nov

require 'rubygems'
require 'rack/oauth2'

client = Rack::OAuth2::Client.new(
  :identifier => YOUR_CLIENT_ID,
  :secret => YOUR_CLIENT_SECRET,
  :redirect_uri => YOUR_REDIRECT_URI, # only required for grant_type = :code
  :host => 'rack-oauth2-sample.heroku.com'
)

nov

# NOTE:
#  * rack-oauth gem v1.8.2+ is required. (openid_connect gem is largelly developed on top of the rack-oauth2 gem)
#  * this feature isn't tested well yet.
#  * you can replace `OpenIDConnect` with `Rack::OAuth2` if you don't need ID Token & UserInfo API support.

require 'openid_connect'

OpenIDConnect.debug!

pem = <<-PEM

nov

require 'saml'
require 'open-uri'

idps_and_sps = Saml::Elements::EntityDescriptor.parse(
  open('https://metadata.gakunin.nii.ac.jp/gakunin-metadata.xml?generation=2')
)

sps = idps_and_sps.select do |idp_or_sp|
  idp_or_sp.sp_sso_descriptor.present?
end

nov

require 'openid_connect'

OpenIDConnect.debug!

config = {
  client_id: 'YOUR-CHANNEL-ID',
  client_secret: 'YOUR-CHANNEL-SECRET'
}

client = OpenIDConnect::Client.new(

nov

Desktop$ curl -i https://auth.login.yahoo.co.jp/yconnect/v2/.well-known/openid-configuration | od -c
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1485  100  1485    0     0   5671      0 --:--:-- --:--:-- --:--:--  5689
0000000    H   T   T   P   /   1   .   1       2   0   0       O   K  \r
0000020   \n   D   a   t   e   :       W   e   d   ,       1   7       M
0000040    a   y       2   0   1   7       0   5   :   2   8   :   2   5
0000060        G   M   T  \r  \n   P   3   P   :       p   o   l   i   c
0000100    y   r   e   f   =   "   h   t   t   p   :   /   /   p   r   i
0000120    v   a   c   y   .   y   a   h   o   o   .   c   o   .   j   p

nov

require 'openid_connect'

# NOTE: Webfinger
OpenIDConnect::Discovery::Provider.discover! 'https://auth.login.yahoo.co.jp'
# => raise OpenIDConnect::Discovery::DiscoveryFailed exception saying "Not Found"

# NOTE: OIDC OP Config (v2)
OpenIDConnect::Discovery::Provider::Config.discover! 'https://auth.login.yahoo.co.jp/yconnect/v2'
# => success

nov

require 'rack/oauth2'

Rack::OAuth2.debug!

client = Rack::OAuth2::Client.new(
  identifier: '<YOUR-CLIENT-ID>',
  secret: '<YOUR-CLIENT-SECRET>',
  authorization_endpoint: 'https://login.salesforce.com/services/oauth2/authorize',
  token_endpoint: 'https://login.salesforce.com/services/oauth2/token',
  redirect_uri: '<YOUR-CALLBACK-URL>'

nov

require 'openid_connect'
require 'readline'

OpenIDConnect.debug!

def scopes_for(rs_alias)
  ['common', rs_alias].collect do |scope|
    File.join 'https://sts4b2c.onmicrosoft.com/', rs_alias, scope
  end
end

nov

require 'openid_connect'
require 'readline'

OpenIDConnect.debug!

tenant_domain_prefix = '<YOUR-TENANT-DOMAIN-PREFIX>'
tenant_uuid = '<YOUR-TENANT-UUID>'
client_id = '<YOUR-CLIENT-ID>'
client_secret = '<YOUR-CLIENT-SECRET>'
redirect_uri = '<YOUR-REDIRECT-URI>'

nov

public class OIDCRegHandler implements Auth.RegistrationHandler{
  public User createUser(Id portalId, Auth.UserData data){
    List<User> users = [SELECT Id FROM User WHERE FederationIdentifier =:data.identifier];
    if (users.size() == 1) {
      return users[0];
    } else {
      return null;
    }
  }