Class: Aspera::OAuth::Boot

Inherits:
Base
  • Object
show all
Defined in:
lib/aspera/oauth/boot.rb

Overview

Token provider bootstrapped from an existing cookie (e.g. AoC browser cookie). Injects the bearer token and optional refresh token directly into the cache. Never generates a new token from scratch — raises if cache+refresh are both exhausted.

Instance Attribute Summary

Attributes inherited from Base

#api, #params, #path_token

Instance Method Summary collapse

Methods inherited from Base

#authorization, #base_params, #create_token_call, #token

Constructor Details

#initialize(cookie: nil, username: nil, **base_params) ⇒ Boot

Returns a new instance of Boot.

Parameters:

  • cookie (String, nil) (defaults to: nil)

    Raw cookie string (--password), nil to rely on existing cache

  • username (String, nil) (defaults to: nil)

    Expected subject; if provided, must match token's sub claim

  • **base_params

    Forwarded to Base (base_url:, params: scope:, etc.)



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# File 'lib/aspera/oauth/boot.rb', line 16

def initialize(cookie: nil, username: nil, **base_params)
  if cookie.nil?
    # No cookie: rely on existing cache, identified by username if provided
    Aspera.assert(username, 'Provide --password (cookie) on first use, or --username for cache lookup', type: ParameterError)
    super(**base_params, cache_ids: [username])
  else
    cookies = cookie.split('; ').map{ |p| p.split('=', 2)}.to_h
    Aspera.assert(cookies.key?('aoc.token'), '--password cookie does not contain aoc.token', type: ParameterError)
    token = cookies['aoc.token']
    decoded = Factory.instance.decode_token(token)
    Aspera.assert_type(decoded, Hash){'Boot: token is not a decodable JWT'}
    sub = decoded['sub']
    Aspera.assert(username.nil? || username.eql?(sub)){"Boot: --username #{username} does not match token subject #{sub}"}
    super(**base_params, cache_ids: [sub])
    token_data = {Factory::TOKEN_FIELD => token}
    token_data['refresh_token'] = cookies['aoc.refresh'] if cookies.key?('aoc.refresh')
    Factory.instance.persist_mgr.put(@token_cache_id, JSON.generate(token_data))
  end
end

Instance Method Details

#create_tokenObject

Should never be reached: if cache and refresh are both exhausted, re-authenticate via browser



37
38
39
# File 'lib/aspera/oauth/boot.rb', line 37

def create_token
  Aspera.report_error(AssertError, 'Boot: token expired and no refresh available — re-authenticate in browser')
end