Class: Legate::Auth::ExchangedCredential

Inherits:

Object

• Object
• Legate::Auth::ExchangedCredential

Defined in:

lib/legate/auth/exchanged_credential.rb

Overview

Represents credentials that have been exchanged for tokens. Stores tokens obtained from authentication providers, along with metadata such as expiration times and refresh tokens.

Instance Attribute Summary

• #access_token ⇒ String readonly

  The access token.

• #attributes ⇒ Hash readonly

  Additional attributes specific to the auth type.

• #auth_type ⇒ Symbol readonly

  The type of authentication.

• #expires_at ⇒ Time^? readonly

  The expiration time.

• #id_token ⇒ String^? readonly

  ID token for OIDC.

• #provider_id ⇒ String^?

  The provider ID for this credential.

• #refresh_token ⇒ String^? readonly

  The refresh token, if available.

• #token_type ⇒ String^? readonly

  The token type (e.g., “Bearer”).

Class Method Summary

• .from_h(hash) ⇒ Legate::Auth::ExchangedCredential

  Create an ExchangedCredential from a hash.

Instance Method Summary

• #[](name) ⇒ Object^?

  Get an attribute value.

• #expired?(buffer_seconds = 30) ⇒ Boolean

  Check if the token is expired.

• #id_token_claims ⇒ Hash

  Returns the decoded claims from the ID token.

• #initialize(auth_type:, access_token:, refresh_token: nil, token_type: 'Bearer', expires_in: nil, id_token: nil, provider_id: nil, **attributes) ⇒ ExchangedCredential constructor

  Initialize a new ExchangedCredential.

• #refreshable? ⇒ Boolean

  Check if the credential can be refreshed.

• #to_h ⇒ Hash

  Convert to a hash for serialization.

• #with(attrs) ⇒ Legate::Auth::ExchangedCredential

  Return a new ExchangedCredential with updated values.

Constructor Details

#initialize(auth_type:, access_token:, refresh_token: nil, token_type: 'Bearer', expires_in: nil, id_token: nil, provider_id: nil, **attributes) ⇒ ExchangedCredential

Initialize a new ExchangedCredential

Parameters:

• auth_type (Symbol) —

  The type of authentication

• access_token (String) —

  The access token

• refresh_token (String, nil) (defaults to: nil) —

  The refresh token

• token_type (String, nil) (defaults to: 'Bearer') —

  The token type

• expires_in (Integer, nil) (defaults to: nil) —

  Seconds until the token expires

• id_token (String, nil) (defaults to: nil) —

  ID token for OIDC

• provider_id (String, nil) (defaults to: nil) —

  The provider ID for this credential

• attributes (Hash) —

  Additional attributes

# File 'lib/legate/auth/exchanged_credential.rb', line 46

def initialize(auth_type:, access_token:, refresh_token: nil, token_type: 'Bearer',
               expires_in: nil, id_token: nil, provider_id: nil, **attributes)
  @auth_type = auth_type.to_sym
  @access_token = access_token
  @refresh_token = refresh_token
  @token_type = token_type || 'Bearer'
  @id_token = id_token
  @provider_id = provider_id
  @attributes = attributes || {}

  # Calculate expiration time if expires_in is provided
  @expires_at = if expires_in && expires_in.to_i > 0
                  Time.now + expires_in.to_i
                elsif attributes[:expires_at]
                  Time.parse(attributes[:expires_at].to_s)
                end
end

Instance Attribute Details

#access_token ⇒ String (readonly)

Returns The access token.

Returns:

• (String) —

  The access token

# File 'lib/legate/auth/exchanged_credential.rb', line 17

def access_token
  @access_token
end

#attributes ⇒ Hash (readonly)

Returns Additional attributes specific to the auth type.

Returns:

• (Hash) —

  Additional attributes specific to the auth type

# File 'lib/legate/auth/exchanged_credential.rb', line 35

def attributes
  @attributes
end

#auth_type ⇒ Symbol (readonly)

Returns The type of authentication.

Returns:

• (Symbol) —

  The type of authentication

# File 'lib/legate/auth/exchanged_credential.rb', line 14

def auth_type
  @auth_type
end

#expires_at ⇒ Time^? (readonly)

Returns The expiration time.

Returns:

• (Time, nil) —

  The expiration time

# File 'lib/legate/auth/exchanged_credential.rb', line 26

def expires_at
  @expires_at
end

#id_token ⇒ String^? (readonly)

Returns ID token for OIDC.

Returns:

• (String, nil) —

  ID token for OIDC

# File 'lib/legate/auth/exchanged_credential.rb', line 29

def id_token
  @id_token
end

#provider_id ⇒ String^?

Returns The provider ID for this credential.

Returns:

• (String, nil) —

  The provider ID for this credential

# File 'lib/legate/auth/exchanged_credential.rb', line 32

def provider_id
  @provider_id
end

#refresh_token ⇒ String^? (readonly)

Returns The refresh token, if available.

Returns:

• (String, nil) —

  The refresh token, if available

# File 'lib/legate/auth/exchanged_credential.rb', line 20

def refresh_token
  @refresh_token
end

#token_type ⇒ String^? (readonly)

Returns The token type (e.g., “Bearer”).

Returns:

• (String, nil) —

  The token type (e.g., “Bearer”)

# File 'lib/legate/auth/exchanged_credential.rb', line 23

def token_type
  @token_type
end

Class Method Details

.from_h(hash) ⇒ Legate::Auth::ExchangedCredential

Create an ExchangedCredential from a hash

Parameters:

• hash (Hash) —

  A hash representation of the credential

Returns:

• (Legate::Auth::ExchangedCredential) —

  A new ExchangedCredential

# File 'lib/legate/auth/exchanged_credential.rb', line 108

def self.from_h(hash)
  attrs = hash.dup
  auth_type = attrs.delete(:auth_type) || attrs.delete('auth_type')
  access_token = attrs.delete(:access_token) || attrs.delete('access_token')
  refresh_token = attrs.delete(:refresh_token) || attrs.delete('refresh_token')
  token_type = attrs.delete(:token_type) || attrs.delete('token_type')
  expires_at = attrs.delete(:expires_at) || attrs.delete('expires_at')
  id_token = attrs.delete(:id_token) || attrs.delete('id_token')
  provider_id = attrs.delete(:provider_id) || attrs.delete('provider_id')

  # Convert string keys to symbols
  attributes = {}
  attrs.each do |key, value|
    attributes[key.to_sym] = value
  end

  # Set expires_at as an attribute so it gets passed to the initializer
  attributes[:expires_at] = expires_at if expires_at

  new(
    auth_type: auth_type,
    access_token: access_token,
    refresh_token: refresh_token,
    token_type: token_type,
    id_token: id_token,
    provider_id: provider_id,
    **attributes
  )
end

Instance Method Details

#[](name) ⇒ Object^?

Get an attribute value

Parameters:

• name (Symbol, String) —

  The attribute name

Returns:

• (Object, nil) —

  The attribute value, or nil if not present

# File 'lib/legate/auth/exchanged_credential.rb', line 141

def [](name)
  case name.to_sym
  when :access_token
    @access_token
  when :refresh_token
    @refresh_token
  when :token_type
    @token_type
  when :expires_at
    @expires_at
  when :id_token
    @id_token
  when :auth_type
    @auth_type
  when :provider_id
    @provider_id
  else
    @attributes[name.to_sym]
  end
end

#expired?(buffer_seconds = 30) ⇒ Boolean

Check if the token is expired

Parameters:

• buffer_seconds (Integer) (defaults to: 30) —

  Buffer time in seconds to consider token as expired

Returns:

• (Boolean) —

  True if the token is expired, false otherwise

# File 'lib/legate/auth/exchanged_credential.rb', line 67

def expired?(buffer_seconds = 30)
  return false unless @expires_at

  @expires_at - buffer_seconds <= Time.now
end

#id_token_claims ⇒ Hash

Returns the decoded claims from the ID token

Returns:

• (Hash) —

  The parsed ID token claims, or an empty hash if no ID token

# File 'lib/legate/auth/exchanged_credential.rb', line 81

def id_token_claims
  return {} unless @id_token

  begin
    JWT.decode(@id_token, nil, false)[0]
  rescue JWT::DecodeError => e
    {}
  end
end

#refreshable? ⇒ Boolean

Check if the credential can be refreshed

Returns:

• (Boolean) —

  True if a refresh token is available

# File 'lib/legate/auth/exchanged_credential.rb', line 75

def refreshable?
  !@refresh_token.nil? && !@refresh_token.empty?
end

#to_h ⇒ Hash

Convert to a hash for serialization

Returns:

• (Hash) —

  A hash representation of the credential

# File 'lib/legate/auth/exchanged_credential.rb', line 93

def to_h
  {
    auth_type: @auth_type,
    access_token: @access_token,
    refresh_token: @refresh_token,
    token_type: @token_type,
    expires_at: @expires_at&.iso8601,
    id_token: @id_token,
    provider_id: @provider_id
  }.merge(@attributes).compact
end

#with(attrs) ⇒ Legate::Auth::ExchangedCredential

Return a new ExchangedCredential with updated values

Parameters:

• attrs (Hash) —

  The attributes to update

Returns:

• (Legate::Auth::ExchangedCredential) —

  A new ExchangedCredential with updated values

# File 'lib/legate/auth/exchanged_credential.rb', line 165

def with(attrs)
  self.class.new(
    auth_type: attrs[:auth_type] || @auth_type,
    access_token: attrs[:access_token] || @access_token,
    refresh_token: attrs[:refresh_token] || @refresh_token,
    token_type: attrs[:token_type] || @token_type,
    id_token: attrs[:id_token] || @id_token,
    provider_id: attrs[:provider_id] || @provider_id,
    **@attributes.merge(attrs.reject { |k, _|
      %i[auth_type access_token refresh_token token_type id_token provider_id].include?(k)
    })
  )
end