Module: Doorkeeper::OpenidConnect

Defined in:
lib/doorkeeper/openid_connect.rb,
lib/doorkeeper/openid_connect/config.rb,
lib/doorkeeper/openid_connect/engine.rb,
lib/doorkeeper/openid_connect/errors.rb,
lib/doorkeeper/openid_connect/version.rb,
lib/doorkeeper/openid_connect/id_token.rb,
lib/doorkeeper/openid_connect/user_info.rb,
lib/doorkeeper/openid_connect/claims/claim.rb,
lib/doorkeeper/openid_connect/rails/routes.rb,
lib/doorkeeper/openid_connect/claims_builder.rb,
lib/doorkeeper/openid_connect/id_token_token.rb,
lib/doorkeeper/openid_connect/orm/active_record.rb,
lib/doorkeeper/openid_connect/helpers/controller.rb,
lib/doorkeeper/openid_connect/claims/normal_claim.rb,
lib/doorkeeper/openid_connect/rails/routes/mapper.rb,
lib/doorkeeper/openid_connect/oauth/token_response.rb,
lib/doorkeeper/openid_connect/rails/routes/mapping.rb,
lib/doorkeeper/openid_connect/claims/aggregated_claim.rb,
lib/doorkeeper/openid_connect/oauth/pre_authorization.rb,
lib/doorkeeper/openid_connect/claims/distributed_claim.rb,
lib/doorkeeper/openid_connect/oauth/authorization/code.rb,
lib/doorkeeper/openid_connect/orm/active_record/request.rb,
lib/doorkeeper/openid_connect/grant_types_supported_mixin.rb,
lib/generators/doorkeeper/openid_connect/install_generator.rb,
lib/doorkeeper/openid_connect/orm/active_record/access_grant.rb,
lib/generators/doorkeeper/openid_connect/migration_generator.rb,
app/controllers/doorkeeper/openid_connect/userinfo_controller.rb,
app/controllers/doorkeeper/openid_connect/discovery_controller.rb,
lib/doorkeeper/openid_connect/oauth/authorization_code_request.rb,
lib/doorkeeper/openid_connect/oauth/dynamic_registration_request.rb,
lib/doorkeeper/openid_connect/oauth/password_access_token_request.rb,
lib/doorkeeper/openid_connect/orm/active_record/mixins/openid_request.rb,
lib/doorkeeper/openid_connect/token_endpoint_auth_methods_supported_mixin.rb,
app/controllers/concerns/doorkeeper/openid_connect/authorizations_extension.rb,
app/controllers/doorkeeper/openid_connect/dynamic_client_registration_controller.rb

Defined Under Namespace

Modules: AccessGrant, AuthorizationsExtension, Claims, Errors, GrantTypesSupportedMixin, Helpers, OAuth, Orm, Rails, TokenEndpointAuthMethodsSupportedMixin Classes: ClaimsBuilder, Config, DiscoveryController, DynamicClientRegistrationController, Engine, IdToken, IdTokenToken, InstallGenerator, MigrationGenerator, Request, UserInfo, UserinfoController

Constant Summary collapse

MAJOR = 
1
MINOR = 
10
TINY = 
0
PRE = 
nil
VERSION =

Full version number

[MAJOR, MINOR, TINY, PRE].compact.join(".")

Class Method Summary collapse

Class Method Details

.configurationObject 



14
15
16
 
# File 'lib/doorkeeper/openid_connect/config.rb', line 14

def self.configuration
  @config || (raise Errors::MissingConfiguration)
end

.configure(&block) ⇒ Object 



5
6
7
8
9
10
11
12
 
# File 'lib/doorkeeper/openid_connect/config.rb', line 5

def self.configure(&block)
  if Doorkeeper.configuration.orm != :active_record
    raise Errors::InvalidConfiguration,
"Doorkeeper OpenID Connect currently only supports the ActiveRecord ORM adapter"
  end

  @config = Config::Builder.new(&block).build
end

.resolve_issuer(resource_owner: nil, application: nil, request: nil) ⇒ String

Resolves the issuer value from the configuration, handling both static values and callable blocks with backward-compatible arity checks.

Parameters:

  • resource_owner (Object, nil) (defaults to: nil)

    the authenticated user (nil in discovery context)

  • application (Object, nil) (defaults to: nil)

    the OAuth application (nil in discovery context)

  • request (ActionDispatch::Request, nil) (defaults to: nil)

    the current request (nil in token context)

Returns:

  • (String)

    the issuer string



133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
 
# File 'lib/doorkeeper/openid_connect.rb', line 133

def self.resolve_issuer(resource_owner: nil, application: nil, request: nil)
  issuer = configuration.issuer
  return issuer.to_s unless issuer.respond_to?(:call)

  case issuer.arity
  when 0
    issuer.call
  when 1
    issuer.call(request || resource_owner)
  when 2
    issuer.call(resource_owner, application)
  else
    issuer.call(resource_owner, application, request)
  end.to_s
end

.signing_algorithmObject 



44
45
46
47
48
49
50
51
 
# File 'lib/doorkeeper/openid_connect.rb', line 44

def self.signing_algorithm
  algo = if configuration.signing_algorithm.respond_to?(:call)
           configuration.signing_algorithm.call
         else
           configuration.signing_algorithm
         end
  algo.to_s.upcase.to_sym
end

.signing_keyObject

Returns the active signing key used when issuing new ID tokens. When multiple keys are configured (see ‘.signing_keys`), this is the first entry; the remaining keys are exposed via the JWKS endpoint so clients can still validate tokens signed with retired keys during a rotation window.



58
59
60
 
# File 'lib/doorkeeper/openid_connect.rb', line 58

def self.signing_key
  build_jwk(normalize_entry(resolved_signing_entries.first))
end

.signing_key_normalizedObject 



69
70
71
 
# File 'lib/doorkeeper/openid_connect.rb', line 69

def self.signing_key_normalized
  signing_key.export
end

.signing_keysObject

Returns every configured key as a ‘JWT::JWK` instance, in the order they were declared. The first entry is the active signing key; the rest are kept for JWKS publication only (e.g. during key rotation).



65
66
67
 
# File 'lib/doorkeeper/openid_connect.rb', line 65

def self.signing_keys
  resolved_signing_entries.map { |entry| build_jwk(normalize_entry(entry)) }
end

.signing_keys_normalizedObject

Returns every configured key formatted for inclusion in the JWKS response, with ‘use` and `alg` already merged. The discovery controller renders this verbatim inside `keys: […]`.



76
77
78
79
 
# File 'lib/doorkeeper/openid_connect.rb', line 76

def self.signing_keys_normalized
  alg = signing_algorithm
  signing_keys.map { |jwk| jwk.export.merge(use: "sig", alg: alg) }
end