Class: Himari::AuthorizationCode

Inherits:
Struct
  • Object
show all
Defined in:
lib/himari/authorization_code.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.make(**kwargs) ⇒ Object 



16
17
18
19
20
21
22
 
# File 'lib/himari/authorization_code.rb', line 16

def self.make(**kwargs)
  new(
    code: SecureRandom.urlsafe_base64(32),
    expiry: Time.now.to_i + 900,
    **kwargs,
  )
end

Instance Method Details

#as_jsonObject 



69
70
71
72
73
74
75
76
77
78
79
80
81
 
# File 'lib/himari/authorization_code.rb', line 69

def as_json
  {
    code: code,
    client_id: client_id,
    claims: claims,
    openid: openid,
    redirect_uri: redirect_uri,
    nonce: nonce,
    code_challenge: code_challenge,
    code_challenge_method: code_challenge_method,
    expiry: expiry.to_i,
  }
end

#as_logObject 



55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/himari/authorization_code.rb', line 55

def as_log
  {
    code_dgst: code_dgst_for_log,
    client_id: client_id,
    claims: claims,
    nonce: nonce,
    openid: openid,
    expiry: expiry.to_i,
    pkce: pkce?,
    pkce_method: code_challenge_method,
    pkce_valid_chal: pkce_valid_challenge?,
  }
end

#code_dgst_for_logObject 



51
52
53
 
# File 'lib/himari/authorization_code.rb', line 51

def code_dgst_for_log
  @code_dgst_for_log ||= code ? Digest::SHA256.hexdigest(code) : nil
end

#pkce?Boolean

Returns:

  • (Boolean) 


28
29
30
 
# File 'lib/himari/authorization_code.rb', line 28

def pkce?
  !!(code_challenge && code_challenge_method)
end

#pkce_known_method?Boolean

Returns:

  • (Boolean) 


32
33
34
35
 
# File 'lib/himari/authorization_code.rb', line 32

def pkce_known_method?
  # https://datatracker.ietf.org/doc/html/rfc7636#section-4.2
  %w(S256 plain).include?(code_challenge_method.to_s)
end

#pkce_valid_challenge?Boolean

Returns:

  • (Boolean) 


37
38
39
40
41
42
43
44
45
 
# File 'lib/himari/authorization_code.rb', line 37

def pkce_valid_challenge?
  # https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
  case code_challenge_method.to_s
  when 'plain'
    (43..128).cover?(code_challenge.size)
  when 'S256'
    (43..45).cover?(code_challenge.size)
  end
end

#pkce_valid_request?Boolean

Returns:

  • (Boolean) 


47
48
49
 
# File 'lib/himari/authorization_code.rb', line 47

def pkce_valid_request?
  pkce? && pkce_known_method? && pkce_valid_challenge?
end

#valid_redirect_uri?(given_uri) ⇒ Boolean

Returns:

  • (Boolean) 


24
25
26
 
# File 'lib/himari/authorization_code.rb', line 24

def valid_redirect_uri?(given_uri)
  redirect_uri == given_uri
end