feat: dynamic microsoft graph/yammer profile endpoint to fix invalid audience for yammer

bKP451 · bKP451 · commit 1a8b598a1860 · 2025-06-19T14:38:35.000+05:45
diff --git a/lib/omniauth/strategies/microsoft_graph.rb b/lib/omniauth/strategies/microsoft_graph.rb
@@ -6,6 +6,8 @@ class MicrosoftGraph < OmniAuth::Strategies::OAuth2
       BASE_SCOPE_URL = 'https://graph.microsoft.com/'
       BASE_SCOPES = %w[offline_access openid email profile].freeze
       DEFAULT_SCOPE = 'offline_access openid email profile User.Read'.freeze
+      YAMMER_PROFILE_URL = 'https://www.yammer.com/api/v1/users/current.json'
+      MICROSOFT_GRAPH_PROFILE_URL = 'https://graph.microsoft.com/v1.0/me'
 
       option :name, :microsoft_graph
 
@@ -64,7 +66,7 @@ def authorize_params
       end
 
       def raw_info
-        @raw_info ||= access_token.get('https://graph.microsoft.com/v1.0/me').parsed
+        @raw_info ||= access_token.get(profile_endpoint).parsed
       end
 
       def callback_url
@@ -73,11 +75,25 @@ def callback_url
 
       def custom_build_access_token
         access_token = get_access_token(request)
+        # Get the profile(microsoft graph / yammer) endpoint choice based on returned bearer token
+        @profile_endpoint = determine_profile_endpoint(request)
         access_token
       end
 
       alias build_access_token custom_build_access_token
 
+      def profile_endpoint
+        @profile_endpoint ||= MICROSOFT_GRAPH_PROFILE_URL
+      end
+
+      def determine_profile_endpoint(request)
+        if request.env['omniauth.params']['scope']&.include? 'yammer'
+          YAMMER_PROFILE_URL
+        else
+          MICROSOFT_GRAPH_PROFILE_URL
+        end
+      end
+
       private
 
       def get_access_token(request)
