Nov Matake nov

## signin_with_apple.rb
require 'apple_id'

# NOTE: in debugging mode, you can see all HTTPS request & response in the log.
# AppleID.debug!

pem = <<-PEM
-----BEGIN PRIVATE KEY-----
  :
  :
-----END PRIVATE KEY-----

## mtls-policy.xml
<policies>
    <inbound>
        <base />
        <!-- TODO: limit by client_id, not token itself -->
        <rate-limit-by-key calls="30" renewal-period="10" counter-key="@(context.Request.Headers.GetValueOrDefault("Authorization",""))" />
        <choose>
            <when condition="@(context.Request.Certificate != null && context.Request.Certificate.NotAfter > DateTime.Now)">
                <set-header name="Client-Certificate" exists-action="override">
                    <value>@(context.Request.Certificate.GetRawCertDataString())</value>
                </set-header>

## iGov_client.rb
# NOTE:
#  * rack-oauth gem v1.8.2+ is required. (openid_connect gem is largelly developed on top of the rack-oauth2 gem)
#  * this feature isn't tested well yet.
#  * you can replace `OpenIDConnect` with `Rack::OAuth2` if you don't need ID Token & UserInfo API support.

require 'openid_connect'

OpenIDConnect.debug!

pem = <<-PEM

## saml2_unavailable_gakunin_sps.rb
require 'saml'
require 'open-uri'

idps_and_sps = Saml::Elements::EntityDescriptor.parse(
  open('https://metadata.gakunin.nii.ac.jp/gakunin-metadata.xml?generation=2')
)

sps = idps_and_sps.select do |idp_or_sp|
  idp_or_sp.sp_sso_descriptor.present?
end

## line_login.rb
require 'openid_connect'

OpenIDConnect.debug!

config = {
  client_id: 'YOUR-CHANNEL-ID',
  client_secret: 'YOUR-CHANNEL-SECRET'
}

client = OpenIDConnect::Client.new(

## gist:e48cdcc785fa480b0c05be102839f194
Desktop$ curl -i https://auth.login.yahoo.co.jp/yconnect/v2/.well-known/openid-configuration | od -c
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1485  100  1485    0     0   5671      0 --:--:-- --:--:-- --:--:--  5689
0000000    H   T   T   P   /   1   .   1       2   0   0       O   K  \r
0000020   \n   D   a   t   e   :       W   e   d   ,       1   7       M
0000040    a   y       2   0   1   7       0   5   :   2   8   :   2   5
0000060        G   M   T  \r  \n   P   3   P   :       p   o   l   i   c
0000100    y   r   e   f   =   "   h   t   t   p   :   /   /   p   r   i
0000120    v   a   c   y   .   y   a   h   o   o   .   c   o   .   j   p

## yconnect_discovery.rb
require 'openid_connect'

# NOTE: Webfinger
OpenIDConnect::Discovery::Provider.discover! 'https://auth.login.yahoo.co.jp'
# => raise OpenIDConnect::Discovery::DiscoveryFailed exception saying "Not Found"

# NOTE: OIDC OP Config (v2)
OpenIDConnect::Discovery::Provider::Config.discover! 'https://auth.login.yahoo.co.jp/yconnect/v2'
# => success

## azure_ad_b2c.rb
require 'openid_connect'
require 'readline'

OpenIDConnect.debug!

def scopes_for(rs_alias)
  ['common', rs_alias].collect do |scope|
    File.join 'https://sts4b2c.onmicrosoft.com/', rs_alias, scope
  end
end

## azure_ad_b2c_without_credentials.rb
require 'openid_connect'
require 'readline'

OpenIDConnect.debug!

tenant_domain_prefix = '<YOUR-TENANT-DOMAIN-PREFIX>'
tenant_uuid = '<YOUR-TENANT-UUID>'
client_id = '<YOUR-CLIENT-ID>'
client_secret = '<YOUR-CLIENT-SECRET>'
redirect_uri = '<YOUR-REDIRECT-URI>'

## SalesForce_SCIM_Client.rb
require 'rack/oauth2'

Rack::OAuth2.debug!

client = Rack::OAuth2::Client.new(
  identifier: '<YOUR-CLIENT-ID>',
  secret: '<YOUR-CLIENT-SECRET>',
  authorization_endpoint: 'https://login.salesforce.com/services/oauth2/authorize',
  token_endpoint: 'https://login.salesforce.com/services/oauth2/token',
  redirect_uri: '<YOUR-CALLBACK-URL>'