omniauth-entra-id 3.1.0 → 3.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ddd915751370dcbd9611821ce2e0c853737f92b9a4a3c0751199787dd41af788
-  data.tar.gz: 72b7bde2f8365d41b6c2f8429410df3cd9a2ceb4b7c820cb53ab4626c45b59c1
+  metadata.gz: f88d4d932a03e4edf7a69461140c83eab2a408c1c61798acc5e26bedfdf0519f
+  data.tar.gz: 78928ac033c9a312d47491c7414f0fee3962144d97bbae3150a519ff7226c6bb
 SHA512:
-  metadata.gz: c78e6a6790f3ecdfc8e81381a7873fa7f389d1289ae56666e278ccc965f2fab090ae41de88c7eabcac4d3542f9678e2aee74c70e42dfd7b445fc6d646c459ece
-  data.tar.gz: 32a9a37f322f690b09653db3161c0400c435400b3f8a3670f0e673ca3a83451d42d629f69efd339ee7132bd540aba6cb80b93babf435868a59f1eda8a8aa80f5
+  metadata.gz: f1333c75cc62116751fbb81277b8139597cc8cb776f17cfd6acae367b4d2d9f94ad8e00cafdac68ec26bd1ac8a2157333246da52b07e3145c3ca44d74d4a3865
+  data.tar.gz: f9b3ab664ca1275af9d6b8bfbe3714c47080d3c506a2188833bfa9adbc5ee32c77fed8e2f758ee22071c7d503e45c601913cbb9c19ef6e15f2ddf3b828369bbb

data/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Change Log
 
+## v3.1.1 (2025-09-12)
+
+* Validates the JWT `iss` (issuer) claim for `consumers` tenants properly, using the global GUID for that use case, resolving #51 (reported by @2called-chaos)
+
 ## v3.1.0 (2025-06-17)
 
 * Provides a way to ignore TID when constructing a user UID, easing migration from v2.x, via the new `ignore_tid` option, resolving #42 (reported by @s-andringa)

data/lib/omniauth/entra_id/version.rb

@@ -1,8 +1,8 @@
 module OmniAuth
   module Entra
     module Id
-      VERSION = "3.1.0"
-      DATE    = "2025-06-17"
+      VERSION = "3.1.1"
+      DATE    = "2025-09-12"
     end
   end
 end

data/lib/omniauth/strategies/entra_id.rb

@@ -12,9 +12,12 @@ module OmniAuth
       option :ignore_tid,      false
       option :jwt_leeway,      60
 
-      DEFAULT_SCOPE    = 'openid profile email'
-      COMMON_TENANT_ID = 'common'
-      AD_FS_TENANT_ID  = 'adfs'
+      DEFAULT_SCOPE           = 'openid profile email'
+      COMMON_TENANT_ID        = 'common'
+      AD_FS_TENANT_ID         = 'adfs'
+      ORGANIZATIONS_TENANT_ID = 'organizations'
+      CONSUMERS_TENANT_ID     = 'consumers'
+      CONSUMERS_TENANT_GUID   = '9188040d-6c67-4c5b-b112-36a304b66dad'
 
       # The tenant_provider argument is how the provider class is eventually
       # passed to us, if one is used instead of an options Hash.
@@ -160,6 +163,8 @@ module OmniAuth
           # for AD FS local instances, as we don't put a valid tenant ID in its
           # place, but "adfs" (see AD_FS_TENANT_ID) instead.
           #
+          # TODO: Unclear about approach to use for ORGANIZATIONS_TENANT_ID.
+          #
           do_not_verify = (
             options.tenant_id.nil? ||
             options.tenant_id == COMMON_TENANT_ID ||
@@ -168,6 +173,8 @@ module OmniAuth
 
           issuer = if do_not_verify
             nil
+          elsif options.tenant_id == CONSUMERS_TENANT_ID
+            "#{options.base_url || BASE_URL}/#{CONSUMERS_TENANT_GUID}/v2.0"
           else
             "#{options.base_url || BASE_URL}/#{options.tenant_id}/v2.0"
           end

data/omniauth-entra-id.gemspec

@@ -14,7 +14,7 @@ Gem::Specification.new do |s|
   s.authors               = [ 'RIPA Global'        ]
   s.email                 = [ 'dev@ripaglobal.com' ]
   s.licenses              = [ 'MIT'               ]
-  s.homepage              = 'https://github.com/pond/scimitar/'
+  s.homepage              = 'https://github.com/pond/omniauth-entra-id'
 
   s.required_ruby_version = Gem::Requirement.new('>= 3.0.0')
   s.require_paths         = ['lib']
@@ -48,7 +48,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'jwt',             '>= 2.9.2'
   s.add_runtime_dependency 'omniauth-oauth2', '~> 1.8'
 
-  s.add_development_dependency 'debug', '~>  1.10'
+  s.add_development_dependency 'debug', '~>  1.11'
   s.add_development_dependency 'rake',  '~> 13.3'
   s.add_development_dependency 'rspec', '~>  3.13'
 end

metadata

@@ -1,13 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-entra-id
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 3.1.1
 platform: ruby
 authors:
 - RIPA Global
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-06-17 00:00:00.000000000 Z
+date: 2025-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -43,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: '1.11'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: '1.11'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -79,6 +80,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.13'
+description:
 email:
 - dev@ripaglobal.com
 executables: []
@@ -98,14 +100,15 @@ files:
 - lib/omniauth/entra_id/version.rb
 - lib/omniauth/strategies/entra_id.rb
 - omniauth-entra-id.gemspec
-homepage: https://github.com/pond/scimitar/
+homepage: https://github.com/pond/omniauth-entra-id
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/pond/scimitar/
+  homepage_uri: https://github.com/pond/omniauth-entra-id
   bug_tracker_uri: https://github.com/pond/omniauth-entra-id/issues/
   changelog_uri: https://github.com/pond/omniauth-entra-id/blob/master/CHANGELOG.md
   source_code_uri: https://github.com/pond/omniauth-entra-id
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -120,7 +123,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.5.16
+signing_key:
 specification_version: 4
 summary: OAuth 2 authentication with the Entra ID API.
 test_files: []