Skip to content

Commit

Permalink
Merge pull request #243 from ccutrer/id_token_for_microsoft
Browse files Browse the repository at this point in the history 
[Microsoft] fix reading OpenID Connect token responses
  • Loading branch information
@pboling
pboling authored May 14, 2019
2 parents f08ff9d + 671624f commit 78dd83d
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 2 deletions.
7 changes: 5 additions & 2 deletions lib/oauth2/client.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, Method
# @param [Hash] access token options, to pass to the AccessToken object
# @param [Class] class of access token for easier subclassing OAuth2::AccessToken
# @return [AccessToken] the initialized AccessToken
def get_token(params, access_token_opts = {}, access_token_class = AccessToken) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
def get_token(params, access_token_opts = {}, access_token_class = AccessToken) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
params = authenticator.apply(params)
opts = {:raise_errors => options[:raise_errors], :parse => params.delete(:parse)}
headers = params.delete(:headers) || {}
Expand All @@ -143,7 +143,10 @@ def get_token(params, access_token_opts = {}, access_token_class = AccessToken)
end
opts[:headers].merge!(headers)
response = request(options[:token_method], token_url, opts)
if options[:raise_errors] && !(response.parsed.is_a?(Hash) && response.parsed['access_token'])
response_contains_token = response.parsed.is_a?(Hash) &&
(response.parsed['access_token'] || response.parsed['id_token'])

if options[:raise_errors] && !response_contains_token
error = Error.new(response)
raise(error)
end
Expand Down
13 changes: 13 additions & 0 deletions spec/oauth2/strategy/auth_code_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
let(:facebook_token) { kvform_token.gsub('_in', '') }
let(:json_token) { MultiJson.encode(:expires_in => 600, :access_token => 'salmon', :refresh_token => 'trout', :extra_param => 'steve') }
let(:redirect_uri) { 'http://example.com/redirect_uri' }
let(:microsoft_token) { 'id_token=jwt' }

let(:client) do
OAuth2::Client.new('abc', 'def', :site => 'http://api.example.com') do |builder|
Expand All @@ -20,6 +21,8 @@
[200, {'Content-Type' => 'application/json'}, json_token]
when 'from_facebook'
[200, {'Content-Type' => 'application/x-www-form-urlencoded'}, facebook_token]
when 'from_microsoft'
[200, {'Content-Type' => 'application/x-www-form-urlencoded'}, microsoft_token]
end
end
stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def', 'code' => 'sushi', 'grant_type' => 'authorization_code') do |env|
Expand Down Expand Up @@ -87,6 +90,16 @@
end
end

describe '#get_token' do
it "doesn't treat an OpenID Connect token with only an id_token (like from Microsoft) as invalid" do
@mode = 'from_microsoft'
client.options[:token_method] = :get
client.options[:auth_scheme] = :request_body
@access = subject.get_token(code)
expect(@access['id_token']).to eq('jwt')
end
end

%w[json formencoded from_facebook].each do |mode|
[:get, :post].each do |verb|
describe "#get_token (#{mode}, access_token_method=#{verb}" do
Expand Down

0 comments on commit 78dd83d

Please sign in to comment.