Skip to content

Commit

Permalink
Merge pull request #39 from washu/patch-1
Browse files Browse the repository at this point in the history 
Update entra_id.rb
  • Loading branch information
@pond
pond authored Nov 20, 2024
2 parents db3a76b + a14ac3d commit ba6a76c
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions lib/omniauth/strategies/entra_id.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ class EntraId < OmniAuth::Strategies::OAuth2

DEFAULT_SCOPE = 'openid profile email'
COMMON_TENANT_ID = 'common'

ADFS_TENANT_ID = 'adfs'
# The tenant_provider must return client_id, client_secret and,
# optionally, tenant_id and base_url.
#
Expand Down Expand Up @@ -135,9 +135,9 @@ def raw_info

# For multi-tenant apps (the 'common' tenant_id) it doesn't make any
# sense to verify the token issuer, because the value of 'iss' in the
# token depends on the 'tid' in the token itself.
# token depends on the 'tid' in the token itself. We should also skip for ADFS local instance, as we dont put a valid tenant id in its place, but adfs instead
#
issuer = if options.tenant_id.nil? || options.tenant_id == COMMON_TENANT_ID
issuer = if options.tenant_id.nil? || options.tenant_id == COMMON_TENANT_ID || options.tenant_id == ADFS_TENANT_ID
nil
else
"#{options.base_url || BASE_URL}/#{options.tenant_id}/v2.0"
Expand Down

0 comments on commit ba6a76c

Please sign in to comment.