omniauth-azure-activedirectory-v2 0.1.1 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 80a76c16a7b809e84e27846806c3f8aa685ef765f7abc836006d17b602223a28
-  data.tar.gz: 1c6d60e594ee6002bfdf958c5d6db5a14f4f3dec4f76d71cd0ed65df1cbbfb10
+  metadata.gz: 93067d480339eb28720e1297cf883ce0b0a42b8819b0d14a41bca5e6975177bd
+  data.tar.gz: b1cd8703ea172ac050e4ec98f3802ff2e139de51757991361469c41d0bf88c7b
 SHA512:
-  metadata.gz: 125ae35a66c2a79a19cca02e628d0e825d4835ff2e82d74ba2f9da604eb80edd58bb8119ff4bab51a76be1240b8646155c2c89e33d0f3f34486dcbfce9cf7347
-  data.tar.gz: cdf8f67104262494e48d50ed872a30bc6963c0ebbb8ebbd4c251d9b0ea50133bd897bf3a417ab4c0eaff5e3ad63ac4b7812de07599ff6c1bf425871f7a2b4686
+  metadata.gz: fb55fde94be440fb50dd32814fd678240d3ea6bb60f680b867ba05bfc6ab68fbf1790c3f4dacb5560578dd9ce3b3dd74d02888bea706e825e4fa7ce9ffa58a7a
+  data.tar.gz: 4063dfcc43fc849ed19c020bff4eede55e9ba33084d58cd939fe482c3191599a87ead2f7123d55b6cc6c9bff0fdd669f59b92cd53116b827bcee67557968adb8

data/CHANGELOG.md

@@ -0,0 +1,26 @@
+# Change Log
+
+## v1.0.0 (2020-09-25)
+
+Removes use of the https://graph.microsoft.com/v1.0/me API.
+
+* One of the key differences for the V2 API vs V1 is the differences
+  between who can sign with the addition of Personal Accounts - see:
+  https://nicolgit.github.io/AzureAD-Endopoint-V1-vs-V2-comparison/
+
+  - In testing we found that these accounts may not have access to
+    this endpoint
+  - All the data provided in `info` exists in the JWT anyway, so this
+    cuts down on API calls
+
+* Conforms to the Omniauth Auth Hash Schema (1.0 and later) - see:
+  https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema
+
+  - Expose `raw_info`
+  - Remove `id` from `info`
+    - *NB: This could be a breaking change for some, but most will
+           already be using the correct property name of `uid`.*
+
+## v0.1.1 (2020-09-23)
+
+- First release.

data/README.md

@@ -1,11 +1,15 @@
 # Omniauth::Azure::Activedirectory::V2
 
+[![Gem Version](https://badge.fury.io/rb/omniauth-azure-activedirectory-v2.svg)](https://badge.fury.io/rb/omniauth-azure-activedirectory-v2)
+[![Build Status](https://travis-ci.org/RIPGlobal/omniauth-azure-activedirectory-v2.svg)](https://travis-ci.org/RIPGlobal/omniauth-azure-activedirectory-v2)
+[![License](https://img.shields.io/github/license/RIPGlobal/omniauth-azure-activedirectory-v2.svg)](LICENSE.md)
+
 OAuth 2 authentication with [Azure ActiveDirectory's V2 API](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview). Rationale:
 
 * https://github.com/marknadig/omniauth-azure-oauth2 is no longer maintained.
 * https://github.com/marknadig/omniauth-azure-oauth2/pull/29 contains important additions.
 
-This gem combines the two.
+This gem combines the two and makes some changes to support the full V2 API.
 
 The ActiveDirectory V1 auth API used OpenID Connect. If you need this, a gem from Microsoft [is available here](https://github.com/AzureAD/omniauth-azure-activedirectory), but seems to be abandoned.
 

data/lib/omniauth/azure_activedirectory_v2/version.rb

@@ -2,7 +2,8 @@ module Omniauth
   module Azure
     module Activedirectory
       module V2
-        VERSION = "0.1.1"
+        VERSION = "1.0.0"
+        DATE    = "2020-09-25"
       end
     end
   end

data/lib/omniauth/strategies/azure_activedirectory_v2.rb

@@ -9,7 +9,6 @@ module OmniAuth
       option :tenant_provider, nil
 
       DEFAULT_SCOPE = 'openid profile email'
-      USER_INFO_URL = 'https://graph.microsoft.com/v1.0/me'
 
       # tenant_provider must return client_id, client_secret and optionally tenant_id and base_azure_url
       args [:tenant_provider]
@@ -40,25 +39,47 @@ module OmniAuth
       end
 
       uid {
-        raw_info['id']
+        raw_info['oid']
       }
 
       info do
         {
-            name: raw_info['displayName'],
-            first_name: raw_info['givenName'],
-            last_name: raw_info['surname'],
-            email: raw_info['userPrincipalName'],
-            id: raw_info['id'],
+            name: raw_info['name'],
+            email: raw_info['email'] || raw_info['upn'],
+            nickname: raw_info['unique_name'],
+            first_name: raw_info['given_name'],
+            last_name: raw_info['family_name']
         }
       end
 
+      extra do
+        { raw_info: raw_info }
+      end
+
       def callback_url
         full_host + script_name + callback_path
       end
 
+      # https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens
+      #
+      # Some account types from Microsoft seem to only have a decodable ID token,
+      # with JWT unable to decode the access token. Information is limited in those
+      # cases. Other account types provide an expanded set of data inside the auth
+      # token, which does decode as a JWT.
+      #
+      # Merge the two, allowing the expanded auth token data to overwrite the ID
+      # token data if keys collide, and use this as raw info.
+      #
       def raw_info
-        @raw_info ||= access_token.get(USER_INFO_URL).parsed
+        if @raw_info.nil?
+          id_token_data   = ::JWT.decode(access_token.params['id_token'], nil, false).first rescue {}
+          auth_token_data = ::JWT.decode(access_token.token,              nil, false).first rescue {}
+
+          id_token_data.merge!(auth_token_data)
+          @raw_info = id_token_data
+        end
+
+        @raw_info
       end
 
     end

data/omniauth-azure-activedirectory-v2.gemspec

@@ -1,29 +1,49 @@
-require_relative 'lib/omniauth/azure_activedirectory_v2/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = 'omniauth-azure-activedirectory-v2'
-  spec.version       = Omniauth::Azure::Activedirectory::V2::VERSION
-  spec.authors       = ['RIP Global']
-  spec.email         = ['dev@ripglobal.com']
-
-  spec.summary       = %q{OAuth 2 authentication with Azure ActiveDirectory's V2 API}
-  spec.homepage      = 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2'
-  spec.license       = 'MIT'
-  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
-
-  spec.metadata['homepage_uri']    = spec.homepage
-  spec.metadata['source_code_uri'] = 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2'
-  spec.metadata['bug_tracker_uri'] = 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/issues/'
-  spec.metadata['changelog_uri']   = 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/blob/master/CHANGELOG.md'
-
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
-    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  end
-  spec.bindir        = 'exe'
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ['lib']
-
-  spec.add_dependency 'omniauth-oauth2'
+# -*- encoding: utf-8 -*-
+# frozen_string_literal: true
+# stub: omniauth-azure-activedirectory-v2 1.0.0 ruby lib
+
+$:.push File.expand_path( '../lib', __FILE__ )
+require 'omniauth/azure_activedirectory_v2/version'
+
+# https://guides.rubygems.org/specification-reference/
+#
+Gem::Specification.new do |s|
+  s.name                  = 'omniauth-azure-activedirectory-v2'
+  s.version               = Omniauth::Azure::Activedirectory::V2::VERSION
+  s.date                  = Omniauth::Azure::Activedirectory::V2::DATE
+  s.summary               = 'OAuth 2 authentication with the Azure ActiveDirectory V2 API.'
+  s.authors               = [ 'RIP Global'        ]
+  s.email                 = [ 'dev@ripglobal.com' ]
+  s.licenses              = [ 'MIT'               ]
+  s.homepage              = 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2'
+
+  s.required_ruby_version = Gem::Requirement.new('>= 2.3.0')
+  s.require_paths         = ['lib']
+  s.bindir                = 'exe'
+  s.files                 = %w{
+    README.md
+    CHANGELOG.md
+    CODE_OF_CONDUCT.md
+    LICENSE.txt
+
+    Gemfile
+    bin/console
+    bin/setup
+
+    lib/omniauth-azure-activedirectory-v2.rb
+    lib/omniauth/azure_activedirectory_v2.rb
+    lib/omniauth/azure_activedirectory_v2/version.rb
+    lib/omniauth/strategies/azure_activedirectory_v2.rb
+
+    omniauth-azure-activedirectory-v2.gemspec
+  }
+
+  s.metadata = {
+    'homepage_uri'    => 'https://www.ripglobal.com/',
+    'bug_tracker_uri' => 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/issues/',
+    'changelog_uri'   => 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/blob/master/CHANGELOG.md',
+    'source_code_uri' => 'https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2'
+  }
+
+  s.add_runtime_dependency('omniauth-oauth2', '~> 1.7')
 end

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-azure-activedirectory-v2
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 1.0.0
 platform: ruby
 authors:
 - RIP Global
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-09-23 00:00:00.000000000 Z
+date: 2020-09-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.7'
 description:
 email:
 - dev@ripglobal.com
@@ -31,14 +31,11 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- ".rspec"
-- ".travis.yml"
+- CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
 - LICENSE.txt
 - README.md
-- Rakefile
 - bin/console
 - bin/setup
 - lib/omniauth-azure-activedirectory-v2.rb
@@ -50,10 +47,10 @@ homepage: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2
-  source_code_uri: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2
+  homepage_uri: https://www.ripglobal.com/
   bug_tracker_uri: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/issues/
   changelog_uri: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2/blob/master/CHANGELOG.md
+  source_code_uri: https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -72,5 +69,5 @@ requirements: []
 rubygems_version: 3.1.2
 signing_key:
 specification_version: 4
-summary: OAuth 2 authentication with Azure ActiveDirectory's V2 API
+summary: OAuth 2 authentication with the Azure ActiveDirectory V2 API.
 test_files: []

data/.gitignore

@@ -1,16 +0,0 @@
-Gemfile.lock
-
-/.bundle/
-/.yardoc
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/tmp/
-
-# rspec failure tracking
-.rspec_status
-
-# ide
-.idea

data/.rspec

@@ -1,3 +0,0 @@
---format documentation
---color
---require spec_helper

data/.travis.yml

@@ -1,6 +0,0 @@
----
-language: ruby
-cache: bundler
-rvm:
-  - 2.7.0
-before_install: gem install bundler -v 2.1.2

data/Rakefile

@@ -1,6 +0,0 @@
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
-
-RSpec::Core::RakeTask.new(:spec)
-
-task :default => :spec