/azure_ad_b2c_without_credentials.rb
Created Mar 24, 2017
| require 'openid_connect' | |
| require 'readline' | |
| OpenIDConnect.debug! | |
| tenant_domain_prefix = '<YOUR-TENANT-DOMAIN-PREFIX>' | |
| tenant_uuid = '<YOUR-TENANT-UUID>' | |
| client_id = '<YOUR-CLIENT-ID>' | |
| client_secret = '<YOUR-CLIENT-SECRET>' | |
| redirect_uri = '<YOUR-REDIRECT-URI>' | |
| policy_id = '<YOUR-POLICY-ID>' | |
| rs_application_id = '<YOUR-RS-APPLICATION-ID>' | |
| issuer = "https://login.microsoftonline.com/#{tenant_uuid}/v2.0" | |
| def scope_uris_for(*scopes) | |
| scopes.collect do |scope| | |
| File.join "https://#{tenant_domain_prefix}.onmicrosoft.com/", rs_application_id, scope | |
| end | |
| end | |
| scopes = scope_uris_for('<YOUR-SCOPE-1>', '<YOUR-SCOPE-2>') | |
| def inspect_jwt(jwt) | |
| puts JSON.pretty_generate(jwt.header) | |
| puts '.' | |
| puts JSON.pretty_generate(jwt) | |
| puts | |
| end | |
| op_config = OpenIDConnect::Discovery::Provider::Config.discover!(issuer).tap do |config| | |
| # NOTE: p=policy_id is REQUIRED, and MUST be in query, not body. | |
| config.token_endpoint << "?p=#{policy_id}" | |
| config.authorization_endpoint << "?p=#{policy_id}" | |
| config.jwks_uri << "?p=#{policy_id}" | |
| end | |
| client = OpenIDConnect::Client.new( | |
| identifier: client_id, | |
| secret: client_secret, | |
| authorization_endpoint: op_config.authorization_endpoint, | |
| token_endpoint: op_config.token_endpoint, | |
| userinfo_endpoint: op_config.userinfo_endpoint, | |
| redirect_uri: redirect_uri | |
| ) | |
| jwks = op_config.jwks | |
| puts '# Requested Scopes' | |
| puts scopes | |
| puts | |
| authorization_uri = client.authorization_uri( | |
| scope: scopes, | |
| nonce: SecureRandom.hex(8), | |
| # response_type: [:token, :id_token] | |
| ) | |
| puts '# Redirecting to...' | |
| puts authorization_uri | |
| `open "#{authorization_uri}"` | |
| puts | |
| print 'code: ' and STDOUT.flush | |
| code = Readline.readline.strip # NOTE: `gets` can't receive 1024+ bytes input | |
| puts | |
| client.authorization_code = code | |
| response = client.access_token! :body | |
| access_token = JSON::JWT.decode response.access_token, jwks | |
| id_token = JSON::JWT.decode response.id_token, jwks | |
| puts '# Access Token' | |
| inspect_jwt access_token | |
| puts '# ID Token' | |
| inspect_jwt id_token |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment