Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

infinum_azure

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

infinum_azure

  • 3.1.0
  • Rubygems
  • Socket score

Version published
Maintainers
1
Created
Source

InfinumAzure Engine

InfinumAzure Engine is gem for resource authentication with Infinum Azure AD server.

Table of Contents

  • Installation
  • Dependencies
  • Configuration
  • Usage

Installation

Add this line to your application's Gemfile:

gem 'infinum_azure'

And then execute:

$ bundle

Or install it yourself as:

$ gem install infinum_azure

Dependencies

Configuration

InfinumAzure

# config/initializers/infinum_azure.rb

InfinumAzure.configure do |config|
  config.resource_name = 'User'
  config.resource_attributes = [:uid, :email, :first_name, :last_name, :avatar_url,
                                :deactivated_at, :groups, :employee]

  config.user_migration_scope = -> { resource_class.where(provider: 'infinum_id') }
  config.user_migration_operation = -> (record, resource) {
    record.update_attribute(:provider, 'infinum_azure')
    record.update_attribute(:uid, resource['uid'])
  }
  config.client_id = 'client-id'
  config.client_secret = 'client-secret'
  config.domain = 'https://login.b2c.com'
  config.tenant = 'tenant'
  config.users_auth_url = 'https://example.com'
end

Configuration options:

  • client_id(mandatory) - client ID
  • client_secret(mandatory) - client secret
  • domain(mandatory) - Identity service domain
  • resource_name(mandatory) - name of resource on whom authentication is being done
  • tenant(mandatory) - Tenant id
  • resource_attributes(optional) - attributes that will be permitted once the webhook controller receives the params from InfinumAzure
  • user_migration_scope(optional) - a block that will be used to get the initial collection of resources (if blank, default is written above)
  • user_migration_operation(optional) - a block that will be called for each resource from the above collection if a matching resource on InfinumAzure is found. The resource is a Hash containing the following properties:
    • uid - string
    • first_name - string || null
    • last_name - string || null
    • email - string
    • avatar_url - string || null
    • groups - string || null -> a comma separated list; if "employees" is present, the user is an employee
    • deactivated - boolean
  • users_auth_url(optional)

Usage

  1. Add columns to resource via migration.

Required columns:

  • email string
  • uid string
  • provider string
  • remember_created_at datetime
  • remember_token string

Optional columns:

  • first_name string
  • last_name string
  • avatar_url string
  • deactivated_at datetime
  • groups jsonb array
  • employee boolean
  1. Add following rows to resource model:
devise :rememberable, :omniauthable, omniauth_providers: [:infinum_azure]

def remember_me
  true
end

NOTE: The #remember_me method needs to always return true in order for users to stay logged in after they shut down their browsers. In case your app has a checkbox for Remember me on the login page next to the login button, you can override the return value.

  1. Use devise's method #authenticate_user! to authenticate users on API endpoints
class AuthenticatedController < ApplicationController
  before_action :authenticate_user!
end
  1. In case your model is named User, you can use the #user_infinum_azure_omniauth_authorize_path for the login button:
button_to 'Login', user_infinum_azure_omniauth_authorize_path
  1. In case you want logging out, you can use #infinum_azure_logout_path for logging out of Infinum Azure and your app:
link_to 'Logout', infinum_azure_logout_path

or, if you just want to clear the session, but not log out of Infinum Azure, you can use:

link_to 'Logout', logout_path

Known issues

If you don't get what you're looking for, check your terminal output and see if omniauth logs are saying anything similar to:

DEBUG -- omniauth: (google_oauth2) Request phase initiated.
WARN -- omniauth: Attack prevented by OmniAuth::AuthenticityTokenProtection
ERROR -- omniauth: (google_oauth2) Authentication failure! authenticity_error: OmniAuth::AuthenticityError, Forbidden

To resolve this issue, install the omniauth-rails_csrf_protection gem:

gem 'omniauth-rails_csrf_protection'

Make sure to use HTTP method POST for authenticating. If you are using a link, you can set the HTTP method to POST like this:

link_to 'Login', user_infinum_azure_omniauth_authorize_path, method: :post

or, simply with #button_to as mentioned above.

License

The gem is available as open source under the terms of the MIT License.

FAQs

Package last updated on 19 Aug 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc