Class: Legate::Auth::Config

Inherits:
Object
  • Object
show all
Defined in:
lib/legate/auth/config.rb

Overview

Configuration container used during the authentication flow. Holds the authentication scheme, credential, and request/response details needed for interactive authentication flows.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(scheme:, credential:, auth_request_id: nil, options: {}) ⇒ Config

Initialize a new authentication configuration

Parameters:

  • scheme (Legate::Auth::Scheme)

    The authentication scheme

  • credential (Legate::Auth::Credential)

    The credential information

  • auth_request_id (String, nil) (defaults to: nil)

    The unique ID for this authentication request

  • options (Hash, nil) (defaults to: {})

    Additional options for the authentication process



48
49
50
51
52
53
54
55
56
57
58
 
# File 'lib/legate/auth/config.rb', line 48

def initialize(scheme:, credential:, auth_request_id: nil, options: {})
  @scheme = scheme
  @credential = credential
  @auth_request_id = auth_request_id || Legate::Auth.generate_request_id
  @options = options || {}
  @auth_uri = nil
  @redirect_uri = nil
  @state = nil
  @pkce = nil
  @response_uri = nil
end

Instance Attribute Details

#auth_request_idString? (readonly)

Returns The unique ID for this authentication request.

Returns:

  • (String, nil)

    The unique ID for this authentication request



19
20
21
 
# File 'lib/legate/auth/config.rb', line 19

def auth_request_id
  @auth_request_id
end

#auth_uriString?

Returns The authorization URI for interactive flows.

Returns:

  • (String, nil)

    The authorization URI for interactive flows



22
23
24
 
# File 'lib/legate/auth/config.rb', line 22

def auth_uri
  @auth_uri
end

#credentialLegate::Auth::Credential (readonly)

Returns The credential information.

Returns:



16
17
18
 
# File 'lib/legate/auth/config.rb', line 16

def credential
  @credential
end

#optionsHash?

Returns Additional options for the authentication process.

Returns:

  • (Hash, nil)

    Additional options for the authentication process



41
42
43
 
# File 'lib/legate/auth/config.rb', line 41

def options
  @options
end

#pkceHash?

Returns The PKCE parameters (code_verifier, etc.).

Returns:

  • (Hash, nil)

    The PKCE parameters (code_verifier, etc.)



31
32
33
 
# File 'lib/legate/auth/config.rb', line 31

def pkce
  @pkce
end

#redirect_uriString?

Returns The redirect URI for OAuth2/OIDC flows.

Returns:

  • (String, nil)

    The redirect URI for OAuth2/OIDC flows



25
26
27
 
# File 'lib/legate/auth/config.rb', line 25

def redirect_uri
  @redirect_uri
end

#response_uriString? Also known as: auth_response_uri

Returns The authorization response URI from the provider.

Returns:

  • (String, nil)

    The authorization response URI from the provider



34
35
36
 
# File 'lib/legate/auth/config.rb', line 34

def response_uri
  @response_uri
end

#schemeLegate::Auth::Scheme (readonly)

Returns The authentication scheme.

Returns:



13
14
15
 
# File 'lib/legate/auth/config.rb', line 13

def scheme
  @scheme
end

#stateString?

Returns The state parameter for CSRF protection.

Returns:

  • (String, nil)

    The state parameter for CSRF protection



28
29
30
 
# File 'lib/legate/auth/config.rb', line 28

def state
  @state
end

Class Method Details

.from_h(hash, scheme: nil, credential: nil) ⇒ Legate::Auth::Config

Creates a Config from a hash representation

Parameters:

  • hash (Hash)

    The hash representation

  • scheme (Legate::Auth::Scheme) (defaults to: nil)

    The authentication scheme (required if not recreating from complete data)

  • credential (Legate::Auth::Credential) (defaults to: nil)

    The credential information (required if not recreating from complete data)

Returns:

Raises:



106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
# File 'lib/legate/auth/config.rb', line 106

def self.from_h(hash, scheme: nil, credential: nil)
  scheme ||= hash[:scheme]
  credential ||= hash[:credential]

  raise Legate::Auth::ConfigurationError, 'Scheme and credential must be provided' unless scheme && credential

  config = new(
    scheme: scheme,
    credential: credential,
    auth_request_id: hash[:auth_request_id],
    options: hash[:options] || {}
  )

  config.auth_uri = hash[:auth_uri]
  config.redirect_uri = hash[:redirect_uri]
  config.state = hash[:state]
  config.pkce = hash[:pkce]

  # Handle both new and old response URI keys
  config.response_uri = hash[:response_uri] || hash[:auth_response_uri]

  config
end

Instance Method Details

#build_authorization_uri(redirect_uri = nil, state = nil) ⇒ String, Hash

Build the authorization URI for interactive flows

Parameters:

  • redirect_uri (String, nil) (defaults to: nil)

    The redirect URI for the authorization request

  • state (String, nil) (defaults to: nil)

    A state parameter for CSRF protection

Returns:

  • (String, Hash)

    The authorization URI or a hash with URI and additional parameters



64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/legate/auth/config.rb', line 64

def build_authorization_uri(redirect_uri = nil, state = nil)
  @redirect_uri = redirect_uri
  @state = state || @options[:state] || SecureRandom.hex(16)

  # For OAuth2 schemes with detailed return values including PKCE
  result = @scheme.build_authorization_uri(self, @redirect_uri, @state)

  if result.is_a?(Hash) && result[:uri]
    @auth_uri = result[:uri]
    @state = result[:state] if result[:state]
    @pkce = result[:pkce] if result[:pkce]
    @auth_uri
  else
    # For backwards compatibility with simpler schemes
    @auth_uri = result
  end
end

#to_h(include_credentials: false) ⇒ Hash

Convert to a hash for serialization

Parameters:

  • include_credentials (Boolean) (defaults to: false)

    Whether to include credential details (use carefully)

Returns:

  • (Hash)

    A hash representation of the config



85
86
87
88
89
90
91
92
93
94
95
96
97
98
 
# File 'lib/legate/auth/config.rb', line 85

def to_h(include_credentials: false)
  {
    auth_request_id: @auth_request_id,
    scheme_type: @scheme.scheme_type,
    auth_uri: @auth_uri,
    redirect_uri: @redirect_uri,
    state: @state,
    pkce: @pkce,
    response_uri: @response_uri,
    options: @options
  }.tap do |h|
    h[:credential] = @credential.to_h if include_credentials
  end
end

#validate_response!(response_config) ⇒ Boolean

Validates a response against this configuration

Parameters:

Returns:

  • (Boolean)

    True if the response is valid for this request

Raises:



134
135
136
137
138
139
140
141
142
143
144
145
 
# File 'lib/legate/auth/config.rb', line 134

def validate_response!(response_config)
  # Check request ID
  raise Legate::Auth::ConfigurationError, 'Authentication response ID does not match request ID' unless response_config.auth_request_id == @auth_request_id

  # Check that we have an auth response URI
  raise Legate::Auth::ConfigurationError, 'Authentication response does not contain a response URI' unless response_config.response_uri

  # Check state if we had one
  raise Legate::Auth::ConfigurationError, 'Authentication response state does not match request state' if @state && response_config.state && response_config.state != @state

  true
end