Module: HoninClient::Rails::Authentication

Extended by:

ActiveSupport::Concern

Defined in:

lib/honin/client/rails/authentication.rb

Instance Method Summary

• #current_honin_identity ⇒ Object
• #handle_honin_callback ⇒ Object

  Handles the OAuth callback: verifies state, exchanges code, stores identity.

• #honin_authorization_url ⇒ Object

  Builds the IDP redirect URL and stores PKCE state in the session.

• #honin_identity_signed_in? ⇒ Boolean
• #require_honin_authentication ⇒ Object
• #sign_out_honin ⇒ Object

Instance Method Details

#current_honin_identity ⇒ Object

# File 'lib/honin/client/rails/authentication.rb', line 16

def current_honin_identity
  return @current_honin_identity if defined?(@current_honin_identity)
  claims = session[:honin_identity]
  @current_honin_identity = claims ? Identity.new(claims) : nil
end

#handle_honin_callback ⇒ Object

Handles the OAuth callback: verifies state, exchanges code, stores identity. Returns the verified Identity. Call from your callback controller action.

# File 'lib/honin/client/rails/authentication.rb', line 46

def handle_honin_callback
  unless ActiveSupport::SecurityUtils.secure_compare(
    params[:state].to_s,
    session[:honin_state].to_s
  )
    raise Error, "State mismatch — possible CSRF attack"
  end

  identity = HoninClient.flow.exchange_code(
    code: params[:code],
    code_verifier: session[:honin_pkce_verifier]
  )
  session[:honin_identity] = identity.to_h
  identity
ensure
  session.delete(:honin_pkce_verifier)
  session.delete(:honin_state)
end

#honin_authorization_url ⇒ Object

Builds the IDP redirect URL and stores PKCE state in the session. Call from a controller action that initiates the OAuth flow.

# File 'lib/honin/client/rails/authentication.rb', line 34

def honin_authorization_url
  pkce = PKCE.new
  session[:honin_pkce_verifier] = pkce.code_verifier
  session[:honin_state] = SecureRandom.hex(16)
  HoninClient.flow.authorize_url(
    state: session[:honin_state],
    code_challenge: pkce.code_challenge
  )
end

#honin_identity_signed_in? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/honin/client/rails/authentication.rb', line 22

def honin_identity_signed_in?
  !current_honin_identity.nil?
end

#require_honin_authentication ⇒ Object

# File 'lib/honin/client/rails/authentication.rb', line 26

def require_honin_authentication
  return if honin_identity_signed_in?
  session[:honin_return_to] = request.url
  redirect_to honin_authorization_url, allow_other_host: true
end

#sign_out_honin ⇒ Object

# File 'lib/honin/client/rails/authentication.rb', line 65

def sign_out_honin
  session.delete(:honin_identity)
  @current_honin_identity = nil
end