mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-12-26 09:42:46 +08:00
46 lines
1.3 KiB
Ruby
46 lines
1.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module OmniAuth
|
|
module Strategies
|
|
class CustomAzureActiveDirectory < AzureActiveDirectory
|
|
include OmniAuth::Strategy
|
|
|
|
option :openid_config_url
|
|
option :sign_in_policy
|
|
|
|
# Azure doesn't allow query params in callback URL
|
|
def callback_url
|
|
full_host + script_name + callback_path
|
|
end
|
|
|
|
def openid_config_url
|
|
options[:openid_config_url]
|
|
end
|
|
|
|
def authorize_endpoint_url
|
|
uri = URI(openid_config['authorization_endpoint'])
|
|
params = {
|
|
client_id: client_id,
|
|
redirect_uri: callback_url,
|
|
response_mode: response_mode,
|
|
response_type: response_type,
|
|
nonce: new_nonce,
|
|
scope: 'openid profile email'
|
|
}
|
|
params[:p] = options[:sign_in_policy] if options[:sign_in_policy].present?
|
|
|
|
uri.query = URI.encode_www_form(params)
|
|
uri.to_s
|
|
end
|
|
|
|
def validate_and_parse_id_token(id_token)
|
|
jwt_claims, jwt_header = Api::AzureJwt.decode(id_token)
|
|
return jwt_claims, jwt_header if jwt_claims['nonce'] == read_nonce
|
|
|
|
raise JWT::DecodeError, 'Returned nonce did not match.'
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
OmniAuth.config.add_camelization 'custom_azure_activedirectory', 'CustomAzureActiveDirectory'
|