omniauth-microsoft-identity2 1.0.4 → 1.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 359c3d0304679dd11d385c52567dd51f89a972556405b9f107c15475001d523b
-  data.tar.gz: 256633fe52348da4e997fd34a0e15d3de7da2deeb5a7f64fb045153f24fed00a
+  metadata.gz: 2feb48d6a9088704e28a622d6ee1790693e82f64c208edc483d7bb5d5a9df8ea
+  data.tar.gz: 169bebfdb3d7a05f4f943a4368b28e06c7462879995d95e0ef68e00f3a205b93
 SHA512:
-  metadata.gz: cc2457236a9b1906aae521a4a8a862a580edf06ee32f2c2caca720e4e4073282807cb0f9966f1d1ed52f47107c8e5fb7a0f403929e237fcc360636bec954297b
-  data.tar.gz: e2ae6f453e1a8d5cf8767b3e8a85e62d6e7accfaede5ba769a23664009b5623a0a99b3dd4e8b268fc866cd28d964c388e4dc9c5b9a160c86d265d1ad2d133215
+  metadata.gz: 6bc756c9d30ec256c1779e061c17a9a4e9ef0ed95dac43e05245656744e4b03ba59fa14e4a1b16956e6afb5d5c496fb70bc12cd94f8e4bc66bf6dbf45e66a461
+  data.tar.gz: 4d6c02ba52db1dd5dbaaef4b86706b9cf0d15e77c87dd41315ee00eb1fff8e46fbb2785c860fbd6389eff3487613c7f11f5286f229073a77774565d1756e9649

data/README.md

@@ -1,4 +1,4 @@
-# OmniAuth MicrosoftIdentity2 Strategy
+# OmniAuth Microsoft Identity Strategy
 
 [![Test](https://github.com/icoretech/omniauth-microsoft-identity2/actions/workflows/test.yml/badge.svg?branch=main)](https://github.com/icoretech/omniauth-microsoft-identity2/actions/workflows/test.yml?query=branch%3Amain)
 [![Gem Version](https://badge.fury.io/rb/omniauth-microsoft-identity2.svg)](https://badge.fury.io/rb/omniauth-microsoft-identity2)
@@ -47,6 +47,7 @@ provider :windowslive, ENV.fetch('MICROSOFT_CLIENT_ID'), ENV.fetch('MICROSOFT_CL
 ## Options
 
 Supported options include:
+
 - `tenant` (default: `common`)
 - `scope` (default: `openid profile email offline_access User.Read`)
 - `prompt`
@@ -133,6 +134,7 @@ Example payload from `request.env['omniauth.auth']` (realistic shape, anonymized
 ## Endpoints
 
 This gem uses Microsoft Identity v2 endpoints and Microsoft Graph user info endpoints:
+
 - `https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize`
 - `https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token`
 - `https://graph.microsoft.com/oidc/userinfo`

data/lib/omniauth/microsoft_identity2/version.rb

@@ -2,6 +2,6 @@
 
 module OmniAuth
   module MicrosoftIdentity2
-    VERSION = '1.0.4'
+    VERSION = "1.0.5"
   end
 end

data/lib/omniauth/microsoft_identity2.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 
-require 'omniauth/microsoft_identity2/version'
-require 'omniauth/strategies/microsoft_identity2'
+require "omniauth/microsoft_identity2/version"
+require "omniauth/strategies/microsoft_identity2"

data/lib/omniauth/strategies/microsoft_identity2.rb

@@ -1,40 +1,40 @@
 # frozen_string_literal: true
 
-require 'jwt'
-require 'omniauth-oauth2'
+require "jwt"
+require "omniauth-oauth2"
 
 module OmniAuth
   module Strategies
     # OmniAuth strategy for Microsoft Identity (Entra ID) OAuth2/OpenID Connect.
     class MicrosoftIdentity2 < OmniAuth::Strategies::OAuth2
-      BASE_URL = 'https://login.microsoftonline.com'
-      DEFAULT_SCOPE = 'openid profile email offline_access User.Read'
-      USER_INFO_URL = 'https://graph.microsoft.com/oidc/userinfo'
-      GRAPH_ME_URL = 'https://graph.microsoft.com/v1.0/me'
+      BASE_URL = "https://login.microsoftonline.com"
+      DEFAULT_SCOPE = "openid profile email offline_access User.Read"
+      USER_INFO_URL = "https://graph.microsoft.com/oidc/userinfo"
+      GRAPH_ME_URL = "https://graph.microsoft.com/v1.0/me"
 
-      option :name, 'microsoft_identity2'
+      option :name, "microsoft_identity2"
       option :authorize_options, %i[scope state prompt login_hint domain_hint response_mode redirect_uri nonce]
-      option :tenant, 'common'
+      option :tenant, "common"
       option :base_url, BASE_URL
       option :scope, DEFAULT_SCOPE
       option :skip_jwt, false
       option :uid_with_tenant, true
 
       option :client_options,
-             site: BASE_URL,
-             authorize_url: 'common/oauth2/v2.0/authorize',
-             token_url: 'common/oauth2/v2.0/token',
-             connection_opts: {
-               headers: {
-                 user_agent: 'icoretech-omniauth-microsoft-identity2 gem',
-                 accept: 'application/json',
-                 content_type: 'application/x-www-form-urlencoded'
-               }
-             }
+        site: BASE_URL,
+        authorize_url: "common/oauth2/v2.0/authorize",
+        token_url: "common/oauth2/v2.0/token",
+        connection_opts: {
+          headers: {
+            user_agent: "icoretech-omniauth-microsoft-identity2 gem",
+            accept: "application/json",
+            content_type: "application/x-www-form-urlencoded"
+          }
+        }
 
       uid do
-        oid_or_sub = raw_info['oid'] || raw_info['sub'] || raw_info['id']
-        tid = raw_info['tid']
+        oid_or_sub = raw_info["oid"] || raw_info["sub"] || raw_info["id"]
+        tid = raw_info["tid"]
 
         if options[:uid_with_tenant] && present?(tid) && present?(oid_or_sub)
           "#{tid}:#{oid_or_sub}"
@@ -44,34 +44,34 @@ module OmniAuth
       end
 
       info do
-        email = raw_info['email'] || raw_info['preferred_username'] || raw_info['upn'] || raw_info['mail']
+        email = raw_info["email"] || raw_info["preferred_username"] || raw_info["upn"] || raw_info["mail"]
         {
-          name: raw_info['name'],
+          name: raw_info["name"],
           email: email,
-          first_name: raw_info['given_name'],
-          last_name: raw_info['family_name'],
-          nickname: raw_info['preferred_username'] || raw_info['upn'] || email || raw_info['sub'],
-          image: raw_info['picture']
+          first_name: raw_info["given_name"],
+          last_name: raw_info["family_name"],
+          nickname: raw_info["preferred_username"] || raw_info["upn"] || email || raw_info["sub"],
+          image: raw_info["picture"]
         }.compact
       end
 
       credentials do
         {
-          'token' => access_token.token,
-          'refresh_token' => access_token.refresh_token,
-          'expires_at' => access_token.expires_at,
-          'expires' => access_token.expires?,
-          'scope' => token_scope
+          "token" => access_token.token,
+          "refresh_token" => access_token.refresh_token,
+          "expires_at" => access_token.expires_at,
+          "expires" => access_token.expires?,
+          "scope" => token_scope
         }.compact
       end
 
       extra do
-        data = { 'raw_info' => raw_info }
+        data = {"raw_info" => raw_info}
         id_token = raw_id_token
         if present?(id_token)
-          data['id_token'] = id_token
+          data["id_token"] = id_token
           decoded = decoded_id_token
-          data['id_info'] = decoded if decoded
+          data["id_info"] = decoded if decoded
         end
         data
       end
@@ -116,7 +116,7 @@ module OmniAuth
 
       # Prevent authorization response params from being appended to redirect_uri.
       def query_string
-        return '' if request.params['code']
+        return "" if request.params["code"]
 
         super
       end
@@ -125,10 +125,10 @@ module OmniAuth
 
       def fetch_user_info
         normalize_user_info(access_token.get(USER_INFO_URL).parsed)
-      rescue StandardError
+      rescue
         begin
           normalize_user_info(access_token.get(GRAPH_ME_URL).parsed)
-        rescue StandardError
+        rescue
           {}
         end
       end
@@ -138,21 +138,21 @@ module OmniAuth
 
         return payload unless graph_profile_payload?(payload)
 
-        upn = payload['userPrincipalName']
+        upn = payload["userPrincipalName"]
         {
-          'sub' => payload['id'],
-          'oid' => payload['id'],
-          'name' => payload['displayName'],
-          'given_name' => payload['givenName'],
-          'family_name' => payload['surname'],
-          'email' => payload['mail'] || upn,
-          'preferred_username' => upn,
-          'upn' => upn
+          "sub" => payload["id"],
+          "oid" => payload["id"],
+          "name" => payload["displayName"],
+          "given_name" => payload["givenName"],
+          "family_name" => payload["surname"],
+          "email" => payload["mail"] || upn,
+          "preferred_username" => upn,
+          "upn" => upn
         }.merge(payload).compact
       end
 
       def normalize_scope(raw_scope)
-        raw_scope.to_s.split(/[\s,]+/).reject(&:empty?).uniq.join(' ')
+        raw_scope.to_s.split(/[\s,]+/).reject(&:empty?).uniq.join(" ")
       end
 
       def apply_request_authorize_overrides(params)
@@ -163,12 +163,12 @@ module OmniAuth
       end
 
       def graph_profile_payload?(payload)
-        payload.key?('displayName') || payload.key?('userPrincipalName')
+        payload.key?("displayName") || payload.key?("userPrincipalName")
       end
 
       def configure_tenant_client_urls
         tenant = options[:tenant].to_s.strip
-        tenant = 'common' if tenant.empty?
+        tenant = "common" if tenant.empty?
 
         base_url = options[:base_url].to_s.strip
         base_url = BASE_URL if base_url.empty?
@@ -178,16 +178,16 @@ module OmniAuth
       end
 
       def persist_authorize_state(params)
-        session['omniauth.state'] = params[:state] if params[:state]
+        session["omniauth.state"] = params[:state] if params[:state]
       end
 
       def token_scope
-        access_token.params['scope'] || access_token['scope']
+        access_token.params["scope"] || access_token["scope"]
       end
 
       def raw_id_token
         params = access_token.respond_to?(:params) ? access_token.params : {}
-        params['id_token'] || access_token['id_token']
+        params["id_token"] || access_token["id_token"]
       end
 
       def decoded_id_token
@@ -211,7 +211,7 @@ module OmniAuth
       end
 
       def missing_session_state?
-        present?(request.params['state']) && blank?(session['omniauth.state'])
+        present?(request.params["state"]) && blank?(session["omniauth.state"])
       end
 
       def oauth_state_nil_compare_error?(error)
@@ -221,23 +221,23 @@ module OmniAuth
       def fail_state_mismatch
         fail!(
           :csrf_detected,
-          OmniAuth::Strategies::OAuth2::CallbackError.new(:csrf_detected, 'OAuth state was missing or mismatched')
+          OmniAuth::Strategies::OAuth2::CallbackError.new(:csrf_detected, "OAuth state was missing or mismatched")
         )
       end
     end
 
     # Backward-compatible strategy name for existing callback paths.
     class MicrosoftIdentity < MicrosoftIdentity2
-      option :name, 'microsoft_identity'
+      option :name, "microsoft_identity"
     end
 
     # Compatibility alias for legacy windowslive callback paths.
     class Windowslive < MicrosoftIdentity2
-      option :name, 'windowslive'
+      option :name, "windowslive"
     end
   end
 end
 
-OmniAuth.config.add_camelization 'microsoft_identity2', 'MicrosoftIdentity2'
-OmniAuth.config.add_camelization 'microsoft_identity', 'MicrosoftIdentity'
-OmniAuth.config.add_camelization 'windowslive', 'Windowslive'
+OmniAuth.config.add_camelization "microsoft_identity2", "MicrosoftIdentity2"
+OmniAuth.config.add_camelization "microsoft_identity", "MicrosoftIdentity"
+OmniAuth.config.add_camelization "windowslive", "Windowslive"

data/lib/omniauth-microsoft-identity2.rb

@@ -1,3 +1,3 @@
 # frozen_string_literal: true
 
-require 'omniauth/microsoft_identity2'
+require "omniauth/microsoft_identity2"

data/omniauth-microsoft-identity2.gemspec

@@ -1,37 +1,37 @@
 # frozen_string_literal: true
 
-lib = File.expand_path('lib', __dir__)
+lib = File.expand_path("lib", __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'omniauth/microsoft_identity2/version'
+require "omniauth/microsoft_identity2/version"
 
 Gem::Specification.new do |spec|
-  spec.name = 'omniauth-microsoft-identity2'
+  spec.name = "omniauth-microsoft-identity2"
   spec.version = OmniAuth::MicrosoftIdentity2::VERSION
-  spec.authors = ['Claudio Poli']
-  spec.email = ['masterkain@gmail.com']
+  spec.authors = ["Claudio Poli"]
+  spec.email = ["masterkain@gmail.com"]
 
-  spec.summary = 'OmniAuth strategy for Microsoft Identity (Entra ID) OAuth2/OpenID Connect authentication.'
+  spec.summary = "OmniAuth strategy for Microsoft Identity (Entra ID) OAuth2/OpenID Connect authentication."
   spec.description =
-    'OAuth2/OpenID Connect strategy for OmniAuth that authenticates users ' \
-    'with Microsoft Identity and exposes profile metadata.'
-  spec.homepage = 'https://github.com/icoretech/omniauth-microsoft-identity2'
-  spec.license = 'MIT'
-  spec.required_ruby_version = '>= 3.2'
+    "OAuth2/OpenID Connect strategy for OmniAuth that authenticates users " \
+    "with Microsoft Identity and exposes profile metadata."
+  spec.homepage = "https://github.com/icoretech/omniauth-microsoft-identity2"
+  spec.license = "MIT"
+  spec.required_ruby_version = ">= 3.2"
 
-  spec.metadata['source_code_uri'] = 'https://github.com/icoretech/omniauth-microsoft-identity2'
-  spec.metadata['bug_tracker_uri'] = 'https://github.com/icoretech/omniauth-microsoft-identity2/issues'
-  spec.metadata['changelog_uri'] = 'https://github.com/icoretech/omniauth-microsoft-identity2/releases'
-  spec.metadata['rubygems_mfa_required'] = 'true'
+  spec.metadata["source_code_uri"] = "https://github.com/icoretech/omniauth-microsoft-identity2"
+  spec.metadata["bug_tracker_uri"] = "https://github.com/icoretech/omniauth-microsoft-identity2/issues"
+  spec.metadata["changelog_uri"] = "https://github.com/icoretech/omniauth-microsoft-identity2/releases"
+  spec.metadata["rubygems_mfa_required"] = "true"
 
   spec.files = Dir[
-    'lib/**/*.rb',
-    'README*',
-    'LICENSE*',
-    '*.gemspec'
+    "lib/**/*.rb",
+    "README*",
+    "LICENSE*",
+    "*.gemspec"
   ]
-  spec.require_paths = ['lib']
+  spec.require_paths = ["lib"]
 
-  spec.add_dependency 'cgi', '>= 0.3.6'
-  spec.add_dependency 'jwt', '>= 2.9.2'
-  spec.add_dependency 'omniauth-oauth2', '>= 1.8', '< 2.0'
+  spec.add_dependency "cgi", ">= 0.3.6"
+  spec.add_dependency "jwt", ">= 2.9.2"
+  spec.add_dependency "omniauth-oauth2", ">= 1.8", "< 2.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-microsoft-identity2
 version: !ruby/object:Gem::Version
-  version: 1.0.4
+  version: 1.0.5
 platform: ruby
 authors:
 - Claudio Poli