Class: AtlasRb::Authentication
- Inherits:
-
Object
- Object
- AtlasRb::Authentication
- Extended by:
- FaradayHelper
- Defined in:
- lib/atlas_rb/authentication.rb
Overview
User-facing identity lookups against the Atlas API.
Unlike the resource classes, Authentication threads a real NUID into
FaradayHelper#connection's second positional argument. On the relay-signing
path that NUID is signed into the assertion sub; Atlas resolves the acting
user and their group memberships from the proven sub.
No login round-trip happens here today; auth is assumed to be already
provisioned out-of-band (a configured signing key, or ATLAS_JWT). The
commented-out code in this file reflects an older flow where a /token
endpoint exchanged an NUID for a session token.
Constant Summary
Constants included from FaradayHelper
FaradayHelper::ASSERTION_AUDIENCE, FaradayHelper::ASSERTION_ISSUER, FaradayHelper::ASSERTION_TTL, FaradayHelper::INSTRUMENTATION_EVENT
Class Method Summary collapse
-
.groups(nuid) ⇒ Array<Hash>
Fetch only the group memberships for an NUID.
-
.login(nuid, email: nil) ⇒ Hash
Look up the Atlas user record for an NUID.
Methods included from FaradayHelper
connection, multipart, system_connection, with_file_part
Class Method Details
.groups(nuid) ⇒ Array<Hash>
Fetch only the group memberships for an NUID.
Convenience wrapper around the same GET /user call as login; useful
when authorization checks only need group names.
52 53 54 55 56 57 58 |
# File 'lib/atlas_rb/authentication.rb', line 52 def self.groups(nuid) # user_details = login(nuid) # token = user_details[:token] ... # TODO - need to update atlas login to give back name, id, and token upon logging in # result = JSON.parse(connection({ token: token }).post('/users/2/groups')&.body)["user"]["groups"] AtlasRb::Mash.new(JSON.parse(connection({}, nuid).get('/user')&.body))["groups"] end |
.login(nuid, email: nil) ⇒ Hash
Look up the Atlas user record for an NUID.
A NUID can hold several accounts (a person's staff/student logins). Pass
email: to act as — and read back — a specific one; it rides as a signed
acct claim so GET /user resolves that account. Omit it and Atlas
returns the person's preferred account.
36 37 38 |
# File 'lib/atlas_rb/authentication.rb', line 36 def self.login(nuid, email: nil) AtlasRb::Mash.new(JSON.parse(connection({}, nuid, account: email).get('/user')&.body)) end |