Module: Doorkeeper::OpenidConnect::Helpers::Controller

Includes:
ErrorResponse, MaxAge, Prompt, TokenMatching
Defined in:
lib/doorkeeper/openid_connect/helpers/controller.rb,
lib/doorkeeper/openid_connect/helpers/controller/prompt.rb,
lib/doorkeeper/openid_connect/helpers/controller/max_age.rb,
lib/doorkeeper/openid_connect/helpers/controller/error_response.rb,
lib/doorkeeper/openid_connect/helpers/controller/token_matching.rb

Defined Under Namespace

Modules: ErrorResponse, MaxAge, Prompt, TokenMatching

Class Method Summary collapse

Class Method Details

.reset_auth_time_deprecation_warning!Object

Reset the deprecation flag (test helper).



31
32
33
# File 'lib/doorkeeper/openid_connect/helpers/controller.rb', line 31

def self.reset_auth_time_deprecation_warning!
  @auth_time_from_resource_owner_deprecation_warned = false
end

.warn_auth_time_from_resource_owner_deprecationObject



16
17
18
19
20
21
22
23
24
25
26
27
28
# File 'lib/doorkeeper/openid_connect/helpers/controller.rb', line 16

def self.warn_auth_time_from_resource_owner_deprecation
  return if @auth_time_from_resource_owner_deprecation_warned

  @auth_time_from_resource_owner_deprecation_warned = true
  warn "DEPRECATION WARNING: `auth_time_from_resource_owner` is deprecated for " \
       "`max_age` enforcement because it cannot distinguish between concurrent " \
       "sessions of the same user, which is a security issue (see " \
       "https://github.com/doorkeeper-gem/doorkeeper-openid_connect/issues/150). " \
       "Please configure `auth_time_from_session` to derive auth_time from the " \
       "current session instead. The `auth_time_from_resource_owner` callback " \
       "continues to be used as a fallback and for the `auth_time` claim on the " \
       "ID Token."
end