Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kuyio/omniauth-microsoft-graph
OmniAuth Strategy for Microsoft Graph API via Azure AD
https://github.com/kuyio/omniauth-microsoft-graph
azure microsoft-graph-api omniauth omniauth-strategy
Last synced: about 2 months ago
JSON representation
OmniAuth Strategy for Microsoft Graph API via Azure AD
- Host: GitHub
- URL: https://github.com/kuyio/omniauth-microsoft-graph
- Owner: kuyio
- License: mit
- Created: 2020-07-22T23:29:02.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2024-05-02T07:17:36.000Z (8 months ago)
- Last Synced: 2024-05-02T21:05:33.130Z (8 months ago)
- Topics: azure, microsoft-graph-api, omniauth, omniauth-strategy
- Language: Ruby
- Size: 22.5 KB
- Stars: 0
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# OmniAuth Strategy for Microsoft Graph API via Azure AD
Authenticate via Azure AD to access user information via the Microsoft Graph API.
## Installation
Add this line to your application's Gemfile:
```ruby
gem 'omniauth-microsoft-graph', github: 'kuyio/omniauth-microsoft-graph'
```And then execute:
$ bundle install
Or install it yourself as:
$ gem install omniauth-microsoft-graph
## Obtain Azure AD Application ID, Secret and Scopes
1. Open a browser and navigate to the Azure Active Directory admin center. Login using a personal account (aka: Microsoft Account) or Work or School Account.
2. Select Azure Active Directory in the left-hand navigation, then select App registrations under Manage.
3. Select New registration. On the Register an application page, set the values as follows.
- Set Name to your application name.
- Set Supported account types to Accounts in any organizational directory and personal Microsoft accounts.
- Under Redirect URI, set the first drop-down to Web and set the value to http://localhost:3000/auth/microsoft_graph/callback.4. Select Register. On the Application info page, copy the value of the Application (client) ID and save it, you will need it in the next step.
5. Select Certificates & secrets under Manage. Select the New client secret button. Enter a value in Description and select one of the options for Expires and select Add.
6. Copy the client secret value before you leave this page. You will need it in the next step. **Important:** This client secret is never shown again, so make sure you copy it now.
## Usage
Here's an example for adding the middleware to a Rails app in `config/initializers/omniauth.rb`:
```ruby
Rails.application.config.middleware.use OmniAuth::Builder do
provider :microsoft_graph,
ENV['AZURE_APP_ID'],
ENV['AZURE_APP_SECRET'],
scope: ENV['AZURE_SCOPES']
end
```Here's an example for the application request scopes:
```ruby
ENV['AZURE_SCOPES'] = 'openid profile email offline_access user.read calendars.read'
```After logging in with a Microsoft account, and consent to permit the requested scopes, your application will receive a JSON hash from the Microsoft Graph API that is available in `request.env['omniauth.auth']`. The hash looks like this:
```json
{
"provider": "microsoft_graph",
"uid": "eb52b3b2-c4ac-4b4f-bacd-d5f7ece55df0",
"info": {
"name": null
},
"credentials": {
"token": "eyJ0eXAi...",
"refresh_token": "OAQABAAA...",
"expires_at": 1529517383,
"expires": true
},
"extra": {
"raw_info": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id": "eb52b3b2-c4ac-4b4f-bacd-d5f7ece55df0",
"businessPhones": [
"+1 425 555 0109"
],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Retail Manager",
"mail": "[email protected]",
"mobilePhone": null,
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "[email protected]"
}
}
}
```If you look closely at the hash generated by OmniAuth, you'll notice there are two tokens in the hash: `token` and `refresh_token`.
The value in `token` is the access token, which is sent in the Authorization header of API calls. This is the token that allows the app to access the Microsoft Graph on the user's behalf.
However, this token is short-lived. The token expires an hour after it is issued. This is where the `refresh_token` value becomes useful. The refresh token allows the app to request a new access token without requiring the user to sign in again.
## Development
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run `bundle exec rake install`.
## Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/kuyio/omniauth-microsoft-graph. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/kuyio/omniauth-microsoft-graph/blob/master/CODE_OF_CONDUCT.md).
## License
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
## Code of Conduct
Everyone interacting in the Omniauth::Microsoft project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/kuyio/omniauth-microsoft-graph/blob/master/CODE_OF_CONDUCT.md).