omniauth-azure-oauth2 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +23 -3
- data/lib/omniauth/azure_oauth2/version.rb +1 -1
- data/lib/omniauth/strategies/azure_oauth2.rb +6 -4
- data/omniauth-azure-oauth2.gemspec +1 -1
- data/spec/omniauth/strategies/azure_oauth2_spec.rb +47 -0
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d9c73b1998879a637805a6e9bb99e474877b44f1
|
|
4
|
+
data.tar.gz: e6f364fd018413ca5ed2fb58cb26f63e946ccd9c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1ae29a25456cbae45d709dbd5d3fd125afcb6ff19d6169e0ea8a8d27a931e7221d4f40b271edd230fbdfb6988222c84dac9980553f805f9ef34c3e4ba9f23159
|
|
7
|
+
data.tar.gz: f9b8ddaa179edf69138b303afc33582b7809563f52c11e6c6c7814cb6e6ab515659541c6dbc85c51fa7a589812c3a56b7bd0175a92d3abf3303c75c05f2e08b3
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -29,20 +29,40 @@ Permissions need Delegated Permissions to at least have "Enable sign-on and read
|
|
|
29
29
|
|
|
30
30
|
Note: Seems like the terminology is still fluid, so follow the MS guidance (buwahaha) to set this up.
|
|
31
31
|
|
|
32
|
-
The TenantInfo information can be a hash or class. It must provide client_id
|
|
33
|
-
Optionally a domain_hint. For a simple single-tenant app, this could be:
|
|
32
|
+
The TenantInfo information can be a hash or class. It must provide client_id and client_secret.
|
|
33
|
+
Optionally a domain_hint and tenant_id. For a simple single-tenant app, this could be:
|
|
34
34
|
|
|
35
35
|
```ruby
|
|
36
36
|
use OmniAuth::Builder do
|
|
37
37
|
provider :azure_oauth2,
|
|
38
38
|
{
|
|
39
39
|
client_id: ENV['AZURE_CLIENT_ID'],
|
|
40
|
-
client_secret: ENV['
|
|
40
|
+
client_secret: ENV['AZURE_CLIENT_SECRET'],
|
|
41
41
|
tenant_id: ENV['AZURE_TENANT_ID']
|
|
42
42
|
}
|
|
43
43
|
end
|
|
44
44
|
```
|
|
45
45
|
|
|
46
|
+
Or the alternative format for use with [devise](https://github.com/plataformatec/devise):
|
|
47
|
+
|
|
48
|
+
```ruby
|
|
49
|
+
config.omniauth :azure_oauth2, client_id: ENV['AZURE_CLIENT_ID'],
|
|
50
|
+
client_secret: ENV['AZURE_CLIENT_SECRET'], tenant_id: ENV['AZURE_TENANT_ID']
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
For multi-tenant apps where you don't know the tenant_id in advance, simply leave out the tenant_id to use the
|
|
54
|
+
[common endpoint](http://msdn.microsoft.com/en-us/library/azure/dn645542.aspx).
|
|
55
|
+
|
|
56
|
+
```ruby
|
|
57
|
+
use OmniAuth::Builder do
|
|
58
|
+
provider :azure_oauth2,
|
|
59
|
+
{
|
|
60
|
+
client_id: ENV['AZURE_CLIENT_ID'],
|
|
61
|
+
client_secret: ENV['AZURE_CLIENT_SECRET']
|
|
62
|
+
}
|
|
63
|
+
end
|
|
64
|
+
```
|
|
65
|
+
|
|
46
66
|
For dynamic tenant assignment, pass a class that supports those same attributes and accepts the strategy as a parameter
|
|
47
67
|
|
|
48
68
|
```ruby
|
|
@@ -13,7 +13,7 @@ module OmniAuth
|
|
|
13
13
|
# AD resource identifier
|
|
14
14
|
option :resource, '00000002-0000-0000-c000-000000000000'
|
|
15
15
|
|
|
16
|
-
# tenant_provider must return client_id, client_secret
|
|
16
|
+
# tenant_provider must return client_id, client_secret and optionally tenant_id
|
|
17
17
|
args [:tenant_provider]
|
|
18
18
|
|
|
19
19
|
def client
|
|
@@ -25,7 +25,8 @@ module OmniAuth
|
|
|
25
25
|
|
|
26
26
|
options.client_id = provider.client_id
|
|
27
27
|
options.client_secret = provider.client_secret
|
|
28
|
-
options.tenant_id =
|
|
28
|
+
options.tenant_id =
|
|
29
|
+
provider.respond_to?(:tenant_id) ? provider.tenant_id : 'common'
|
|
29
30
|
|
|
30
31
|
options.authorize_params.domain_hint = provider.domain_hint if provider.respond_to?(:domain_hint) && provider.domain_hint
|
|
31
32
|
options.client_options.authorize_url = "#{BASE_AZURE_URL}/#{options.tenant_id}/oauth2/authorize"
|
|
@@ -44,14 +45,15 @@ module OmniAuth
|
|
|
44
45
|
name: raw_info['unique_name'],
|
|
45
46
|
first_name: raw_info['given_name'],
|
|
46
47
|
last_name: raw_info['family_name'],
|
|
47
|
-
email: raw_info['email'] || raw_info['upn']
|
|
48
|
+
email: raw_info['email'] || raw_info['upn'],
|
|
49
|
+
oid: raw_info['oid']
|
|
48
50
|
}
|
|
49
51
|
end
|
|
50
52
|
|
|
51
53
|
|
|
52
54
|
def raw_info
|
|
53
55
|
# it's all here in JWT http://msdn.microsoft.com/en-us/library/azure/dn195587.aspx
|
|
54
|
-
@raw_info ||= JWT.decode(access_token.token, nil, false)
|
|
56
|
+
@raw_info ||= JWT.decode(access_token.token, nil, false).first
|
|
55
57
|
end
|
|
56
58
|
|
|
57
59
|
end
|
|
@@ -53,6 +53,22 @@ describe OmniAuth::Strategies::AzureOauth2 do
|
|
|
53
53
|
|
|
54
54
|
end
|
|
55
55
|
|
|
56
|
+
describe 'static common configuration' do
|
|
57
|
+
let(:options) { @options || {} }
|
|
58
|
+
subject do
|
|
59
|
+
OmniAuth::Strategies::AzureOauth2.new(app, {client_id: 'id', client_secret: 'secret'}.merge(options))
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
describe '#client' do
|
|
63
|
+
it 'has correct authorize url' do
|
|
64
|
+
expect(subject.client.options[:authorize_url]).to eql('https://login.windows.net/common/oauth2/authorize')
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
it 'has correct token url' do
|
|
68
|
+
expect(subject.client.options[:token_url]).to eql('https://login.windows.net/common/oauth2/token')
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
end
|
|
56
72
|
|
|
57
73
|
describe 'dynamic configuration' do
|
|
58
74
|
let(:provider_klass) {
|
|
@@ -109,4 +125,35 @@ describe OmniAuth::Strategies::AzureOauth2 do
|
|
|
109
125
|
end
|
|
110
126
|
|
|
111
127
|
end
|
|
128
|
+
|
|
129
|
+
describe 'dynamic common configuration' do
|
|
130
|
+
let(:provider_klass) {
|
|
131
|
+
Class.new {
|
|
132
|
+
def initialize(strategy)
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
def client_id
|
|
136
|
+
'id'
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
def client_secret
|
|
140
|
+
'secret'
|
|
141
|
+
end
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
|
|
145
|
+
subject do
|
|
146
|
+
OmniAuth::Strategies::AzureOauth2.new(app, provider_klass)
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
describe '#client' do
|
|
150
|
+
it 'has correct authorize url' do
|
|
151
|
+
expect(subject.client.options[:authorize_url]).to eql('https://login.windows.net/common/oauth2/authorize')
|
|
152
|
+
end
|
|
153
|
+
|
|
154
|
+
it 'has correct token url' do
|
|
155
|
+
expect(subject.client.options[:token_url]).to eql('https://login.windows.net/common/oauth2/token')
|
|
156
|
+
end
|
|
157
|
+
end
|
|
158
|
+
end
|
|
112
159
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-azure-oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mark Nadig
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-05
|
|
11
|
+
date: 2014-11-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: omniauth
|
|
@@ -30,14 +30,14 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - ~>
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version:
|
|
33
|
+
version: 1.0.0
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - ~>
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version:
|
|
40
|
+
version: 1.0.0
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: omniauth-oauth2
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|