Class: Himari::Services::OidcTokenEndpoint

Inherits:

Object

Object
Himari::Services::OidcTokenEndpoint

show all

Defined in:: lib/himari/services/oidc_token_endpoint.rb

Defined Under Namespace

Classes: Issued, SigningKeyMissing

Instance Method Summary collapse

#app(env) ⇒ Object
#call(env) ⇒ Object
#initialize(client_provider:, signing_key_provider:, storage:, issuer:, logger: nil) ⇒ OidcTokenEndpoint constructor

A new instance of OidcTokenEndpoint.

Constructor Details

#initialize(client_provider:, signing_key_provider:, storage:, issuer:, logger: nil) ⇒ `OidcTokenEndpoint`

Returns a new instance of OidcTokenEndpoint.

Parameters:

client_provider (Himari::ProviderChain<Himari::ClientRegistration>)
signing_key_provider (Himari::ProviderChain<Himari::SigningKey>)
storage (Himari::Storages::Base)
issuer (String)
logger (Logger) (defaults to: nil)

# File 'lib/himari/services/oidc_token_endpoint.rb', line 25

def initialize(client_provider:, signing_key_provider:, storage:, issuer:, logger: nil)
  @client_provider = client_provider
  @signing_key_provider = signing_key_provider
  @storage = storage
  @issuer = issuer
  @logger = logger
end

Instance Method Details

#app(env) ⇒ `Object`

# File 'lib/himari/services/oidc_token_endpoint.rb', line 40

def app(env)
  Rack::OAuth2::Server::Token.new do |req, res|
    client = @client_provider.find(id: req.client_id)
    unless client
      @logger&.warn(Himari::LogLine.new('OidcTokenEndpoint: invalid_client, no client registration', req: env['himari.request_as_log'], client_id: req.client_id))
      next req.invalid_client!
    end
    # Public clients (token_endpoint_auth_method=none) present no secret; they are bound
    # to the authorization code by PKCE and the client_id check in handle_authorization_code.
    if client.confidential? && !client.match_secret?(req.client_secret)
      @logger&.warn(Himari::LogLine.new('OidcTokenEndpoint: invalid_client, client secret mismatch', req: env['himari.request_as_log'], client: client.as_log))
      next req.invalid_client!
    end

    case req.grant_type
    when :authorization_code
      handle_authorization_code(env, req, res, client)
    when :refresh_token
      handle_refresh_token(env, req, res, client)
    else
      req.unsupported_response_type!
    end
  end
end

#call(env) ⇒ `Object`

# File 'lib/himari/services/oidc_token_endpoint.rb', line 33

def call(env)
  app(env).call(env)
rescue Rack::OAuth2::Server::Abstract::Error => e
  @logger&.warn(Himari::LogLine.new('OidcTokenEndpoint: returning error', req: env['himari.request_as_log'], err: e.class.inspect, err_content: e.protocol_params))
  e.finish
end

Class: Himari::Services::OidcTokenEndpoint

Defined Under Namespace

Instance Method Summary collapse

Constructor Details

#initialize(client_provider:, signing_key_provider:, storage:, issuer:, logger: nil) ⇒ OidcTokenEndpoint

Instance Method Details

#app(env) ⇒ Object

#call(env) ⇒ Object

#initialize(client_provider:, signing_key_provider:, storage:, issuer:, logger: nil) ⇒ `OidcTokenEndpoint`

#app(env) ⇒ `Object`

#call(env) ⇒ `Object`