omniauth-azure-oauth2 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 277d288ce60567e9f3dd948e30a53ff4241b2238
+  data.tar.gz: 5b3a6edccbf4217230e55965cf7bce245a2faa62
+SHA512:
+  metadata.gz: 0285ebc4357800e6c8fb9a075a8f9f767dbe372329912832f75035a24a4ab6b1ba17f6e0995b5576d431721f289ab326c97fa41115338b3ded5b2d5ef9e082bf
+  data.tar.gz: 32b6b1e9d5a822b823d2b024fec4f28e946a214f1276b1fa25820e282a42cc49f32f56ab456f97e60cfea4f9fc8ae3aa626081f344da33b5d9767aff913f3dc8

data/.gitignore

@@ -0,0 +1,19 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+.ruby-gemset
+.ruby-version
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/CHANGELOG.md

@@ -0,0 +1,3 @@
+# VERSION 0.0.1
+
+* Initial build

data/Gemfile

@@ -0,0 +1,8 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in omniauth-azure-oauth2.gemspec
+gemspec
+
+group :example do
+  gem 'sinatra'
+end

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Deltek
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,121 @@
+# OmniAuth Windows Azure Active Directory Strategy
+
+This gem provides a simple way to authenticate to Windows Azure Active Directory (WAAD) over OAuth2 using OmniAuth.
+
+One of the unique challenges of WAAD OAuth is that WAAD is multi tenant. Any given tenant can have multiple active
+directories. The CLIENT-ID, REPLY-URL and keys will be unique to the tenant/AD/application combination. This gem simply
+provides hooks for determining those unique values for each call.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'omniauth-azure-oauth2'
+```
+
+## Usage
+
+First, you will need to add your site as an application in WAAD.:
+[Adding, Updating, and Removing an Application](http://msdn.microsoft.com/en-us/library/azure/dn132599.aspx)
+
+Summary:
+Select your Active Directory in https://manage.windowsazure.com/<tenantid> of type 'Web Application'. Name, sign-on url,
+logo are not important.  You will need the CLIENT-ID from the application configuration and you will need to generate
+an expiring key (aka 'client secret').  REPLY URL is the oauth redirect uri which will be the omniauth callback path
+https://example.com/users/auth/azure_oauth2/callback. The APP ID UI just needs to be unique to that tenant and identify
+your site and isn't needed to configure the gem.
+Permissions need Delegated Permissions to at least have "Enable sign-on and read user's profiles".
+
+Note: Seems like the terminology is still fluid, so follow the MS guidance (buwahaha) to set this up.
+
+The TenantInfo information can be a hash or class. It must provide client_id, client_secret and tenant_id.
+Optionally a domain_hint. For a simple single-tenant app, this could be:
+
+```ruby
+use OmniAuth::Builder do
+  provider :azure_oauth2,
+    {
+      client_id: ENV['AZURE_CLIENT_ID'],
+      client_secret: ENV['AZURE_CLIENT_ID'],
+      tenant_id: ENV['AZURE_TENANT_ID']
+    }
+end
+```
+
+For dynamic tenant assignment, pass a class that supports those same attributes and accepts the strategy as a parameter
+
+```ruby
+class YouTenantProvider
+  def initialize(strategy)
+    @strategy = strategy
+  end
+
+  def client_id
+    tenant.azure_client_id
+  end
+
+  def client_secret
+    tenant.azure_client_secret
+  end
+
+  def tenant_id
+    tenant.azure_tanant_id
+  end
+
+  def domain_hint
+    tenant.azure_domain_hint
+  end
+
+  private
+
+  def tenant
+    # whatever strategy you want to figure out the right tenant from params/session
+    @tenant ||= Customer.find(@strategy.session[:customer_id])
+  end
+end
+
+use OmniAuth::Builder do
+  provider :azure_oauth2, YourTenantProvider
+end
+```
+
+## Auth Hash Schema
+
+The following information is provided back to you for this provider:
+
+```ruby
+{
+  uid: '12345',
+  info: {
+    name: 'some one',
+    first_name: 'some',
+    last_name: 'one',
+    email: 'someone@example.com'
+  },
+  credentials: {
+    token: 'thetoken',
+    refresh_token: 'refresh'
+  },
+  extra: { raw_info: raw_api_response }
+}
+```
+## notes
+
+When you make a request to WAAD you must specify a resource. The gem currently assumes this is the AD identified as '00000002-0000-0000-c000-000000000000'.
+This can be passed in as part of the config. It currently isn't designed to be dynamic.
+
+```ruby
+use OmniAuth::Builder do
+  provider :azure_oauth2, TenantInfo, resource: 'myresource'
+end
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Make your changes, add tests, run tests (`rake`)
+4. Commit your changes and tests  (`git commit -am 'Added some feature'`)
+5. Push to the branch (`git push origin my-new-feature`)
+6. Create new Pull Request

data/Rakefile

@@ -0,0 +1,6 @@
+require File.join('bundler', 'gem_tasks')
+require File.join('rspec', 'core', 'rake_task')
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/examples/sinatra.rb

@@ -0,0 +1,31 @@
+$:.push File.dirname(__FILE__) + '/../lib'
+
+require 'omniauth-azure-oauth2'
+require 'sinatra'
+
+class MyAzureProvider
+  def self.client_id
+    ENV['AZURE_CLIENT_ID']
+  end
+
+  def self.client_secret
+    ENV['AZURE_CLIENT_SECRET']
+  end
+
+  def self.tenant_id
+    ENV['AZURE_TENANT_ID']
+  end
+
+end
+
+use Rack::Session::Cookie
+use OmniAuth::Strategies::Azure, MyAzureProvider
+
+get '/' do
+  "<a href='/auth/azure_oauth2'>Log in with Azure</a>"
+end
+
+get '/auth/azure_oauth2/callback' do
+  content_type 'text/plain'
+  request.env['omniauth.auth'].inspect
+end

data/lib/omniauth-azure-oauth2.rb

@@ -0,0 +1 @@
+require File.join('omniauth', 'azure_oauth2')

data/lib/omniauth/azure_oauth2.rb

@@ -0,0 +1 @@
+require File.join('omniauth', 'strategies', 'azure_oauth2')

data/lib/omniauth/azure_oauth2/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module AzureOauth2
+    VERSION = "0.0.2"
+  end
+end

data/lib/omniauth/strategies/azure_oauth2.rb

@@ -0,0 +1,59 @@
+require 'omniauth/strategies/oauth2'
+require 'jwt'
+
+module OmniAuth
+  module Strategies
+    class AzureOauth2 < OmniAuth::Strategies::OAuth2
+      BASE_AZURE_URL = 'https://login.windows.net'
+
+      option :name, 'azure_oauth2'
+
+      option :tenant_provider, nil
+
+      # AD resource identifier
+      option :resource, '00000002-0000-0000-c000-000000000000'
+
+      # tenant_provider must return client_id, client_secret, tenant_id
+      args [:tenant_provider]
+
+      def client
+        if options.tenant_provider
+          provider = options.tenant_provider.new(self)
+        else
+          provider = options  # if pass has to config, get mapped right on to ptions
+        end
+
+        options.client_id = provider.client_id
+        options.client_secret = provider.client_secret
+        options.tenant_id = provider.tenant_id
+
+        options.authorize_params.domain_hint = provider.domain_hint if provider.respond_to?(:domain_hint) && provider.domain_hint
+        options.client_options.authorize_url = "#{BASE_AZURE_URL}/#{options.tenant_id}/oauth2/authorize"
+        options.client_options.token_url = "#{BASE_AZURE_URL}/#{options.tenant_id}/oauth2/token"
+
+        options.token_params.resource = options.resource
+        super
+      end
+
+      uid {
+        raw_info['sub']
+      }
+
+      info do
+        {
+          name: raw_info['unique_name'],
+          first_name: raw_info['given_name'],
+          last_name: raw_info['family_name'],
+          email: raw_info['email'] || raw_info['upn']
+        }
+      end
+
+
+      def raw_info
+        # it's all here in JWT http://msdn.microsoft.com/en-us/library/azure/dn195587.aspx
+        @raw_info ||= JWT.decode(access_token.token, nil, false)
+      end
+
+    end
+  end
+end

data/omniauth-azure-oauth2.gemspec

@@ -0,0 +1,26 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path(File.join('..', 'lib', 'omniauth', 'azure_oauth2', 'version'), __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Mark Nadig"]
+  gem.email         = ["mark@nadigs.net"]
+  gem.description   = %q{An Windows Azure Active Directory OAuth2 strategy for OmniAuth}
+  gem.summary       = %q{An Windows Azure Active Directory OAuth2 strategy for OmniAuth}
+  gem.homepage      = "https://github.com/KonaTeam/omniauth-azure-oauth2"
+
+  gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  gem.files         = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {spec}/*`.split("\n")
+  gem.name          = "omniauth-azure-oauth2"
+  gem.require_paths = ["lib"]
+  gem.version       = OmniAuth::AzureOauth2::VERSION
+  gem.license       = "MIT"
+
+  gem.add_dependency 'omniauth', '~> 1.0'
+  gem.add_dependency 'jwt', '~> 0.1'
+
+  gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.1'
+
+  gem.add_development_dependency 'rspec', '>= 2.14.0'
+  gem.add_development_dependency 'rake'
+end

data/spec/omniauth/strategies/azure_oauth2_spec.rb

@@ -0,0 +1,112 @@
+require 'spec_helper'
+require 'omniauth-azure-oauth2'
+
+describe OmniAuth::Strategies::AzureOauth2 do
+  let(:request) { double('Request', :params => {}, :cookies => {}, :env => {}) }
+  let(:app) {
+    lambda do
+      [200, {}, ["Hello."]]
+    end
+  }
+
+  before do
+    OmniAuth.config.test_mode = true
+  end
+
+  after do
+    OmniAuth.config.test_mode = false
+  end
+
+  describe 'static configuration' do
+    let(:options) { @options || {} }
+    subject do
+      OmniAuth::Strategies::AzureOauth2.new(app, {client_id: 'id', client_secret: 'secret', tenant_id: 'tenant'}.merge(options))
+    end
+
+    describe '#client' do
+      it 'has correct authorize url' do
+        expect(subject.client.options[:authorize_url]).to eql('https://login.windows.net/tenant/oauth2/authorize')
+      end
+
+      it 'has correct authorize params' do
+        subject.client
+        expect(subject.authorize_params[:domain_hint]).to be_nil
+      end
+
+      it 'has correct token url' do
+        expect(subject.client.options[:token_url]).to eql('https://login.windows.net/tenant/oauth2/token')
+      end
+
+      it 'has correct token params' do
+        subject.client
+        expect(subject.token_params[:resource]).to eql('00000002-0000-0000-c000-000000000000')
+      end
+
+      describe "overrides" do
+        it 'should override domain_hint' do
+          @options = {domain_hint: 'hint'}
+          subject.client
+          expect(subject.authorize_params[:domain_hint]).to eql('hint')
+        end
+      end
+    end
+
+  end
+
+
+  describe 'dynamic configuration' do
+    let(:provider_klass) {
+      Class.new {
+        def initialize(strategy)
+        end
+
+        def client_id
+          'id'
+        end
+
+        def client_secret
+          'secret'
+        end
+
+        def tenant_id
+          'tenant'
+        end
+
+      }
+    }
+
+    subject do
+      OmniAuth::Strategies::AzureOauth2.new(app, provider_klass)
+    end
+
+    describe '#client' do
+      it 'has correct authorize url' do
+        expect(subject.client.options[:authorize_url]).to eql('https://login.windows.net/tenant/oauth2/authorize')
+      end
+
+      it 'has correct authorize params' do
+        subject.client
+        expect(subject.authorize_params[:domain_hint]).to be_nil
+      end
+
+      it 'has correct token url' do
+        expect(subject.client.options[:token_url]).to eql('https://login.windows.net/tenant/oauth2/token')
+      end
+
+      it 'has correct token params' do
+        subject.client
+        expect(subject.token_params[:resource]).to eql('00000002-0000-0000-c000-000000000000')
+      end
+
+      # todo: how to get this working?
+      # describe "overrides" do
+      #   it 'should override domain_hint' do
+      #     provider_klass.domain_hint = 'hint'
+      #     subject.client
+      #     expect(subject.authorize_params[:domain_hint]).to eql('hint')
+      #   end
+      # end
+    end
+
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,2 @@
+require File.join('bundler', 'setup')
+require 'rspec'

metadata

@@ -0,0 +1,128 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-azure-oauth2
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- Mark Nadig
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-05-31 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 2.14.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 2.14.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: An Windows Azure Active Directory OAuth2 strategy for OmniAuth
+email:
+- mark@nadigs.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- CHANGELOG.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- examples/sinatra.rb
+- lib/omniauth-azure-oauth2.rb
+- lib/omniauth/azure_oauth2.rb
+- lib/omniauth/azure_oauth2/version.rb
+- lib/omniauth/strategies/azure_oauth2.rb
+- omniauth-azure-oauth2.gemspec
+- spec/omniauth/strategies/azure_oauth2_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/KonaTeam/omniauth-azure-oauth2
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: An Windows Azure Active Directory OAuth2 strategy for OmniAuth
+test_files: []