-
Notifications
You must be signed in to change notification settings - Fork 620
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Microsoft] fix reading OpenID Connect token responses #243
Conversation
lib/oauth2/client.rb
Outdated
@@ -136,8 +136,11 @@ def get_token(params, access_token_opts = {}, access_token_class = AccessToken) | |||
opts[:params] = params | |||
end | |||
response = request(options[:token_method], token_url, opts) | |||
error = Error.new(response) | |||
raise(error) if options[:raise_errors] && !(response.parsed.is_a?(Hash) && response.parsed['access_token']) | |||
if options[:raise_errors] && !(response.parsed.is_a?(Hash) && |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This line is a little tough to read. I'd change to something like this:
response_contains_token = response.parsed.is_a?(Hash) &&
(response.parsed['access_token'] || response.parsed['id_token'])
error = Error.new(response)
raise(error) if options[:raise_errors] && !(response_contains_token)
Also this method now breaks the lint check, which is failing the build. In a method above there's a comment to disable a few extra Rubocops, I'd add the same comment to this method def
as well:
# rubocop:disable CyclomaticComplexity, MethodLength, Metrics/AbcSize
I've run into the same issue. I left some comments to help fix the build and then hopefully this could get some attention from 👍 |
e3348ac
to
0683ace
Compare
I've updated the PR with your suggestions. |
@ccutrer Are you still interested in getting this merged? Looks like there are just some conflicts now. |
Any movement on resolving the conflicts so this can be merged @ccutrer? |
I'd almost forgotten this PR existed. I've just been updating our monkey patch in our app with each bump of this gem. I'll update the PR |
0683ace
to
9e2f04e
Compare
PR updated with conflicts resolved, and specs passing. |
2 similar comments
fff5076
to
142a938
Compare
when using Microsoft's OpenID Connect service (as documented at https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols/) if you only request the openid scope, Microsoft only returns an id_token, with no access_token. so treat that as a valid response.
142a938
to
671624f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great, thanks for updating!
I know this is an old PR but is there any advice on how to use Microsoft responses that only hav id_token in the. This fix make that a valid response but the AccessToken class still expects the What's the fix? Is it to subclass AccessToken ? |
Thansk @jonspalmer I afraid extending AccessToken is the only option for now. I see you found #511 already, we could move conversation on it for a completely solution for this. |
Happy to move it there. I have lots of questions :D perhaps a few suggestions too. |
when using Microsoft's OpenID Connect service (as documented at
https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols/)
if you only request the openid scope, Microsoft only returns an id_token,
with no access_token. so treat that as a valid response.