class OmniAuth::Strategies::MicrosoftGraph

Constants

BASE_SCOPES
BASE_SCOPE_URL
DEFAULT_SCOPE

Public Instance Methods

auth_hash() click to toggle source
Calls superclass method
# File lib/omniauth/strategies/microsoft_graph.rb, line 47
def auth_hash
  super.tap do |ah|
    verify_email(ah, access_token)
  end
end
authorize_params() click to toggle source
Calls superclass method
# File lib/omniauth/strategies/microsoft_graph.rb, line 53
def authorize_params
  super.tap do |params|
    options[:authorize_options].each do |k|
      params[k] = request.params[k.to_s] unless [nil, ''].include?(request.params[k.to_s])
    end

    params[:scope] = get_scope(params)
    params[:access_type] = 'offline' if params[:access_type].nil?

    session['omniauth.state'] = params[:state] if params[:state]
  end
end
build_access_token()
callback_url() click to toggle source
# File lib/omniauth/strategies/microsoft_graph.rb, line 70
def callback_url
  options[:callback_url] || full_host + script_name + callback_path
end
custom_build_access_token() click to toggle source
# File lib/omniauth/strategies/microsoft_graph.rb, line 74
def custom_build_access_token
  access_token = get_access_token(request)
  access_token
end
Also aliased as: build_access_token
raw_info() click to toggle source
# File lib/omniauth/strategies/microsoft_graph.rb, line 66
def raw_info
  @raw_info ||= access_token.get('https://graph.microsoft.com/v1.0/me').parsed
end

Private Instance Methods

client_get_token(verifier, redirect_uri) click to toggle source
# File lib/omniauth/strategies/microsoft_graph.rb, line 104
def client_get_token(verifier, redirect_uri)
  client.auth_code.get_token(verifier, get_token_options(redirect_uri), get_token_params)
end
get_access_token(request) click to toggle source
# File lib/omniauth/strategies/microsoft_graph.rb, line 83
def get_access_token(request)
  verifier = request.params['code']
  redirect_uri = request.params['redirect_uri'] || request.params['callback_url']
  if verifier && request.xhr?
    client_get_token(verifier, redirect_uri || '/auth/microsoft_graph/callback')
  elsif verifier
    client_get_token(verifier, redirect_uri || callback_url)
  elsif verify_token(request.params['access_token'])
    ::OAuth2::AccessToken.from_hash(client, request.params.dup)
  elsif request.content_type =~ /json/i
    begin
      body = JSON.parse(request.body.read)
      request.body.rewind # rewind request body for downstream middlewares
      verifier = body && body['code']
      client_get_token(verifier, '/auth/microsoft_graph/callback') if verifier
    rescue JSON::ParserError => e
      warn "[omniauth microsoft_graph] JSON parse error=#{e}"
    end
  end
end
get_scope(params) click to toggle source
# File lib/omniauth/strategies/microsoft_graph.rb, line 116
def get_scope(params)
  raw_scope = params[:scope] || DEFAULT_SCOPE
  scope_list = raw_scope.split(' ').map { |item| item.split(',') }.flatten
  scope_list.map! { |s| s =~ %r{^https?://} || BASE_SCOPES.include?(s) ? s : "#{BASE_SCOPE_URL}#{s}" }
  scope_list.join(' ')
end
get_token_options(redirect_uri = '') click to toggle source
# File lib/omniauth/strategies/microsoft_graph.rb, line 112
def get_token_options(redirect_uri = '')
  { redirect_uri: redirect_uri }.merge(token_params.to_hash(symbolize_keys: true))
end
get_token_params() click to toggle source
# File lib/omniauth/strategies/microsoft_graph.rb, line 108
def get_token_params
  deep_symbolize(options.auth_token_params || {})
end
verify_email(auth_hash, access_token) click to toggle source
# File lib/omniauth/strategies/microsoft_graph.rb, line 131
def verify_email(auth_hash, access_token)
  OmniAuth::MicrosoftGraph::DomainVerifier.verify!(auth_hash, access_token, options)
end
verify_token(access_token) click to toggle source
# File lib/omniauth/strategies/microsoft_graph.rb, line 123
def verify_token(access_token)
  return false unless access_token
  # access_token.get('https://graph.microsoft.com/v1.0/me').parsed
  raw_response = client.request(:get, 'https://graph.microsoft.com/v1.0/me',
                                params: { access_token: access_token }).parsed
  (raw_response['aud'] == options.client_id) || options.authorized_client_ids.include?(raw_response['aud'])
end