Class: Himari::AuthorizationCode

Inherits:
Struct
  • Object
show all
Defined in:
lib/himari/authorization_code.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.make(**kwargs) ⇒ Object 



18
19
20
21
22
23
24
 
# File 'lib/himari/authorization_code.rb', line 18

def self.make(**kwargs)
  new(
    code: SecureRandom.urlsafe_base64(32),
    created_at: Time.now.to_i,
    **kwargs,
  )
end

Instance Method Details

#as_jsonObject 



79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
 
# File 'lib/himari/authorization_code.rb', line 79

def as_json
  {
    code: code,
    client_id: client_id,
    claims: claims,
    openid: openid,
    redirect_uri: redirect_uri,
    nonce: nonce,
    code_challenge: code_challenge,
    code_challenge_method: code_challenge_method,
    created_at: created_at.to_i,
    lifetime: lifetime.to_i,
    expiry: expiry.to_i,
  }
end

#as_logObject 



63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 
# File 'lib/himari/authorization_code.rb', line 63

def as_log
  {
    code_dgst: code_dgst_for_log,
    client_id: client_id,
    claims: claims,
    nonce: nonce,
    openid: openid,
    created_at: created_at.to_i,
    lifetime: lifetime.to_i,
    expiry: expiry.to_i,
    pkce: pkce?,
    pkce_method: code_challenge_method,
    pkce_valid_chal: pkce_valid_challenge?,
  }
end

#code_dgst_for_logObject 



59
60
61
 
# File 'lib/himari/authorization_code.rb', line 59

def code_dgst_for_log
  @code_dgst_for_log ||= code ? Digest::SHA256.hexdigest(code) : nil
end

#expiryObject 



28
29
30
 
# File 'lib/himari/authorization_code.rb', line 28

def expiry
  self._expiry_raw || (self.expiry = created_at + (lifetime || 900))
end

#pkce?Boolean

Returns:

  • (Boolean) 


36
37
38
 
# File 'lib/himari/authorization_code.rb', line 36

def pkce?
  !!(code_challenge && code_challenge_method)
end

#pkce_known_method?Boolean

Returns:

  • (Boolean) 


40
41
42
43
 
# File 'lib/himari/authorization_code.rb', line 40

def pkce_known_method?
  # https://datatracker.ietf.org/doc/html/rfc7636#section-4.2
  %w(S256 plain).include?(code_challenge_method.to_s)
end

#pkce_valid_challenge?Boolean

Returns:

  • (Boolean) 


45
46
47
48
49
50
51
52
53
 
# File 'lib/himari/authorization_code.rb', line 45

def pkce_valid_challenge?
  # https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
  case code_challenge_method.to_s
  when 'plain'
    (43..128).cover?(code_challenge.size)
  when 'S256'
    (43..45).cover?(code_challenge.size)
  end
end

#pkce_valid_request?Boolean

Returns:

  • (Boolean) 


55
56
57
 
# File 'lib/himari/authorization_code.rb', line 55

def pkce_valid_request?
  pkce? && pkce_known_method? && pkce_valid_challenge?
end

#valid_redirect_uri?(given_uri) ⇒ Boolean

Returns:

  • (Boolean) 


32
33
34
 
# File 'lib/himari/authorization_code.rb', line 32

def valid_redirect_uri?(given_uri)
  redirect_uri == given_uri
end