Class: ADAL::Authority

Inherits:

Object

• Object
• ADAL::Authority

Includes:

Logging

Defined in:

lib/adal/authority.rb

Overview

An authentication and token server with the ability to self validate.

Constant Summary

AUTHORIZE_PATH =

'/oauth2/authorize'

COMMON_TENANT =

'common'

DISCOVERY_TEMPLATE =

URITemplate.new('https://{host}/common/discovery/' \
'instance?authorization_endpoint={endpoint}&api-version=1.0')

TENANT_DISCOVERY_ENDPOINT_KEY =

'tenant_discovery_endpoint'

TOKEN_PATH =

'/oauth2/token'

WELL_KNOWN_AUTHORITY_HOSTS =

[
  'login.windows.net',
  'login.microsoftonline.com',
  'login.chinacloudapi.cn',
  'login.cloudgovapi.us'
]

WORLD_WIDE_AUTHORITY =

'login.microsoftonline.com'

Constants included from Logging

Logging::DEFAULT_LOG_LEVEL, Logging::DEFAULT_LOG_OUTPUT

Instance Attribute Summary

• #host ⇒ Object readonly

  Returns the value of attribute host.

• #tenant ⇒ Object readonly

  Returns the value of attribute tenant.

Instance Method Summary

• #authorize_endpoint(params = nil) ⇒ URI

  URI that can be used to acquire authorization codes.

• #initialize(host = WORLD_WIDE_AUTHORITY, tenant = COMMON_TENANT, validate_authority = false) ⇒ Authority constructor

  Creates a new Authority.

• #token_endpoint ⇒ URI

  URI that can be used to acquire tokens.

• #validate ⇒ Boolean

  Checks if the authority matches a set list of known authorities or if it can be resolved by the discovery endpoint.

• #validated? ⇒ Boolean

Methods included from Logging

#logger

Constructor Details

#initialize(host = WORLD_WIDE_AUTHORITY, tenant = COMMON_TENANT, validate_authority = false) ⇒ Authority

Creates a new Authority.

Parameters:

• host (String) (defaults to: WORLD_WIDE_AUTHORITY) —

  The host name of the authority server.

• tenant (String) (defaults to: COMMON_TENANT) —

  The name of the tenant for the Authority to access.

• [Boolean] (Hash) —

  a customizable set of options

# File 'lib/adal/authority.rb', line 63

def initialize(host = WORLD_WIDE_AUTHORITY,
               tenant = COMMON_TENANT,
               validate_authority = false)
  @host = host
  @tenant = tenant
  @validated = !validate_authority
end

Instance Attribute Details

#host ⇒ Object (readonly)

Returns the value of attribute host.

# File 'lib/adal/authority.rb', line 49

def host
  @host
end

#tenant ⇒ Object (readonly)

Returns the value of attribute tenant.

# File 'lib/adal/authority.rb', line 50

def tenant
  @tenant
end

Instance Method Details

#authorize_endpoint(params = nil) ⇒ URI

URI that can be used to acquire authorization codes.

Returns:

• (URI)

# File 'lib/adal/authority.rb', line 79

def authorize_endpoint(params = nil)
  params = params.select { |_, v| !v.nil? } if params.respond_to? :select
  if params.nil? || params.empty?
    URI::HTTPS.build(host: @host, path: '/' + @tenant + AUTHORIZE_PATH)
  else
    URI::HTTPS.build(host: @host,
                     path: '/' + @tenant + AUTHORIZE_PATH,
                     query: URI.encode_www_form(params))
  end
end

#token_endpoint ⇒ URI

URI that can be used to acquire tokens.

Returns:

• (URI)

# File 'lib/adal/authority.rb', line 94

def token_endpoint
  URI::HTTPS.build(host: @host, path: '/' + @tenant + TOKEN_PATH)
end

#validate ⇒ Boolean

Checks if the authority matches a set list of known authorities or if it can be resolved by the discovery endpoint.

Returns:

• (Boolean) —

  True if the Authority was successfully validated.

# File 'lib/adal/authority.rb', line 104

def validate
  @validated = validated_statically? unless validated?
  @validated = validated_dynamically? unless validated?
  @validated
end

#validated? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/adal/authority.rb', line 111

def validated?
  @validated
end