Merge pull request #28 from RIPAGlobal/feature/scope-from-request

Version 2.2.0
RIPAGlobal · Jul 9, 2024 · caaf208 · caaf208
2 parents 9f40699 + fda1bd6
commit caaf208
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Change Log
 
+## v2.2.0 (2024-07-09)
+
+[Implements](https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/pull/26) support for specifying `scope` via the authorisation URL, in addition to the prior support for static configuration or configuration via a custom provider class - thanks @nbgoodall!
+
 ## v2.1.0 (2023-09-16)
 
 [Implements](https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/pull/19) support for custom policies when using Microsoft Azure AD - thanks @stevenchanin!

diff --git a/README.md b/README.md
@@ -25,12 +25,15 @@ gem 'omniauth-azure-activedirectory-v2'
 
 And then execute:
 
-    $ bundle install
+```shell
+$ bundle install
+```
 
 Or install it yourself as:
 
-    $ gem install omniauth-azure-activedirectory-v2
-
+```shell
+$ gem install omniauth-azure-activedirectory-v2
+```
 
 
 ## Usage
@@ -162,6 +165,14 @@ In method `#authorize_params` above, the request object is used to look for a `l
 
 > **NB:** Naming things is hard! The predecessor gem used the name `YouTenantProvider` since it was focused on custom tenant provision, but if using this in a more generic way, perhaps consider a more generic name such as, say, `CustomOmniAuthAzureProvider`.
 
+#### Special case scope override
+
+If required and more convenient, you can specify a custom `scope` value via generation of an authorisation URL including that required `scope`, rather than by using a custom provider class with `def scope...end` method. Include the `scope` value in your call to generate the URL thus:
+
+```ruby
+omniauth_authorize_url('resource_name_eg_user', 'azure_activedirectory_v2', scope: '...')
+```
+
 
 
 ## Contributing
@@ -182,6 +193,8 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/RIPAGl
 * Add tests and check that `bundle exec rspec` still runs successfully
 * For new features (rather than bug fixes), update `README.md` with details
 
+
+
 ## License
 
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

diff --git a/lib/omniauth/azure_activedirectory_v2/version.rb b/lib/omniauth/azure_activedirectory_v2/version.rb
@@ -2,8 +2,8 @@ module OmniAuth
   module Azure
     module Activedirectory
       module V2
-        VERSION = "2.1.0"
-        DATE    = "2023-09-16"
+        VERSION = "2.2.0"
+        DATE    = "2024-07-09"
       end
     end
   end

diff --git a/lib/omniauth/strategies/azure_activedirectory_v2.rb b/lib/omniauth/strategies/azure_activedirectory_v2.rb
@@ -41,7 +41,9 @@ def client
           options.authorize_params.prompt = request.params['prompt']
         end
 
-        options.authorize_params.scope = if provider.respond_to?(:scope) && provider.scope
+        options.authorize_params.scope = if defined?(request) && request.params['scope']
+          request.params['scope']
+        elsif provider.respond_to?(:scope) && provider.scope
           provider.scope
         else
           DEFAULT_SCOPE

diff --git a/spec/omniauth/strategies/azure_activedirectory_v2_spec.rb b/spec/omniauth/strategies/azure_activedirectory_v2_spec.rb
@@ -299,6 +299,12 @@ def client_secret
       it 'has correct token url' do
         expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.com/common/oauth2/v2.0/token')
       end
+
+      it 'has correct scope from request params' do
+        request.params['scope'] = 'openid email offline_access Calendars.Read'
+        subject.client
+        expect(subject.authorize_params[:scope]).to eql('openid email offline_access Calendars.Read')
+      end
     end
   end