scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2024-09-21 23:46:21 +08:00
Code Issues Packages Projects Releases Wiki Activity
scinote-web/lib/omniauth/strategies/custom_azure_active_directory.rb
Oleksii Kriuchykhin d5e3ac2769 Add missing scopes for Azure AD OpenID Connect [SCI-4544]
2020-04-22 17:26:06 +02:00

47 lines
1.3 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
module OmniAuth
module Strategies
class CustomAzureActiveDirectory < AzureActiveDirectory
include OmniAuth::Strategy
option :openid_config_url
option :sign_in_policy
# Azure doesn't allow query params in callback URL
def callback_url
full_host + script_name + callback_path
end
def openid_config_url
options[:openid_config_url]
end
def authorize_endpoint_url
uri = URI(openid_config['authorization_endpoint'])
params = {
client_id: client_id,
redirect_uri: callback_url,
response_mode: response_mode,
response_type: response_type,
nonce: new_nonce,
scope: 'openid profile email'
}
params[:p] = options[:sign_in_policy] if options[:sign_in_policy].present?
uri.query = URI.encode_www_form(params)
uri.to_s
end
def validate_and_parse_id_token(id_token)
jwt_claims, jwt_header = Api::AzureJwt.decode(id_token)
return jwt_claims, jwt_header if jwt_claims['nonce'] == read_nonce
raise JWT::DecodeError, 'Returned nonce did not match.'
end
end
end
end
OmniAuth.config.add_camelization 'custom_azure_activedirectory', 'CustomAzureActiveDirectory'
Reference in a new issue View git blame Copy permalink