https://github.com/kuyio/omniauth-microsoft-graph

OmniAuth Strategy for Microsoft Graph API via Azure AD
https://github.com/kuyio/omniauth-microsoft-graph

azure microsoft-graph-api omniauth omniauth-strategy

Last synced: 12 days ago
JSON representation

OmniAuth Strategy for Microsoft Graph API via Azure AD

• Host: GitHub
• URL: https://github.com/kuyio/omniauth-microsoft-graph
• Owner: kuyio
• License: mit
• Created: 2020-07-22T23:29:02.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2024-05-02T07:17:36.000Z (7 months ago)
• Last Synced: 2024-05-02T21:05:33.130Z (7 months ago)
• Topics: azure, microsoft-graph-api, omniauth, omniauth-strategy
• Language: Ruby
• Size: 22.5 KB
• Stars: 0
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.txt
  • Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

        
# OmniAuth Strategy for Microsoft Graph API via Azure AD

Authenticate via Azure AD to access user information via the Microsoft Graph API.

## Installation

Add this line to your application's Gemfile:

```ruby

gem 'omniauth-microsoft-graph', github: 'kuyio/omniauth-microsoft-graph'

```

And then execute:

    $ bundle install

Or install it yourself as:

    $ gem install omniauth-microsoft-graph

## Obtain Azure AD Application ID, Secret and Scopes

1. Open a browser and navigate to the Azure Active Directory admin center. Login using a personal account (aka: Microsoft Account) or Work or School Account.

2. Select Azure Active Directory in the left-hand navigation, then select App registrations under Manage.

3. Select New registration. On the Register an application page, set the values as follows.

    - Set Name to your application name.

    - Set Supported account types to Accounts in any organizational directory and personal Microsoft accounts.

    - Under Redirect URI, set the first drop-down to Web and set the value to http://localhost:3000/auth/microsoft_graph/callback.

4. Select Register. On the Application info page, copy the value of the Application (client) ID and save it, you will need it in the next step.

5. Select Certificates & secrets under Manage. Select the New client secret button. Enter a value in Description and select one of the options for Expires and select Add.

6. Copy the client secret value before you leave this page. You will need it in the next step. **Important:** This client secret is never shown again, so make sure you copy it now.

## Usage

Here's an example for adding the middleware to a Rails app in `config/initializers/omniauth.rb`:

```ruby

Rails.application.config.middleware.use OmniAuth::Builder do

  provider :microsoft_graph,

           ENV['AZURE_APP_ID'],

           ENV['AZURE_APP_SECRET'],

           scope: ENV['AZURE_SCOPES']

end

```

Here's an example for the application request scopes:

```ruby

ENV['AZURE_SCOPES'] = 'openid profile email offline_access user.read calendars.read'

```

After logging in with a Microsoft account, and consent to permit the requested scopes, your application will receive a JSON hash from the Microsoft Graph API that is available in `request.env['omniauth.auth']`. The hash looks like this:

```json

{

  "provider": "microsoft_graph",

  "uid": "eb52b3b2-c4ac-4b4f-bacd-d5f7ece55df0",

  "info": {

    "name": null

  },

  "credentials": {

    "token": "eyJ0eXAi...",

    "refresh_token": "OAQABAAA...",

    "expires_at": 1529517383,

    "expires": true

  },

  "extra": {

    "raw_info": {

      "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",

      "id": "eb52b3b2-c4ac-4b4f-bacd-d5f7ece55df0",

      "businessPhones": [

        "+1 425 555 0109"

      ],

      "displayName": "Adele Vance",

      "givenName": "Adele",

      "jobTitle": "Retail Manager",

      "mail": "[email protected]",

      "mobilePhone": null,

      "officeLocation": "18/2111",

      "preferredLanguage": "en-US",

      "surname": "Vance",

      "userPrincipalName": "[email protected]"

    }

  }

}

```

If you look closely at the hash generated by OmniAuth, you'll notice there are two tokens in the hash: `token` and `refresh_token`.

The value in `token` is the access token, which is sent in the Authorization header of API calls. This is the token that allows the app to access the Microsoft Graph on the user's behalf.

However, this token is short-lived. The token expires an hour after it is issued. This is where the `refresh_token` value becomes useful. The refresh token allows the app to request a new access token without requiring the user to sign in again.

## Development

After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run `bundle exec rake install`.

## Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/kuyio/omniauth-microsoft-graph. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/kuyio/omniauth-microsoft-graph/blob/master/CODE_OF_CONDUCT.md).

## License

The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

## Code of Conduct

Everyone interacting in the Omniauth::Microsoft project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/kuyio/omniauth-microsoft-graph/blob/master/CODE_OF_CONDUCT.md).