scinote-web/lib/omniauth/strategies/custom_azure_active_directory.rb
2020-04-22 17:26:06 +02:00

46 lines
1.3 KiB
Ruby

# frozen_string_literal: true
module OmniAuth
module Strategies
class CustomAzureActiveDirectory < AzureActiveDirectory
include OmniAuth::Strategy
option :openid_config_url
option :sign_in_policy
# Azure doesn't allow query params in callback URL
def callback_url
full_host + script_name + callback_path
end
def openid_config_url
options[:openid_config_url]
end
def authorize_endpoint_url
uri = URI(openid_config['authorization_endpoint'])
params = {
client_id: client_id,
redirect_uri: callback_url,
response_mode: response_mode,
response_type: response_type,
nonce: new_nonce,
scope: 'openid profile email'
}
params[:p] = options[:sign_in_policy] if options[:sign_in_policy].present?
uri.query = URI.encode_www_form(params)
uri.to_s
end
def validate_and_parse_id_token(id_token)
jwt_claims, jwt_header = Api::AzureJwt.decode(id_token)
return jwt_claims, jwt_header if jwt_claims['nonce'] == read_nonce
raise JWT::DecodeError, 'Returned nonce did not match.'
end
end
end
end
OmniAuth.config.add_camelization 'custom_azure_activedirectory', 'CustomAzureActiveDirectory'