|
+
summary: OAuth 2 authentication with the Azure ActiveDirectory V2 API.
|
76
73
|
test_files: []
|
data/.gitignore
DELETED
data/.rspec
DELETED
data/.travis.yml
DELETED