I hereby claim:
- I am nov on github.
- I am nov (https://keybase.io/nov) on keybase.
- I have a public key ASDyhGlF6mTKRzYh4ItyuCRw7PQIkGc2ofBR0nvRdhJUGQo
To claim this, I am signing this object:
Nov Matake nov
nov
/ yconnect_discovery.rb
Last active
May 17, 2017 04:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'openid_connect' | |
| # NOTE: Webfinger | |
| OpenIDConnect::Discovery::Provider.discover! 'https://auth.login.yahoo.co.jp' | |
| # => raise OpenIDConnect::Discovery::DiscoveryFailed exception saying "Not Found" | |
| # NOTE: OIDC OP Config (v2) | |
| OpenIDConnect::Discovery::Provider::Config.discover! 'https://auth.login.yahoo.co.jp/yconnect/v2' | |
| # => success |
nov
/ azure_ad_b2c.rb
Created
March 24, 2017 09:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'openid_connect' | |
| require 'readline' | |
| OpenIDConnect.debug! | |
| def scopes_for(rs_alias) | |
| ['common', rs_alias].collect do |scope| | |
| File.join 'https://sts4b2c.onmicrosoft.com/', rs_alias, scope | |
| end | |
| end |
nov
/ azure_ad_b2c_without_credentials.rb
Created
March 24, 2017 08:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'openid_connect' | |
| require 'readline' | |
| OpenIDConnect.debug! | |
| tenant_domain_prefix = '<YOUR-TENANT-DOMAIN-PREFIX>' | |
| tenant_uuid = '<YOUR-TENANT-UUID>' | |
| client_id = '<YOUR-CLIENT-ID>' | |
| client_secret = '<YOUR-CLIENT-SECRET>' | |
| redirect_uri = '<YOUR-REDIRECT-URI>' |
nov
/ SalesForce_SCIM_Client.rb
Last active
March 30, 2017 06:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'rack/oauth2' | |
| Rack::OAuth2.debug! | |
| client = Rack::OAuth2::Client.new( | |
| identifier: '<YOUR-CLIENT-ID>', | |
| secret: '<YOUR-CLIENT-SECRET>', | |
| authorization_endpoint: 'https://login.salesforce.com/services/oauth2/authorize', | |
| token_endpoint: 'https://login.salesforce.com/services/oauth2/token', | |
| redirect_uri: '<YOUR-CALLBACK-URL>' |
nov
/ SalesForce_OIDCRegHandler.cls
Created
March 23, 2017 04:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class OIDCRegHandler implements Auth.RegistrationHandler{ | |
| public User createUser(Id portalId, Auth.UserData data){ | |
| List<User> users = [SELECT Id FROM User WHERE FederationIdentifier =:data.identifier]; | |
| if (users.size() == 1) { | |
| return users[0]; | |
| } else { | |
| return null; | |
| } | |
| } |
nov
/ myna_saml_authn_req.xml
Created
January 25, 2017 02:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <samlp2:AuthnRequest | |
| AssertionConsumerServiceURL="https://idfed.myna.go.jp/idfedgw0001/assertion_artifact" | |
| Destination="https://idfed.myna.go.jp/idfedsaml/sso_redirect" | |
| ForceAuthn="false" | |
| ID="..omitted.." | |
| IsPassive="false" | |
| IssueInstant="2017-01-25T02:53:28Z" | |
| ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" | |
| ProviderName="SAML2.0 SP1" |
nov
/ keybase.md
Created
November 28, 2016 03:42
nov
/ fake_ajax_request.rb
Last active
November 21, 2016 18:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'rack/oauth2' | |
| Rack::OAuth2.debug! | |
| client = Rack::OAuth2.http_client | |
| client.get 'http://example.com', nil, { | |
| 'X-Requested-With': 'XMLHttpRequest' | |
| } |
nov
/ rfc6749_for_js_clients.md
Last active
November 21, 2016 18:27
How to read RFC6749 for JS clients?
JS clients are called public client
https://tools.ietf.org/html/rfc6749#section-2.1
The sentence below means Ajax-only restriction can be such a method, but it shouldn't be higly trusted.
nov
/ fido_metadata_service.rb
Last active
September 29, 2016 04:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'rack/oauth2' | |
| require 'json/jwt' | |
| def get(endpoint, format = :jwt) | |
| res = Rack::OAuth2.http_client.get endpoint | |
| case format | |
| when :jwt | |
| JSON::JWT.decode res.body, :skip_verification | |
| when :b64 | |
| JSON.parse Base64.decode64(res.body) |