diff --git a/lib/omniauth/strategies/azure_active_directory_b2c.rb b/lib/omniauth/strategies/azure_active_directory_b2c.rb index 9d93a99..d6b3034 100644 --- a/lib/omniauth/strategies/azure_active_directory_b2c.rb +++ b/lib/omniauth/strategies/azure_active_directory_b2c.rb @@ -36,6 +36,7 @@ def self.failure_message_key(key) InvalidCredentialsError = Class.new(CallbackError) { failure_message_key :invalid_credentials } UnauthorizedError = Class.new(CallbackError) { failure_message_key :unauthorized } MissingCodeError = Class.new(CallbackError) { failure_message_key :missing_code } + IdTokenValidationError = Class.new(CallbackError) { failure_message_key :id_token_validation_failed } ######################################### # Strategy options @@ -98,6 +99,7 @@ def authentication_response def callback_phase validate_callback_response! + validate_id_token! super # required to complete the callback phase rescue UnauthorizedError => e @@ -122,6 +124,13 @@ def validate_callback_response! end end + def validate_id_token! + results = authentication_response.validate_id_token + if results.has_errors? + raise IdTokenValidationError, results.full_messages.join('. ') + end + end + ######################################### # Auth Hash Schema ######################################### diff --git a/lib/omniauth/strategies/azure_active_directory_b2c/authentication_response.rb b/lib/omniauth/strategies/azure_active_directory_b2c/authentication_response.rb index 3e1267d..2ff3196 100644 --- a/lib/omniauth/strategies/azure_active_directory_b2c/authentication_response.rb +++ b/lib/omniauth/strategies/azure_active_directory_b2c/authentication_response.rb @@ -112,6 +112,10 @@ def jwk_key end end + def validate_id_token(seconds_since_epoc = Time.now.to_i) + JwtValidator.validate(id_token.raw_attributes, public_key, policy, seconds_since_epoc) + end + end # AuthenticationResponse end # AzureActiveDirectoryB2C end # Strategies