Merge pull request #6010 from okriuchykhin/ok_SCI_9041

Implement fetching of endpoint URLs from OpenID config URL in Azure AD strategy [SCI-9041]

config/initializers/azure_ad.rb

@@ -3,6 +3,7 @@
 ActiveSupport::Reloader.to_prepare do
   azure_app_ids = ENV.select { |name, _| name =~ /^[[:alnum:]]*_AZURE_AD_APP_ID/ }
   settings = ApplicationSettings.instance
+  settings.values['azure_ad_apps'] ||= []
 
   azure_app_ids.each do |name, value|
     app_name = name.sub('_AZURE_AD_APP_ID', '')

config/initializers/omniauth.rb

@@ -27,6 +27,7 @@ AZURE_SETUP_PROC = lambda do |env|
   env['omniauth.strategy'].options[:tenant_id] = provider_conf['tenant_id']
   env['omniauth.strategy'].options[:sign_in_policy] = provider_conf['sign_in_policy']
   env['omniauth.strategy'].options[:name] = 'customazureactivedirectory'
+  env['omniauth.strategy'].options[:conf_url] = provider_conf['conf_url']
   conf_uri = URI.parse(provider_conf['conf_url'])
   env['omniauth.strategy'].options[:base_azure_url] = "#{conf_uri.scheme || 'https'}://#{conf_uri.host}"
 end

lib/omniauth/strategies/custom_azure_active_directory.rb

@@ -7,6 +7,22 @@ module OmniAuth
 
       option :name, 'customazureactivedirectory'
 
+      def client
+        omni_client = super
+        begin
+          app_conf =
+            Rails.cache.fetch("ad_app_conf_#{options[:client_id]}", expires_in: 1.day) do
+              JSON.parse(Net::HTTP.get(URI(options[:conf_url])))
+            end
+          omni_client.options[:authorize_url] = app_conf['authorization_endpoint']
+          omni_client.options[:token_url] = app_conf['token_endpoint']
+        rescue StandardError => e
+          Rails.logger.error('Failed to load OAuth2 configuration from the remote server! Using defaults.')
+          Rails.logger.error(e.message)
+        end
+        omni_client
+      end
+
       def raw_info
         if @raw_info.nil?
           id_token_data   = ::JWT.decode(access_token.params['id_token'], nil, false).first rescue {}