Class: Legion::Extensions::Identity::Entra::Delegated::CLI::Auth

Inherits:
Object
  • Object
show all
Defined in:
lib/legion/extensions/identity/entra/delegated/cli/auth.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.cli_aliasObject 



10
 
# File 'lib/legion/extensions/identity/entra/delegated/cli/auth.rb', line 10

def self.cli_alias = 'entra'

.descriptionsObject 



12
13
14
15
16
17
 
# File 'lib/legion/extensions/identity/entra/delegated/cli/auth.rb', line 12

def self.descriptions
  {
    login:  'Authenticate with Microsoft Entra via delegated OAuth',
    status: 'Show current Entra authentication state'
  }
end

Instance Method Details

#login(tenant_id: nil, client_id: nil, scopes: nil) ⇒ Object 



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/legion/extensions/identity/entra/delegated/cli/auth.rb', line 19

def (tenant_id: nil, client_id: nil, scopes: nil, **)
  settings = tenant_id && client_id ? {} : resolve_settings
  tid = tenant_id || settings[:tenant_id] || ENV.fetch('AZURE_TENANT_ID', nil)
  cid = client_id || settings[:client_id] || ENV.fetch('AZURE_CLIENT_ID', nil)
  requested_scopes = scopes || settings.dig(:delegated, :scopes) || Helpers::BrowserAuth.default_scopes

  unless tid && cid
    puts 'Error: tenant_id and client_id required (set identity.entra.auth, env vars, or pass as args)'
    return { error: 'missing_config' }
  end

  browser_auth = Helpers::BrowserAuth.new(tenant_id: tid, client_id: cid,
                                          scopes: requested_scopes, force_local_server: true)
  result = browser_auth.authenticate
  body = result&.dig(:result)

  if body&.dig(:access_token)
    store_token(body, tenant_id: tid, client_id: cid, scopes: requested_scopes)
    puts 'Entra authenticated successfully.'
  else
    puts 'Entra authentication failed or was cancelled.'
  end

  result
rescue StandardError => e
  puts "Error: #{e.message}"
  { error: 'login_failed', description: e.message }
end

#statusObject 



48
49
50
51
52
53
54
55
56
57
 
# File 'lib/legion/extensions/identity/entra/delegated/cli/auth.rb', line 48

def status
  data = Helpers::TokenManager.token_data(:delegated, refresh: false)
  if data && !Helpers::TokenManager.expired?(data)
    puts 'Entra: authenticated (delegated token present)'
    { result: { authenticated: true, expires_at: data[:expires_at]&.utc&.iso8601 } }
  else
    puts 'Entra: not authenticated'
    { result: { authenticated: false } }
  end
end