Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
require 'openid_connect'
require 'readline'
OpenIDConnect.debug!
tenant_domain_prefix = '<YOUR-TENANT-DOMAIN-PREFIX>'
tenant_uuid = '<YOUR-TENANT-UUID>'
client_id = '<YOUR-CLIENT-ID>'
client_secret = '<YOUR-CLIENT-SECRET>'
redirect_uri = '<YOUR-REDIRECT-URI>'
policy_id = '<YOUR-POLICY-ID>'
rs_application_id = '<YOUR-RS-APPLICATION-ID>'
issuer = "https://login.microsoftonline.com/#{tenant_uuid}/v2.0"
def scope_uris_for(*scopes)
scopes.collect do |scope|
File.join "https://#{tenant_domain_prefix}.onmicrosoft.com/", rs_application_id, scope
end
end
scopes = scope_uris_for('<YOUR-SCOPE-1>', '<YOUR-SCOPE-2>')
def inspect_jwt(jwt)
puts JSON.pretty_generate(jwt.header)
puts '.'
puts JSON.pretty_generate(jwt)
puts
end
op_config = OpenIDConnect::Discovery::Provider::Config.discover!(issuer).tap do |config|
# NOTE: p=policy_id is REQUIRED, and MUST be in query, not body.
config.token_endpoint << "?p=#{policy_id}"
config.authorization_endpoint << "?p=#{policy_id}"
config.jwks_uri << "?p=#{policy_id}"
end
client = OpenIDConnect::Client.new(
identifier: client_id,
secret: client_secret,
authorization_endpoint: op_config.authorization_endpoint,
token_endpoint: op_config.token_endpoint,
userinfo_endpoint: op_config.userinfo_endpoint,
redirect_uri: redirect_uri
)
jwks = op_config.jwks
puts '# Requested Scopes'
puts scopes
puts
authorization_uri = client.authorization_uri(
scope: scopes,
nonce: SecureRandom.hex(8),
# response_type: [:token, :id_token]
)
puts '# Redirecting to...'
puts authorization_uri
`open "#{authorization_uri}"`
puts
print 'code: ' and STDOUT.flush
code = Readline.readline.strip # NOTE: `gets` can't receive 1024+ bytes input
puts
client.authorization_code = code
response = client.access_token! :body
access_token = JSON::JWT.decode response.access_token, jwks
id_token = JSON::JWT.decode response.id_token, jwks
puts '# Access Token'
inspect_jwt access_token
puts '# ID Token'
inspect_jwt id_token
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment