How to pass different policy-name or params for authorize-url

[VedaRamaiah]

Please complete all sections.

Configuration

• Provider Gem: omniauth-*
• Ruby Version: 2.6.3
• Framework: Rails 6
• Platform: Windows

Expected Behavior

I would like to customize the authorize-url to include different policy-name defined for sign-in and password reset.

authorize-url looks like :
authorize_url: '/< tenant-name >/< policy-name >/oauth2/v2.0/authorize'

Tell us what should happen.

Actual Behavior

User will be redirected to login page via '/auth/microsoft_graph_auth'
i.e
<%= link_to "Click here to sign in", "/auth/microsoft_graph_auth", method: :post, class: "btn btn-primary btn-large" %>

This will invoke the authorize-url defined in the Strategy file . How do we define different policy name for sign-in and password reset link to work?
In this case,
Sign-in:
authorize_url: '/< tenant-name >/< abc-sign-in >/oauth2/v2.0/authorize'

Password reset:
authorize_url: '/< tenant-name >/< abc-PSWD-RESET>/oauth2/v2.0/authorize

[BobbyMcWho]

I'm not 100% sure what your use case is, but typically password reset would be handled by the oauth provider, so your login link would take them to the provider's login page which itself should have a password reset workflow

[VedaRamaiah]

We have a user flow defined for sign-in and password reset in the azure B2C portal. The login link will take to the provider's login page and when user clicks on "reset password", the password reset user flow should be called and this is done via post call to "/auth/< provider >/' where authorize-url should have '/< tenant-name >/< abc-PSWD-RESET>/oauth2/v2.0/authorize'/ end point instead of '/< tenant-name >/< abc-sign-in>/oauth2/v2.0/authorize/'.

How can I achieve this? Any help would be greatly appreciated. Thanks

[BobbyMcWho]

Unfortunately I do not know enough about the azure graph workflow in general to give you a direct solution 😕

[VedaRamaiah]

Is there a way to customise the authorize-url value which will be defined in the OAuth2 Strategy for different scenarios?

`
require 'omniauth-oauth2'
module OmniAuth
module Strategies

class MicrosoftGraphAuth < OmniAuth::Strategies::OAuth2
  option :name, :microsoft_graph_auth

  DEFAULT_SCOPE = 'openid email profile'.freeze

  # Configure the Microsoft identity platform endpoints
  option :client_options,
        site: '<tenant-name>',
        authorize_url: '/tenant-name/plicy-name/oauth2/v2.0/authorize',
     `

[VedaRamaiah]

@BobbyMcWho
I figured out the way to include the authorize_url based on policy name. It can be done by overrding the request_phase method in our strategy file.

def request_phase
if request.params['p'] == "abc-sign-in"
options[:client_options].authorize_url = '/< tenant-name >/< abc-sign-in>/oauth2/v2.0/authorize/'
else
options[:client_options].authorize_url = '/< tenant-name >/< abc-pswd-reset>/oauth2/v2.0/authorize/'
end
super
end

Now I am facing issue for to do the same thing for token_url .

I am using omniauth-oauth2 gem and I don't see anywhere to stub this token_url based on policy name just like authorize_url. When I did a deeper look , its been used in OAuth2 gem and I am not sure how to overriden token_url end point?

I tried to override in the request_phase method but option :client_options defined in Strategy file gets initialized on callback phase. Any idea on how it has to be tackled?