require 'openid_connect' | |
require 'readline' | |
OpenIDConnect.debug! | |
tenant_domain_prefix = '<YOUR-TENANT-DOMAIN-PREFIX>' | |
tenant_uuid = '<YOUR-TENANT-UUID>' | |
client_id = '<YOUR-CLIENT-ID>' | |
client_secret = '<YOUR-CLIENT-SECRET>' | |
redirect_uri = '<YOUR-REDIRECT-URI>' | |
policy_id = '<YOUR-POLICY-ID>' | |
rs_application_id = '<YOUR-RS-APPLICATION-ID>' | |
issuer = "https://login.microsoftonline.com/#{tenant_uuid}/v2.0" | |
def scope_uris_for(*scopes) | |
scopes.collect do |scope| | |
File.join "https://#{tenant_domain_prefix}.onmicrosoft.com/", rs_application_id, scope | |
end | |
end | |
scopes = scope_uris_for('<YOUR-SCOPE-1>', '<YOUR-SCOPE-2>') | |
def inspect_jwt(jwt) | |
puts JSON.pretty_generate(jwt.header) | |
puts '.' | |
puts JSON.pretty_generate(jwt) | |
puts | |
end | |
op_config = OpenIDConnect::Discovery::Provider::Config.discover!(issuer).tap do |config| | |
# NOTE: p=policy_id is REQUIRED, and MUST be in query, not body. | |
config.token_endpoint << "?p=#{policy_id}" | |
config.authorization_endpoint << "?p=#{policy_id}" | |
config.jwks_uri << "?p=#{policy_id}" | |
end | |
client = OpenIDConnect::Client.new( | |
identifier: client_id, | |
secret: client_secret, | |
authorization_endpoint: op_config.authorization_endpoint, | |
token_endpoint: op_config.token_endpoint, | |
userinfo_endpoint: op_config.userinfo_endpoint, | |
redirect_uri: redirect_uri | |
) | |
jwks = op_config.jwks | |
puts '# Requested Scopes' | |
puts scopes | |
puts | |
authorization_uri = client.authorization_uri( | |
scope: scopes, | |
nonce: SecureRandom.hex(8), | |
# response_type: [:token, :id_token] | |
) | |
puts '# Redirecting to...' | |
puts authorization_uri | |
`open "#{authorization_uri}"` | |
puts | |
print 'code: ' and STDOUT.flush | |
code = Readline.readline.strip # NOTE: `gets` can't receive 1024+ bytes input | |
puts | |
client.authorization_code = code | |
response = client.access_token! :body | |
access_token = JSON::JWT.decode response.access_token, jwks | |
id_token = JSON::JWT.decode response.id_token, jwks | |
puts '# Access Token' | |
inspect_jwt access_token | |
puts '# ID Token' | |
inspect_jwt id_token |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment