Class: Identizer::Authorization

Inherits:

Struct

• Object
• Struct
• Identizer::Authorization

Defined in:

lib/identizer/authorization.rb

Overview

What an issued code/refresh token stands for: the signed-in identity plus the authorization-request parameters needed at token time (PKCE, scope, nonce).

Instance Attribute Summary

• #access_token ⇒ Object

  Returns the value of attribute access_token.

• #client_id ⇒ Object

  Returns the value of attribute client_id.

• #code_challenge ⇒ Object

  Returns the value of attribute code_challenge.

• #code_challenge_method ⇒ Object

  Returns the value of attribute code_challenge_method.

• #identity ⇒ Object

  Returns the value of attribute identity.

• #nonce ⇒ Object

  Returns the value of attribute nonce.

• #refresh_token ⇒ Object

  Returns the value of attribute refresh_token.

• #scope ⇒ Object

  Returns the value of attribute scope.

Instance Method Summary

• #pkce_valid?(verifier) ⇒ Boolean

  RFC 7636 PKCE check.

Instance Attribute Details

#access_token ⇒ Object

Returns the value of attribute access_token

Returns:

• (Object) —

  the current value of access_token

# File 'lib/identizer/authorization.rb', line 6

def access_token
  @access_token
end

#client_id ⇒ Object

Returns the value of attribute client_id

Returns:

• (Object) —

  the current value of client_id

# File 'lib/identizer/authorization.rb', line 6

def client_id
  @client_id
end

#code_challenge ⇒ Object

Returns the value of attribute code_challenge

Returns:

• (Object) —

  the current value of code_challenge

# File 'lib/identizer/authorization.rb', line 6

def code_challenge
  @code_challenge
end

#code_challenge_method ⇒ Object

Returns the value of attribute code_challenge_method

Returns:

• (Object) —

  the current value of code_challenge_method

# File 'lib/identizer/authorization.rb', line 6

def code_challenge_method
  @code_challenge_method
end

#identity ⇒ Object

Returns the value of attribute identity

Returns:

• (Object) —

  the current value of identity

# File 'lib/identizer/authorization.rb', line 6

def identity
  @identity
end

#nonce ⇒ Object

Returns the value of attribute nonce

Returns:

• (Object) —

  the current value of nonce

# File 'lib/identizer/authorization.rb', line 6

def nonce
  @nonce
end

#refresh_token ⇒ Object

Returns the value of attribute refresh_token

Returns:

• (Object) —

  the current value of refresh_token

# File 'lib/identizer/authorization.rb', line 6

def refresh_token
  @refresh_token
end

#scope ⇒ Object

Returns the value of attribute scope

Returns:

• (Object) —

  the current value of scope

# File 'lib/identizer/authorization.rb', line 6

def scope
  @scope
end

Instance Method Details

#pkce_valid?(verifier) ⇒ Boolean

RFC 7636 PKCE check. No challenge issued -> nothing to verify.

Returns:

• (Boolean)

# File 'lib/identizer/authorization.rb', line 9

def pkce_valid?(verifier)
  return true if code_challenge.to_s.empty?

  case code_challenge_method
  when "S256"
    digest = Digest::SHA256.digest(verifier.to_s)
    Base64.urlsafe_encode64(digest, padding: false) == code_challenge
  else # "plain" (or unspecified)
    verifier.to_s == code_challenge
  end
end