azuread / omniauth-azure-activedirectory Goto Github PK

License: MIT License

Ruby 100.00%

omniauth-azure-activedirectory's Introduction

OmniAuth Azure Active Directory

OmniAuth strategy to authenticate to Azure Active Directory via OpenId Connect.

Before starting, set up a tenant and register a Web Application at https://manage.windowsazure.com. Note your client id and tenant for later.

Samples and Documentation

We provide a full suite of sample applications and documentation on GitHub to help you get started with learning the Azure Identity system. This includes tutorials for native clients such as Windows, Windows Phone, iOS, OSX, Android, and Linux. We also provide full walkthroughs for authentication flows such as OAuth2, OpenID Connect, Graph API, and other awesome features.

Community Help and Support

We leverage Stack Overflow to work with the community on supporting Azure Active Directory and its SDKs, including this one! We highly recommend you ask your questions on Stack Overflow (we're all on there!) Also browser existing issues to see if someone has had your question before.

We recommend you use the "adal" tag so we can see it! Here is the latest Q&A on Stack Overflow for ADAL: http://stackoverflow.com/questions/tagged/adal

Security Reporting

If you find a security issue with our libraries or services please report it to [email protected] with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.

We Value and Adhere to the Microsoft Open Source Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

How to use this SDK

Installation

Add to your Gemfile:

gem 'omniauth-azure-activedirectory'

Usage

If you are already using OmniAuth, adding AzureAD is as simple as adding a new provider to your OmniAuth::Builder. The provider requires your AzureAD client id and your AzureAD tenant.

For example, in Rails you would add this in config/initializers/omniauth.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :azure_activedirectory, ENV['AAD_CLIENT_ID'], ENV['AAD_TENANT']
  # other providers here
end

If you are using Sinatra or something else that requires you to configure Rack yourself, you should add this to your config.ru:

use OmniAuth::Builder do
  provider :azure_activedirectory, ENV['AAD_CLIENT_ID'], ENV['AAD_TENANT']
end

When you want to authenticate the user, simply redirect them to /auth/azureactivedirectory. From there, OmniAuth will takeover. Once the user authenticates (or fails to authenticate), they will be redirected to /auth/azureactivedirectory/callback or /auth/azureactivedirectory/failure. The authentication result is available in request.env['omniauth.auth'].

If you are supporting multiple OmniAuth providers, you will likely have something like this in your code:

%w(get post).each do |method|
  send(method, '/auth/:provider/callback') do
    auth = request.env['omniauth.auth']

    # Do what you see fit with your newly authenticated user.

  end
end

Auth Hash

OmniAuth AzureAD tries to be consistent with the auth hash schema recommended by OmniAuth. https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema.

Here's an example of an authentication hash available in the callback. You can access this hash as request.env['omniauth.auth'].

  :provider => "azureactivedirectory",
  :uid => "123456abcdef",
  :info => {
    :name => "John Smith",
    :email => "[email protected]",
    :first_name => "John",
    :last_name => "Smith"
  },
  :credentials => {
    :code => "ffdsjap9fdjw893-rt2wj8r9r32jnkdsflaofdsa9"
  },
  :extra => {
    :session_state => '532fgdsgtfera32',
    :raw_info => {
      :id_token => "fjeri9wqrfe98r23.fdsaf121435rt.f42qfdsaf",
      :id_token_claims => {
        "aud" => "fdsafdsa-fdsafd-fdsa-sfdasfds",
        "iss" => "https://sts.windows.net/fdsafdsa-fdsafdsa/",
        "iat" => 53315113,
        "nbf" => 53143215,
        "exp" => 53425123,
        "ver" => "1.0",
        "tid" => "5ffdsa2f-dsafds-sda-sds",
        "oid" => "fdsafdsaafdsa",
        "upn" => "[email protected]",
        "sub" => "123456abcdef",
        "nonce" => "fdsaf342rfdsafdsafsads"
      },
      :id_token_header => {
        "typ" => "JWT",
        "alg" => "RS256",
        "x5t" => "fdsafdsafdsafdsa4t4er32",
        "kid" => "tjiofpjd8ap9fgdsa44"
      }
    }
  }

License

omniauth-azure-activedirectory's People

Contributors

Stargazers

Watchers

Forkers

alphastaxllc andrew-whitmore vinay-career-builder experity onurkucukkece vf19cmi hoppinger equivalent indagation flojon bignerdranch mordieross leettran ahmelsayed anshuman29 elissonmichael napazone dinocastillo2 jonysk fxvende kuroneko planio-gmbh gleasontech morellan bennyboy1 xdrr vinicius-b zeroinfinite robotdan current-rms officespacesoftware ahmadhasankhan citizenlabdotco joesenova mtvillwock netpenthe sundialgrowers lucasvdev bilue cerealcommas kmwhite cprodhomme evanspjz bfioca jonny993 demarque hoangtuanictvn hpieris adviceregtech intelligentmedicalsystems joe1chen mikerosales easylodge igorfedotenkov mconf s-osa dreoliv neilwilliams eilers bigfleet dvfleet413 silverfin-engineering ramblex cmedley research-technologies nickg158 kfelahiju bayko isabella232 nilpointer tripclickpro hyoshioka0128 jobport wizpra xtrasimplicity wecare-app imsny28

omniauth-azure-activedirectory's Issues

issue when runnirng rake db:migrate

after running bundle install and passed successfully , when executed rake db:migrate we got this error message below , can someone please help me solve this error ,why i'm getting this when do rake db:migrate

GemRequireError: There was an error while trying to load the gem 'adal'.
Gem Load Error is: uninitialized constant ADAL::ClientAssertionCertificate::RequestParameters
Backtrace for gem load error is:
/usr/local/rvm/gems/ruby-2.3.0/gems/adal-1.0.0/lib/adal/client_assertion_certificate.rb:31:in `class:ClientAssertionCertificate'

Thanks

Returned nonce did not match.

When I try to login using activedirectory I get the follow error and stacktrace:

JWT::DecodeError (Returned nonce did not match.):
omniauth-azure-activedirectory (1.0.0) lib/omniauth/strategies/azure_activedirectory.rb:289:in   `validate_and_parse_id_token'
omniauth-azure-activedirectory (1.0.0) lib/omniauth/strategies/azure_activedirectory.rb:92:in `callback_phase'
omniauth (1.3.1) lib/omniauth/strategy.rb:227:in `callback_call'
omniauth (1.3.1) lib/omniauth/strategy.rb:184:in `call!'
omniauth (1.3.1) lib/omniauth/strategy.rb:164:in `call'
omniauth (1.3.1) lib/omniauth/strategy.rb:408:in `call_app!'
omniauth (1.3.1) lib/omniauth/strategy.rb:362:in `callback_phase'
omniauth-azure-activedirectory (1.0.0) lib/omniauth/strategies/azure_activedirectory.rb:94:in `callback_phase'
omniauth (1.3.1) lib/omniauth/strategy.rb:227:in `callback_call'
omniauth (1.3.1) lib/omniauth/strategy.rb:184:in `call!'
omniauth (1.3.1) lib/omniauth/strategy.rb:164:in `call'
omniauth (1.3.1) lib/omniauth/builder.rb:63:in `call'
warden (1.2.6) lib/warden/manager.rb:35:in `block in call'
warden (1.2.6) lib/warden/manager.rb:34:in `catch'
warden (1.2.6) lib/warden/manager.rb:34:in `call'

It fails here https://github.com/AzureAD/omniauth-azure-activedirectory/blob/master/lib/omniauth/strategies/azure_activedirectory.rb#L289

I'm trying to use ominauth-azure_activedirectory in combination with Devise, my config looks like this:

  config.omniauth :azure_activedirectory, ENV['AAD_CLIENT_ID'], ENV['AAD_TENANT']

Is my setup wrong? Or is it a bug in this library?

Update location of the OpenID configuration in lib/omniauth/strategies/azure_activedirectory.rb

Are there any issues in changing https://login.windows.net/ to the new authority at https://login.microsoftonline.com/ per http://blogs.technet.com/b/ad/archive/2015/03/06/simplifying-our-azure-ad-authentication-flows.aspx?

Error for '/auth/azureactivedirectory' (AWS Elastic Beanstalk)

I have my azure ad up and running, my app works fine on my local machine, but once deployed to AWS EB, I am getting the following error for route '/auth/azureactivedirectory'.

A really lowlevel plumbing error occured. Please contact your local Maytag(tm) repair person.

I have checked logs in AWS and getting this one:

Rack app error: #<NameError: uninitialized constant OmniAuth::Strategies::AzureActiveDirectory::Net>

Any ideas what is causing this?

Is this actually being maintained?

As this gem is the official omniauth integration for Azure AD is someone actually taking ownership of merging the pull requests which fix the currently broken published version ?

Is this repo still being maintained?

Now that omniauth released version 2 fixing the CVE-2015-9284. Is this strategy going to be updated?

"uninitialized constant Net::HTTP" when RAILS_ENV=production

Summary

When using this gem with Rails 5.1.2 with Ruby 2.4.1, opening path /auth/azureactivedirectory gives this error:

NameError (uninitialized constant Net::HTTP):
omniauth-azure-activedirectory (1.0.0) lib/omniauth/strategies/azure_activedirectory.rb:169:in `fetch_openid_config'

The error does not occur in development mode. It only occurs when RAILS_ENV=production. Tested on Ubuntu 16.04 and the macOS Sierra.

Steps to reproduce

Create a new test project:

rails new testproject
cd testproject

Add gem to Gemfile:

gem 'omniauth-azure-activedirectory'

Update gems and Gemfile.lock from Gemfile:

bundle

Add omniauth.rb to config/initializers:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :azure_activedirectory, ENV['AAD_CLIENT_ID'], ENV['AAD_TENANT']
  # other providers here
end

Run server:

AAD_CLIENT_ID=clientId AAD_TENANT=tenantId RAILS_ENV=production bin/rails server

Navigate to http://localhost:3000/auth/azureactivedirectory
Error should appear in logs/production.log:

...
NameError (uninitialized constant Net::HTTP):
omniauth-azure-activedirectory (1.0.0) lib/omniauth/strategies/azure_activedirectory.rb:169:in `fetch_openid_config'
...

Workaround

I was able to successfully work around this issue by requiring the module in my application.rb file:

require 'net/http'

Root Cause

I suspect that something runs in Rails development that that requires net/http ahead of time. Nevertheless, do you think that the azure_activedirectory.rb file the omniauth-azure-activedirectory gem should require net/http on its own since it refers to the constant in the fetch_openid_config method on line 169 of that file?

Q: Multi-tenant app support?

Does using omniauth-azure-activedirectory preclude my app from being multi-tenant? I see that in the below file a tenant identifier is expected; how does that impact me?

From examples/rails-todo-list-app/config/environment.rb

# You may want to specify these keys separately for production and test
# environments.
ENV['CLIENT_ID'] = 'YOUR CLIENT ID HERE'
ENV['CLIENT_SECRET'] = 'YOUR CLIENT SECRET HERE'
ENV['TENANT'] ='YOUR TENANT HERE'

# Load the Rails application.
require File.expand_path('../application', __FILE__)

ADAL::Logging.log_level = ADAL::Logger::VERBOSE

# Initialize the Rails application.
Rails.application.initialize!

Azure AD throwing error on redirect to portal login

Azure AD on redirecting to http://localhost:3000/auth/azureactivedirectory is giving me a BAD URI error 'bad URI(is not URI?): "127.0.0.1:8888"

/home/sithara/.rbenv/versions/2.6.0-dev/lib/ruby/2.7.0/uri/rfc3986_parser.rb:67:in `split'
/home/sithara/.rbenv/versions/2.6.0-dev/lib/ruby/2.7.0/uri/rfc3986_parser.rb:73:in `parse'
/home/sithara/.rbenv/versions/2.6.0-dev/lib/ruby/2.7.0/uri/common.rb:234:in `parse'
/home/sithara/.rbenv/versions/2.6.0-dev/lib/ruby/2.7.0/uri/generic.rb:1543:in `find_proxy'
/home/sithara/.rbenv/versions/2.6.0-dev/lib/ruby/2.7.0/net/http.rb:1109:in `proxy_uri'
/home/sithara/.rbenv/versions/2.6.0-dev/lib/ruby/2.7.0/net/http.rb:1096:in `proxy?'
/home/sithara/.rbenv/versions/2.6.0-dev/lib/ruby/2.7.0/net/http.rb:936:in `connect'
/home/sithara/.rbenv/versions/2.6.0-dev/lib/ruby/2.7.0/net/http.rb:930:in `do_start'
/home/sithara/.rbenv/versions/2.6.0-dev/lib/ruby/2.7.0/net/http.rb:919:in `start'
/home/sithara/.rbenv/versions/2.6.0-dev/lib/ruby/2.7.0/net/http.rb:605:in `start'
/home/sithara/.rbenv/versions/2.6.0-dev/lib/ruby/2.7.0/net/http.rb:481:in `get_response'
/home/sithara/.rbenv/versions/2.6.0-dev/lib/ruby/2.7.0/net/http.rb:458:in `get'
vendor/bundle/ruby/2.7.0/gems/omniauth-azure-activedirectory-1.0.0/lib/omniauth/strategies/azure_activedirectory.rb:169:in `fetch_openid_config'
vendor/bundle/ruby/2.7.0/gems/omniauth-azure-activedirectory-1.0.0/lib/omniauth/strategies/azure_activedirectory.rb:190:in `openid_config'
vendor/bundle/ruby/2.7.0/gems/omniauth-azure-activedirectory-1.0.0/lib/omniauth/strategies/azure_activedirectory.rb:105:in `authorize_endpoint_url'
vendor/bundle/ruby/2.7.0/gems/omniauth-azure-activedirectory-1.0.0/lib/omniauth/strategies/azure_activedirectory.rb:79:in `request_phase'
vendor/bundle/ruby/2.7.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:226:in `request_call'
vendor/bundle/ruby/2.7.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:188:in `call!'
vendor/bundle/ruby/2.7.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
vendor/bundle/ruby/2.7.0/gems/omniauth-1.9.0/lib/omniauth/builder.rb:64:in `call'
vendor/bundle/ruby/2.7.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:232:in `context'
vendor/bundle/ruby/2.7.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:226:in `call'
vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/cookies.rb:670:in `call'
vendor/bundle/ruby/2.7.0/gems/rack-2.0.6/lib/rack/method_override.rb:22:in `call'
vendor/bundle/ruby/2.7.0/gems/clearance-1.16.1/lib/clearance/rack_session.rb:23:in `call'
vendor/bundle/ruby/2.7.0/gems/rack-2.0.6/lib/rack/etag.rb:25:in `call'
vendor/bundle/ruby/2.7.0/gems/rack-2.0.6/lib/rack/conditional_get.rb:25:in `call'
vendor/bundle/ruby/2.7.0/gems/rack-2.0.6/lib/rack/head.rb:12:in `call'
vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.2/lib/active_record/migration.rb:559:in `call'
vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
vendor/bundle/ruby/2.7.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:98:in `run_callbacks'
vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/callbacks.rb:26:in `call'
vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/executor.rb:14:in `call'
vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call'
vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
vendor/bundle/ruby/2.7.0/gems/railties-5.2.2/lib/rails/rack/logger.rb:38:in `call_app'
vendor/bundle/ruby/2.7.0/gems/railties-5.2.2/lib/rails/rack/logger.rb:26:in `block in call'
vendor/bundle/ruby/2.7.0/gems/activesupport-5.2.2/lib/active_support/tagged_logging.rb:71:in `block in tagged'
vendor/bundle/ruby/2.7.0/gems/activesupport-5.2.2/lib/active_support/tagged_logging.rb:28:in `tagged'
vendor/bundle/ruby/2.7.0/gems/activesupport-5.2.2/lib/active_support/tagged_logging.rb:71:in `tagged'
vendor/bundle/ruby/2.7.0/gems/railties-5.2.2/lib/rails/rack/logger.rb:26:in `call'
vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/request_id.rb:27:in `call'
vendor/bundle/ruby/2.7.0/gems/rack-2.0.6/lib/rack/runtime.rb:22:in `call'
vendor/bundle/ruby/2.7.0/gems/activesupport-5.2.2/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/executor.rb:14:in `call'
vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/static.rb:127:in `call'
vendor/bundle/ruby/2.7.0/gems/rack-2.0.6/lib/rack/sendfile.rb:111:in `call'
vendor/bundle/ruby/2.7.0/gems/rack-cors-0.4.1/lib/rack/cors.rb:81:in `call'
vendor/bundle/ruby/2.7.0/gems/railties-5.2.2/lib/rails/engine.rb:524:in `call'
vendor/bundle/ruby/2.7.0/gems/puma-3.7.0/lib/puma/configuration.rb:226:in `call'
vendor/bundle/ruby/2.7.0/gems/puma-3.7.0/lib/puma/server.rb:578:in `handle_request'
vendor/bundle/ruby/2.7.0/gems/puma-3.7.0/lib/puma/server.rb:415:in `process_client'
vendor/bundle/ruby/2.7.0/gems/puma-3.7.0/lib/puma/server.rb:275:in `block in run'
vendor/bundle/ruby/2.7.0/gems/puma-3.7.0/lib/puma/thread_pool.rb:120:in `block in spawn_thread'

I'm running on an ubuntu machine. I'm not sure from where the 8888 port is generated

Azure B2C id_token verify

We are using Azure B2C, and there is no x5c in the keys json.

How to get public key from n and e?

authentication errors do not call defined failure root

lib/omniauth/strategies/azure_activedirectory.rb:88 always raises errors regardless of the environment that the application is in.

The omniauth implementation suggests that any environment apart from development will push errors to the defined /auth/failure path

How to configure Devise to use omniauth-azure-activedirectory

Can you provide guidance on how to setup Devise with the use of this library?

How to configure the library to support multiple tenants

Can you provide guidance on how to deal with multiple tenants using the library?
I'm opening this issue because there's no answer to #14, which is closed.

Does not work with multi-tenant apps

I am in the process of setting up a multi-tenant SSO (i.e. outside of my own Azure domains) and ran into the following:

The Authorisation endpoint for a multi-tenant auth needs to be /common/ instead of /[tenant_id]/ as reported by the configuration from Azure
When authenticating a multi-tenant app, we cannot verify the issuer, since it could be any Azure Tenant, not only our own. I'm not familiar enough with JWT to understand the full security impact of this change

Below is my monkey-patch (from config/initialisers/devise.rb) that seems to have solved the situation for me.

   # ==> OmniAuth
  # Add a new OmniAuth provider. Check the wiki for more information on setting
  # up on your models and hooks.
  # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
  config.omniauth :azure_activedirectory, Settings.azure.aad_client_id, Settings.azure.aad_tenant

  # monkey-patch
  module OmniAuth
    module Strategies
      class AzureActiveDirectory
        def authorize_endpoint_url
          wrong_uri = URI(openid_config['authorization_endpoint'])
          # as per http://stackoverflow.com/a/32529128
          uri = URI('https://login.microsoftonline.com/common/oauth2/authorize')
          uri.query = URI.encode_www_form(client_id: client_id,
                                          redirect_uri: callback_url,
                                          response_mode: response_mode,
                                          response_type: response_type,
                                          nonce: new_nonce)
          uri.to_s
        end
        def verify_options
          { verify_expiration: true,
            verify_not_before: true,
            verify_iat: true,
            # I am somewhat uneasy about this solution, since it allows any issuer to provide credential info.
            # However, since the issuer is ?guaranteed? to be an Azure Tenant, we're OK.  Or are we? (gulp)
            # TODO: Investigate
            # verify_iss: true,
            # 'iss' => issuer,
            verify_aud: true,
            'aud' => client_id }
        end
      end
    end
  end

Bump jwt version

please update jwt version to 2.2+

JWT:DecodeError (Nil JSON web token)

I get the following error while trying to login with internet explorer, chrome works fine, and but safari and firefox give warnings about sending data over an unsecured connection, while internet explorer breaks it completely.

my site is on HTTPS, as are my configured redirect url's, but the redirect url that login.microsoftonline.com uses is HTTP.

Am I missing a config somewhere?

JWT::DecodeError (Nil JSON web token):
  jwt (1.5.6) lib/jwt.rb:120:in `decode'
  omniauth-azure-activedirectory (1.0.0) lib/omniauth/strategies/azure_activedirectory.rb:274:in     `validate_and_parse_id_token'
  omniauth-azure-activedirectory (1.0.0) lib/omniauth/strategies/azure_activedirectory.rb:92:in `callback_phase'
  omniauth (1.3.1) lib/omniauth/strategy.rb:227:in `callback_call'
  omniauth (1.3.1) lib/omniauth/strategy.rb:184:in `call!'
  omniauth (1.3.1) lib/omniauth/strategy.rb:164:in `call'
  warden (1.2.6) lib/warden/manager.rb:35:in `block in call'
  warden (1.2.6) lib/warden/manager.rb:34:in `catch'
  warden (1.2.6) lib/warden/manager.rb:34:in `call'
  rack (1.6.4) lib/rack/etag.rb:24:in `call'
  rack (1.6.4) lib/rack/conditionalget.rb:38:in `call'
  rack (1.6.4) lib/rack/head.rb:13:in `call'
  actionpack (4.2.7.1) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
  actionpack (4.2.7.1) lib/action_dispatch/middleware/flash.rb:260:in `call'
  rack (1.6.4) lib/rack/session/abstract/id.rb:225:in `context'
  rack (1.6.4) lib/rack/session/abstract/id.rb:220:in `call'
  actionpack (4.2.7.1) lib/action_dispatch/middleware/cookies.rb:560:in `call'
  activerecord (4.2.7.1) lib/active_record/query_cache.rb:36:in `call'
  activerecord (4.2.7.1) lib/active_record/connection_adapters/abstract/connection_pool.rb:653:in `call'
  actionpack (4.2.7.1) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
  activesupport (4.2.7.1) lib/active_support/callbacks.rb:88:in `__run_callbacks__'
  activesupport (4.2.7.1) lib/active_support/callbacks.rb:778:in `_run_call_callbacks'
  activesupport (4.2.7.1) lib/active_support/callbacks.rb:81:in `run_callbacks'
  actionpack (4.2.7.1) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
  actionpack (4.2.7.1) lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
  actionpack (4.2.7.1) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
  actionpack (4.2.7.1) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
  railties (4.2.7.1) lib/rails/rack/logger.rb:38:in `call_app'
  railties (4.2.7.1) lib/rails/rack/logger.rb:20:in `block in call'
  activesupport (4.2.7.1) lib/active_support/tagged_logging.rb:68:in `block in tagged'
  activesupport (4.2.7.1) lib/active_support/tagged_logging.rb:26:in `tagged'
  activesupport (4.2.7.1) lib/active_support/tagged_logging.rb:68:in `tagged'
  railties (4.2.7.1) lib/rails/rack/logger.rb:20:in `call'
 request_store (1.3.1) lib/request_store/middleware.rb:9:in `call'
 actionpack (4.2.7.1) lib/action_dispatch/middleware/request_id.rb:21:in `call'
 rack (1.6.4) lib/rack/methodoverride.rb:22:in `call'
 rack (1.6.4) lib/rack/runtime.rb:18:in `call'
 activesupport (4.2.7.1) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
 rack (1.6.4) lib/rack/sendfile.rb:113:in `call'
 railties (4.2.7.1) lib/rails/engine.rb:518:in `call'
 railties (4.2.7.1) lib/rails/application.rb:165:in `call'
 puma (3.6.0) lib/puma/configuration.rb:225:in `call'
 puma (3.6.0) lib/puma/server.rb:578:in `handle_request'
 puma (3.6.0) lib/puma/server.rb:415:in `process_client'
 puma (3.6.0) lib/puma/server.rb:275:in `block in run'
 puma (3.6.0) lib/puma/thread_pool.rb:116:in `call'
 puma (3.6.0) lib/puma/thread_pool.rb:116:in `block in spawn_thread'

Does this sdk support client credentials flow?

I would like to know if this SDK supports client credentials flow with secrets or certificate. If so please provide me with a sample