Ruby on Rails 4：如何從 Rails 應用程序對 Azure AD 進行身份驗證？

Question

我正在開發一個 Rails 4 Web 應用程序，我計划從我的 Windows Azure AD 對用戶進行身份驗證。

為此，我訂閱了 Windows Azure 並創建了 Active Directory。 然后，我在 AD 中創建了一個應用程序，以獲取客戶端和機密 ID，以便從我的 Rails Web 應用程序訪問 Windows Azure 公開的 API。

為此，我計划使用 Devise gem 。 這是正確的解決方案還是有任何其他庫可以實現這一點。

任何幫助表示贊賞。

Answer 1

不確定您是否還在尋找任何東西，但此 Gist具有使用OAuth2 gem的必要請求代碼。 如果您最終能夠以另一種方式（設計等）使事情發揮作用，我也很想知道您做了什么。

這是 Gist 中由omercs打包到控制器中的代碼：

require 'oauth2'

class WelcomeController < ApplicationController
  # You need to configure a tenant at Azure Active Directory(AAD) to register web app and web service app
  # You will need two entries for these app at the AAD portal
  # You will put clientid and clientsecret for your web app here
  # ResourceId is the webservice that you registered
  # RedirectUri is registered for your web app
  CLIENT_ID = 'b6a42...'
  CLIENT_SECRET = 'TSbx..'
  AUTHORITY = 'https://login.windows.net/'
  AUTHORIZE_URL = "/yourtenant.onmicrosoft.com/oauth2/authorize"
  TOKEN_URL = "/yourtenant.onmicrosoft.com/oauth2/token"
  RESOURCE_ID = 'https://yourtenant.onmicrosoft.com/AllHandsTry' #ResourceId or ResourceURI that you registered at Azure Active Directory
  REDIRECT_URI = 'http://localhost:3000/welcome/callback'

  def index
    update_token
    if session['access_token']
      # show main page and use token
      redirect_to welcome_use_token_path  
    else
      # start authorization
      client = get_client
      a = client.auth_code.authorize_url(:client_id => CLIENT_ID, :resource => RESOURCE_ID, :redirect_uri => REDIRECT_URI)
      redirect_to(a)  
    end
  end

  def callback
    begin
      @code = params[:code]
      client = get_client
      # post token to mobile service api
      #token = client.auth_code.get_token(CGI.escape(@code), :redirect_uri => REDIRECT_URI)
      # id_token token.params["id_token"]
      #multi resource token token.params["resource"]
      token = client.auth_code.get_token(@code, :redirect_uri => REDIRECT_URI, )
      session['access_token'] = token.token
      session['refresh_token'] = token.refresh_token
      session['expire_at'] = token.expire_at  
      session['instance_url']  = token.params['instance_url']
      redirect '/'
    rescue => exception
       output = '<html><body><p>'
       output += "Exception: #{exception.message}<br/>"+exception.backtrace.join('<br/>')
       output += '</p></body></html>'
    end
  end

  def update_token
    puts "update token inside"
    token = session['access_token']
    refresh_token = session['refresh_token']  
    expire_at = session['expire_at']
    @access_token = OAuth2::AccessToken.from_hash(get_client, { :access_token => token, :refresh_token =>  refresh_token, :expire_at => expire_at, :header_format => 'Bearer %s' } )
    if @access_token.expired?
       puts "refresh token"
       @access_token = @access_token.refresh!;
       session['access_token'] = @access_token.token
       session['refresh_token'] = @access_token.refresh_token
       session['expire_at'] = @access_token.expire_at  
       session['instance_url']  = @access_token.params['instance_url']
    end
  end

  # send post request to webservice to send token and create a post request
  def use_token
    # we got the token and now it will posted to the web service in the header
    # you can specify additional headers as well
    # token is included by default
    update_token
    conn = Faraday.new(:url => 'https://yoursite.azurewebsites.net/') do |faraday|
      faraday.request  :url_encoded             # form-encode POST params
      faraday.response :logger                  # log requests to STDOUT
      faraday.adapter  Faraday.default_adapter  # make requests with Net::HTTP
    end
    response = conn.get do |req|                          
      req.url '/api/WorkItem' 
      req.headers['Content-Type'] = 'application/json'
      req.headers['Authorization'] = 'Bearer '+@access_token.token
    end
    @out = response.body
  end

  def get_client
    client = OAuth2::Client.new(CLIENT_ID, CLIENT_SECRET, :site => AUTHORITY, :authorize_url =>  AUTHORIZE_URL, :token_url => TOKEN_URL )
    client
  end
end