I hereby claim:
- I am nov on github.
- I am nov (https://keybase.io/nov) on keybase.
- I have a public key ASDyhGlF6mTKRzYh4ItyuCRw7PQIkGc2ofBR0nvRdhJUGQo
To claim this, I am signing this object:
require 'openid_connect' | |
# NOTE: Webfinger | |
OpenIDConnect::Discovery::Provider.discover! 'https://auth.login.yahoo.co.jp' | |
# => raise OpenIDConnect::Discovery::DiscoveryFailed exception saying "Not Found" | |
# NOTE: OIDC OP Config (v2) | |
OpenIDConnect::Discovery::Provider::Config.discover! 'https://auth.login.yahoo.co.jp/yconnect/v2' | |
# => success |
require 'openid_connect' | |
require 'readline' | |
OpenIDConnect.debug! | |
def scopes_for(rs_alias) | |
['common', rs_alias].collect do |scope| | |
File.join 'https://sts4b2c.onmicrosoft.com/', rs_alias, scope | |
end | |
end |
require 'openid_connect' | |
require 'readline' | |
OpenIDConnect.debug! | |
tenant_domain_prefix = '<YOUR-TENANT-DOMAIN-PREFIX>' | |
tenant_uuid = '<YOUR-TENANT-UUID>' | |
client_id = '<YOUR-CLIENT-ID>' | |
client_secret = '<YOUR-CLIENT-SECRET>' | |
redirect_uri = '<YOUR-REDIRECT-URI>' |
require 'rack/oauth2' | |
Rack::OAuth2.debug! | |
client = Rack::OAuth2::Client.new( | |
identifier: '<YOUR-CLIENT-ID>', | |
secret: '<YOUR-CLIENT-SECRET>', | |
authorization_endpoint: 'https://login.salesforce.com/services/oauth2/authorize', | |
token_endpoint: 'https://login.salesforce.com/services/oauth2/token', | |
redirect_uri: '<YOUR-CALLBACK-URL>' |
public class OIDCRegHandler implements Auth.RegistrationHandler{ | |
public User createUser(Id portalId, Auth.UserData data){ | |
List<User> users = [SELECT Id FROM User WHERE FederationIdentifier =:data.identifier]; | |
if (users.size() == 1) { | |
return users[0]; | |
} else { | |
return null; | |
} | |
} |
<?xml version="1.0" encoding="UTF-8"?> | |
<samlp2:AuthnRequest | |
AssertionConsumerServiceURL="https://idfed.myna.go.jp/idfedgw0001/assertion_artifact" | |
Destination="https://idfed.myna.go.jp/idfedsaml/sso_redirect" | |
ForceAuthn="false" | |
ID="..omitted.." | |
IsPassive="false" | |
IssueInstant="2017-01-25T02:53:28Z" | |
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" | |
ProviderName="SAML2.0 SP1" |
I hereby claim:
To claim this, I am signing this object:
require 'rack/oauth2' | |
Rack::OAuth2.debug! | |
client = Rack::OAuth2.http_client | |
client.get 'http://example.com', nil, { | |
'X-Requested-With': 'XMLHttpRequest' | |
} |
JS clients are called public client
https://tools.ietf.org/html/rfc6749#section-2.1
The sentence below means Ajax-only restriction can be such a method, but it shouldn't be higly trusted.
require 'rack/oauth2' | |
require 'json/jwt' | |
def get(endpoint, format = :jwt) | |
res = Rack::OAuth2.http_client.get endpoint | |
case format | |
when :jwt | |
JSON::JWT.decode res.body, :skip_verification | |
when :b64 | |
JSON.parse Base64.decode64(res.body) |