scinote-web/lib/omniauth/strategies/custom_azure_active_directory.rb

# frozen_string_literal: true

module OmniAuth
  module Strategies
    class CustomAzureActiveDirectory < AzureActiveDirectory
      include OmniAuth::Strategy

      option :openid_config_url
      option :sign_in_policy

      # Azure doesn't allow query params in callback URL
      def callback_url
        full_host + script_name + callback_path
      end

      def openid_config_url
        options[:openid_config_url]
      end

      def authorize_endpoint_url
        uri = URI(openid_config['authorization_endpoint'])
        params = {
          client_id: client_id,
          redirect_uri: callback_url,
          response_mode: response_mode,
          response_type: response_type,
          nonce: new_nonce,
          scope: 'openid profile email'
        }
        params[:p] = options[:sign_in_policy] if options[:sign_in_policy].present?

        uri.query = URI.encode_www_form(params)
        uri.to_s
      end

      def validate_and_parse_id_token(id_token)
        jwt_claims, jwt_header = Api::AzureJwt.decode(id_token)
        return jwt_claims, jwt_header if jwt_claims['nonce'] == read_nonce

        raise JWT::DecodeError, 'Returned nonce did not match.'
      end
    end
  end
end

OmniAuth.config.add_camelization 'custom_azure_activedirectory', 'CustomAzureActiveDirectory'
Implement SSO with Azure AD [SCI-4142] 2019-12-11 00:24:53 +08:00			`# frozen_string_literal: true`

			`module OmniAuth`
			`module Strategies`
			`class CustomAzureActiveDirectory < AzureActiveDirectory`
			`include OmniAuth::Strategy`

			`option :openid_config_url`
			`option :sign_in_policy`

			`# Azure doesn't allow query params in callback URL`
			`def callback_url`
			`full_host + script_name + callback_path`
			`end`

			`def openid_config_url`
			`options[:openid_config_url]`
			`end`

			`def authorize_endpoint_url`
			`uri = URI(openid_config['authorization_endpoint'])`
			`params = {`
			`client_id: client_id,`
			`redirect_uri: callback_url,`
			`response_mode: response_mode,`
			`response_type: response_type,`
			`nonce: new_nonce,`
Add missing scopes for Azure AD OpenID Connect [SCI-4544] 2020-04-22 23:26:06 +08:00			`scope: 'openid profile email'`
Implement SSO with Azure AD [SCI-4142] 2019-12-11 00:24:53 +08:00			`}`
			`params[:p] = options[:sign_in_policy] if options[:sign_in_policy].present?`

			`uri.query = URI.encode_www_form(params)`
			`uri.to_s`
			`end`

			`def validate_and_parse_id_token(id_token)`
			`jwt_claims, jwt_header = Api::AzureJwt.decode(id_token)`
			`return jwt_claims, jwt_header if jwt_claims['nonce'] == read_nonce`

			`raise JWT::DecodeError, 'Returned nonce did not match.'`
			`end`
			`end`
			`end`
			`end`

			`OmniAuth.config.add_camelization 'custom_azure_activedirectory', 'CustomAzureActiveDirectory'`