[Microsoft] fix reading OpenID Connect token responses #243
Conversation
lib/oauth2/client.rb
Outdated
| @@ -136,8 +136,11 @@ def get_token(params, access_token_opts = {}, access_token_class = AccessToken) | |||
| opts[:params] = params | |||
| end | |||
| response = request(options[:token_method], token_url, opts) | |||
| error = Error.new(response) | |||
| raise(error) if options[:raise_errors] && !(response.parsed.is_a?(Hash) && response.parsed['access_token']) | |||
| if options[:raise_errors] && !(response.parsed.is_a?(Hash) && | |||
There was a problem hiding this comment.
This line is a little tough to read. I'd change to something like this:
response_contains_token = response.parsed.is_a?(Hash) &&
(response.parsed['access_token'] || response.parsed['id_token'])
error = Error.new(response)
raise(error) if options[:raise_errors] && !(response_contains_token)Also this method now breaks the lint check, which is failing the build. In a method above there's a comment to disable a few extra Rubocops, I'd add the same comment to this method def as well:
# rubocop:disable CyclomaticComplexity, MethodLength, Metrics/AbcSize
|
I've run into the same issue. I left some comments to help fix the build and then hopefully this could get some attention from 👍 |
ccutrer
force-pushed
the
id_token_for_microsoft
branch
from
e3348ac
to
0683ace
Compare
|
I've updated the PR with your suggestions. |
|
@ccutrer Are you still interested in getting this merged? Looks like there are just some conflicts now. |
pboling
changed the title
|
Any movement on resolving the conflicts so this can be merged @ccutrer? |
|
I'd almost forgotten this PR existed. I've just been updating our monkey patch in our app with each bump of this gem. I'll update the PR |
ccutrer
force-pushed
the
id_token_for_microsoft
branch
from
0683ace
to
9e2f04e
Compare
|
PR updated with conflicts resolved, and specs passing. |
2 similar comments
ccutrer
force-pushed
the
id_token_for_microsoft
branch
2 times, most recently
from
fff5076
to
142a938
Compare
when using Microsoft's OpenID Connect service (as documented at https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols/) if you only request the openid scope, Microsoft only returns an id_token, with no access_token. so treat that as a valid response.
ccutrer
force-pushed
the
id_token_for_microsoft
branch
from
142a938
to
671624f
Compare
|
I know this is an old PR but is there any advice on how to use Microsoft responses that only hav id_token in the. This fix make that a valid response but the AccessToken class still expects the What's the fix? Is it to subclass AccessToken ? |
|
Thansk @jonspalmer I afraid extending AccessToken is the only option for now. I see you found #511 already, we could move conversation on it for a completely solution for this. |
|
Happy to move it there. I have lots of questions :D perhaps a few suggestions too. |
when using Microsoft's OpenID Connect service (as documented at
https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols/)
if you only request the openid scope, Microsoft only returns an id_token,
with no access_token. so treat that as a valid response.