require 'omniauth/strategies/oauth2' require 'jwt' module OmniAuth module Strategies class AzureOauth2 < OmniAuth::Strategies::OAuth2 BASE_AZURE_URL = 'https://login.windows.net' option :name, 'azure_oauth2' option :tenant_provider, nil # AD resource identifier option :resource, '00000002-0000-0000-c000-000000000000' # tenant_provider must return client_id, client_secret and optionally tenant_id args [:tenant_provider] def client if options.tenant_provider provider = options.tenant_provider.new(self) else provider = options # if pass has to config, get mapped right on to ptions end options.client_id = provider.client_id options.client_secret = provider.client_secret options.tenant_id = provider.respond_to?(:tenant_id) ? provider.tenant_id : 'common' options.authorize_params.domain_hint = provider.domain_hint if provider.respond_to?(:domain_hint) && provider.domain_hint options.client_options.authorize_url = "#{BASE_AZURE_URL}/#{options.tenant_id}/oauth2/authorize" options.client_options.token_url = "#{BASE_AZURE_URL}/#{options.tenant_id}/oauth2/token" options.token_params.resource = options.resource super end uid { raw_info['sub'] } info do { name: raw_info['unique_name'], first_name: raw_info['given_name'], last_name: raw_info['family_name'], email: raw_info['email'] || raw_info['upn'], oid: raw_info['oid'] } end def raw_info # it's all here in JWT http://msdn.microsoft.com/en-us/library/azure/dn195587.aspx @raw_info ||= ::JWT.decode(access_token.token, nil, false).first end end end end