Class: ADAL::AuthenticationContext

Inherits:

Object

• Object
• ADAL::AuthenticationContext

Includes:

RequestParameters, Util

Defined in:

lib/adal/authentication_context.rb

Overview

Retrieves authentication tokens from Azure Active Directory and ADFS services. For most users, this is the primary class to authenticate an application.

Constant Summary

Constants included from RequestParameters

RequestParameters::AAD_API_VERSION, RequestParameters::ASSERTION, RequestParameters::CLIENT_ASSERTION, RequestParameters::CLIENT_ASSERTION_TYPE, RequestParameters::CLIENT_ID, RequestParameters::CLIENT_REQUEST_ID, RequestParameters::CLIENT_RETURN_CLIENT_REQUEST_ID, RequestParameters::CLIENT_SECRET, RequestParameters::CODE, RequestParameters::FORM_POST, RequestParameters::GRANT_TYPE, RequestParameters::PASSWORD, RequestParameters::REDIRECT_URI, RequestParameters::REFRESH_TOKEN, RequestParameters::RESOURCE, RequestParameters::SCOPE, RequestParameters::UNIQUE_ID, RequestParameters::USERNAME, RequestParameters::USER_INFO

Instance Method Summary

• #acquire_token_for_client(resource, client_cred) ⇒ Object

  Gets an access token with only the clients credentials and no user information.

• #acquire_token_for_user(resource, client_cred, user) ⇒ Object

  Gets an acccess token with a previously acquired user token.

• #acquire_token_with_authorization_code(auth_code, redirect_uri, client_cred, resource = nil) ⇒ Object

  Gets an access token with a previously acquire authorization code.

• #acquire_token_with_refresh_token(refresh_token, client_cred, resource = nil) ⇒ Object

  Gets an access token using a previously acquire refresh token.

• #authorization_request_url(resource, client_id, redirect_uri, extra_query_params = {}) ⇒ Object

  Constructs a URL for an authorization endpoint using query parameters.

• #correlation_id=(value) ⇒ Object

  Sets the correlation id that will be used in all future request headers and logs.

• #initialize(authority_host = Authority::WORLD_WIDE_AUTHORITY, tenant = Authority::COMMON_TENANT, options = {}) ⇒ AuthenticationContext constructor

  Creates a new AuthenticationContext.

Methods included from Util

#fail_if_arguments_nil, #http, #string_hash

Constructor Details

#initialize(authority_host = Authority::WORLD_WIDE_AUTHORITY, tenant = Authority::COMMON_TENANT, options = {}) ⇒ AuthenticationContext

Creates a new AuthenticationContext.

Parameters:

• String —

  authority_host The host name of the authority to verify against, e.g. ‘login.windows.net’.

• String —

  tenant The tenant to authenticate to, e.g. ‘contoso.onmicrosoft.com’.

# File 'lib/adal/authentication_context.rb', line 55

def initialize(authority_host = Authority::WORLD_WIDE_AUTHORITY,
               tenant = Authority::COMMON_TENANT,
               options = {})
  fail_if_arguments_nil(authority_host, tenant)
  validate_authority = options[:validate_authority] || false
  @authority = Authority.new(authority_host, tenant, validate_authority)
  @token_cache = options[:token_cache] || MemoryCache.new
end

Instance Method Details

#acquire_token_for_client(resource, client_cred) ⇒ Object

Gets an access token with only the clients credentials and no user information.

Parameters:

• String —

  resource The resource being requested.

• ClientCredential|ClientAssertion|ClientAssertionCertificate —

  An object that validates the client application by adding #request_params to the OAuth request.

Returns:

• TokenResponse

# File 'lib/adal/authentication_context.rb', line 76

def acquire_token_for_client(resource, client_cred)
  fail_if_arguments_nil(resource, client_cred)
  token_request_for(client_cred).get_for_client(resource)
end

#acquire_token_for_user(resource, client_cred, user) ⇒ Object

Gets an acccess token with a previously acquired user token. Gets an access token for a specific user. This method is relevant for three authentication scenarios:

1. Username/Password flow:

Pass in the username and password wrapped in an ADAL::UserCredential.

1. On-Behalf-Of flow:

This allows web services to accept access tokens users and then exchange them for access tokens for a different resource. Note that to use this flow you must properly configure permissions settings in the Azure web portal. Pass in the access token wrapped in an ADAL::UserAssertion.

1. User Identifier flow:

This will not make any network connections but will merely check the cache for existing tokens matching the request.

Parameters:

• String —

  resource The intended recipient of the requested token.

• ClientCredential|ClientAssertion|ClientAssertionCertificate —

  An object that validates the client application by adding #request_params to the OAuth request.

• UserAssertion|UserCredential|UserIdentifier —

  An object that validates the client that the requested access token is for. See the description above of the various flows.

Returns:

• TokenResponse

# File 'lib/adal/authentication_context.rb', line 147

def acquire_token_for_user(resource, client_cred, user)
  fail_if_arguments_nil(resource, client_cred, user)
  token_request_for(client_cred)
    .get_with_user_credential(user, resource)
end

#acquire_token_with_authorization_code(auth_code, redirect_uri, client_cred, resource = nil) ⇒ Object

Gets an access token with a previously acquire authorization code.

Parameters:

• String —

  auth_code The authorization code that was issued by the authorization server.

• URI —

  redirect_uri The URI that was passed to the authorization server with the request for the authorization code.

• ClientCredential|ClientAssertion|ClientAssertionCertificate —

  An object that validates the client application by adding #request_params to the OAuth request.

Returns:

• TokenResponse

# File 'lib/adal/authentication_context.rb', line 95

def acquire_token_with_authorization_code(
  auth_code, redirect_uri, client_cred, resource = nil)
  fail_if_arguments_nil(auth_code, redirect_uri, client_cred)
  token_request_for(client_cred)
    .get_with_authorization_code(auth_code, redirect_uri, resource)
end

#acquire_token_with_refresh_token(refresh_token, client_cred, resource = nil) ⇒ Object

Gets an access token using a previously acquire refresh token.

Parameters:

• String —

  refresh_token The previously acquired refresh token.

• String|ClientCredential|ClientAssertion|ClientAssertionCertificate —

  The client application can be validated in four different manners, depending on the OAuth flow. This object must support #request_params.

Returns:

• TokenResponse

# File 'lib/adal/authentication_context.rb', line 113

def acquire_token_with_refresh_token(
  refresh_token, client_cred, resource = nil)
  fail_if_arguments_nil(refresh_token, client_cred)
  token_request_for(client_cred)
    .get_with_refresh_token(refresh_token, resource)
end

#authorization_request_url(resource, client_id, redirect_uri, extra_query_params = {}) ⇒ Object

Constructs a URL for an authorization endpoint using query parameters.

Parameters:

• String —

  resource The intended recipient of the requested token.

• String —

  client_id The identifier of the calling client application.

• URI —

  redirect_uri The URI that the the authorization code should be sent back to.

Returns:

• URI

# File 'lib/adal/authentication_context.rb', line 165

def authorization_request_url(
  resource, client_id, redirect_uri, extra_query_params = {})
  @authority.authorize_endpoint(
    extra_query_params.reverse_merge(
      client_id: client_id,
      response_mode: FORM_POST,
      redirect_uri: redirect_uri,
      resource: resource,
      response_type: CODE))
end

#correlation_id=(value) ⇒ Object

Sets the correlation id that will be used in all future request headers and logs.

Parameters:

• String —

  value The UUID to use as the correlation for all subsequent requests.

# File 'lib/adal/authentication_context.rb', line 182

def correlation_id=(value)
  Logging.correlation_id = value
end