From 9e2291dc30be08aa8e4e62bd1b0770e47bb7da2e Mon Sep 17 00:00:00 2001
From: Oleksii Kriuchykhin <oleksii@scinote.net>
Date: Thu, 17 Aug 2023 16:51:46 +0200
Subject: [PATCH] Implement fetching of endpoint URLs from OpenID config URL in
 Azure AD strategy [SCI-9041]

---
 config/initializers/azure_ad.rb                  |  1 +
 config/initializers/omniauth.rb                  |  1 +
 .../strategies/custom_azure_active_directory.rb  | 16 ++++++++++++++++
 3 files changed, 18 insertions(+)

diff --git a/config/initializers/azure_ad.rb b/config/initializers/azure_ad.rb
index ba68ebdad..2a8faa7b0 100644
--- a/config/initializers/azure_ad.rb
+++ b/config/initializers/azure_ad.rb
@@ -3,6 +3,7 @@
 ActiveSupport::Reloader.to_prepare do
   azure_app_ids = ENV.select { |name, _| name =~ /^[[:alnum:]]*_AZURE_AD_APP_ID/ }
   settings = ApplicationSettings.instance
+  settings.values['azure_ad_apps'] ||= []
 
   azure_app_ids.each do |name, value|
     app_name = name.sub('_AZURE_AD_APP_ID', '')
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index b646199a2..b00568bd2 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -27,6 +27,7 @@ AZURE_SETUP_PROC = lambda do |env|
   env['omniauth.strategy'].options[:tenant_id] = provider_conf['tenant_id']
   env['omniauth.strategy'].options[:sign_in_policy] = provider_conf['sign_in_policy']
   env['omniauth.strategy'].options[:name] = 'customazureactivedirectory'
+  env['omniauth.strategy'].options[:conf_url] = provider_conf['conf_url']
   conf_uri = URI.parse(provider_conf['conf_url'])
   env['omniauth.strategy'].options[:base_azure_url] = "#{conf_uri.scheme || 'https'}://#{conf_uri.host}"
 end
diff --git a/lib/omniauth/strategies/custom_azure_active_directory.rb b/lib/omniauth/strategies/custom_azure_active_directory.rb
index 4e8ce9ebe..a2ff9e29e 100644
--- a/lib/omniauth/strategies/custom_azure_active_directory.rb
+++ b/lib/omniauth/strategies/custom_azure_active_directory.rb
@@ -7,6 +7,22 @@ module OmniAuth
 
       option :name, 'customazureactivedirectory'
 
+      def client
+        omni_client = super
+        begin
+          app_conf =
+            Rails.cache.fetch("ad_app_conf_#{options[:client_id]}", expires_in: 1.day) do
+              JSON.parse(Net::HTTP.get(URI(options[:conf_url])))
+            end
+          omni_client.options[:authorize_url] = app_conf['authorization_endpoint']
+          omni_client.options[:token_url] = app_conf['token_endpoint']
+        rescue StandardError => e
+          Rails.logger.error('Failed to load OAuth2 configuration from the remote server! Using defaults.')
+          Rails.logger.error(e.message)
+        end
+        omni_client
+      end
+
       def raw_info
         if @raw_info.nil?
           id_token_data   = ::JWT.decode(access_token.params['id_token'], nil, false).first rescue {}