Authenticate via Azure AD to access user information via the Microsoft Graph API.
Add this line to your application's Gemfile:
gem 'omniauth-microsoft-graph', github: 'kuyio/omniauth-microsoft-graph'And then execute:
$ bundle install
Or install it yourself as:
$ gem install omniauth-microsoft-graph
-
Open a browser and navigate to the Azure Active Directory admin center. Login using a personal account (aka: Microsoft Account) or Work or School Account.
-
Select Azure Active Directory in the left-hand navigation, then select App registrations under Manage.
-
Select New registration. On the Register an application page, set the values as follows.
- Set Name to your application name.
- Set Supported account types to Accounts in any organizational directory and personal Microsoft accounts.
- Under Redirect URI, set the first drop-down to Web and set the value to http://localhost:3000/auth/microsoft_graph/callback.
-
Select Register. On the Application info page, copy the value of the Application (client) ID and save it, you will need it in the next step.
-
Select Certificates & secrets under Manage. Select the New client secret button. Enter a value in Description and select one of the options for Expires and select Add.
-
Copy the client secret value before you leave this page. You will need it in the next step. Important: This client secret is never shown again, so make sure you copy it now.
Here's an example for adding the middleware to a Rails app in config/initializers/omniauth.rb:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :microsoft_graph,
ENV['AZURE_APP_ID'],
ENV['AZURE_APP_SECRET'],
scope: ENV['AZURE_SCOPES']
endHere's an example for the application request scopes:
ENV['AZURE_SCOPES'] = 'openid profile email offline_access user.read calendars.read'After logging in with a Microsoft account, and consent to permit the requested scopes, your application will receive a JSON hash from the Microsoft Graph API that is available in request.env['omniauth.auth']. The hash looks like this:
{
"provider": "microsoft_graph",
"uid": "eb52b3b2-c4ac-4b4f-bacd-d5f7ece55df0",
"info": {
"name": null
},
"credentials": {
"token": "eyJ0eXAi...",
"refresh_token": "OAQABAAA...",
"expires_at": 1529517383,
"expires": true
},
"extra": {
"raw_info": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id": "eb52b3b2-c4ac-4b4f-bacd-d5f7ece55df0",
"businessPhones": [
"+1 425 555 0109"
],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Retail Manager",
"mail": "AdeleV@contoso.onmicrosoft.com",
"mobilePhone": null,
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "AdeleV@contoso.onmicrosoft.com"
}
}
}If you look closely at the hash generated by OmniAuth, you'll notice there are two tokens in the hash: token and refresh_token.
The value in token is the access token, which is sent in the Authorization header of API calls. This is the token that allows the app to access the Microsoft Graph on the user's behalf.
However, this token is short-lived. The token expires an hour after it is issued. This is where the refresh_token value becomes useful. The refresh token allows the app to request a new access token without requiring the user to sign in again.
After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install.
Bug reports and pull requests are welcome on GitHub at https://github.com/kuyio/omniauth-microsoft-graph. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.
The gem is available as open source under the terms of the MIT License.
Everyone interacting in the Omniauth::Microsoft project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.