Class: Himari::AuthorizationCode

Inherits:
Struct
  • Object
show all
Defined in:
lib/himari/authorization_code.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.make(**kwargs) ⇒ Object 



25
26
27
28
29
30
31
 
# File 'lib/himari/authorization_code.rb', line 25

def self.make(**kwargs)
  new(
    code: SecureRandom.urlsafe_base64(32),
    created_at: Time.now.to_i,
    **kwargs,
  )
end

Instance Method Details

#as_jsonObject 



103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
# File 'lib/himari/authorization_code.rb', line 103

def as_json
  {
    code: code,
    client_id: client_id,
    claims: claims,
    scopes: scopes,
    mint_jwt_access_token: mint_jwt_access_token,
    openid: openid,
    offline_access: offline_access,
    session_handle: session_handle,
    redirect_uri: redirect_uri,
    nonce: nonce,
    code_challenge: code_challenge,
    code_challenge_method: code_challenge_method,
    created_at: created_at.to_i,
    lifetime: lifetime.as_json,
    expiry: expiry.to_i,
  }
end

#as_logObject 



83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
# File 'lib/himari/authorization_code.rb', line 83

def as_log
  {
    code_dgst: code_dgst_for_log,
    client_id: client_id,
    claims: claims,
    nonce: nonce,
    scopes: scopes,
    mint_jwt_access_token: mint_jwt_access_token,
    openid: openid,
    offline_access: offline_access,
    session_handle: session_handle,
    created_at: created_at.to_i,
    lifetime: lifetime.as_log,
    expiry: expiry.to_i,
    pkce: pkce?,
    pkce_method: code_challenge_method,
    pkce_valid_chal: pkce_valid_challenge?,
  }
end

#code_dgst_for_logObject 



79
80
81
 
# File 'lib/himari/authorization_code.rb', line 79

def code_dgst_for_log
  @code_dgst_for_log ||= code ? Digest::SHA256.hexdigest(code) : nil
end

#expiryObject 



48
49
50
 
# File 'lib/himari/authorization_code.rb', line 48

def expiry
  _expiry_raw || (self.expiry = created_at + (lifetime&.code || 900))
end

#lifetimeObject 



35
36
37
38
39
40
41
42
43
44
 
# File 'lib/himari/authorization_code.rb', line 35

def lifetime
  case _lifetime_raw
  when Hash
    self.lifetime = LifetimeValue.new(**_lifetime_raw)
  when Integer # compat
    self.lifetime = LifetimeValue.from_integer(_lifetime_raw)
  else
    _lifetime_raw
  end
end

#pkce?Boolean

Returns:

  • (Boolean) 


56
57
58
 
# File 'lib/himari/authorization_code.rb', line 56

def pkce?
  !!(code_challenge && code_challenge_method)
end

#pkce_known_method?Boolean

Returns:

  • (Boolean) 


60
61
62
63
 
# File 'lib/himari/authorization_code.rb', line 60

def pkce_known_method?
  # https://datatracker.ietf.org/doc/html/rfc7636#section-4.2
  %w(S256 plain).include?(code_challenge_method.to_s)
end

#pkce_valid_challenge?Boolean

Returns:

  • (Boolean) 


65
66
67
68
69
70
71
72
73
 
# File 'lib/himari/authorization_code.rb', line 65

def pkce_valid_challenge?
  # https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
  case code_challenge_method.to_s
  when 'plain'
    (43..128).cover?(code_challenge.size)
  when 'S256'
    (43..45).cover?(code_challenge.size)
  end
end

#pkce_valid_request?Boolean

Returns:

  • (Boolean) 


75
76
77
 
# File 'lib/himari/authorization_code.rb', line 75

def pkce_valid_request?
  pkce? && pkce_known_method? && pkce_valid_challenge?
end

#valid_redirect_uri?(given_uri) ⇒ Boolean

Returns:

  • (Boolean) 


52
53
54
 
# File 'lib/himari/authorization_code.rb', line 52

def valid_redirect_uri?(given_uri)
  redirect_uri == given_uri
end