Class: OmniAuth::Strategies::Auth0

Inherits:

OAuth2

• Object
• OAuth2
• OmniAuth::Strategies::Auth0

Includes:

Auth0::Telemetry

Defined in:

lib/omniauth/strategies/auth0.rb

Overview

Auth0 OmniAuth strategy

Constant Summary

AUTHORIZATION_CODE_GRANT_TYPE =

'authorization_code'

CLIENT_ASSERTION_TYPE =

'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'

Instance Method Summary

• #authorize_params ⇒ Object

  Define the parameters used for the /authorize endpoint.

• #build_access_token ⇒ Object
• #callback_phase ⇒ Object
• #client ⇒ Object

  Setup client URLs used during authentication.

• #request_phase ⇒ Object

  Declarative override for the request phase of authentication.

Methods included from Auth0::Telemetry

#telemetry, #telemetry_encoded

Instance Method Details

#authorize_params ⇒ Object

Define the parameters used for the /authorize endpoint

# File 'lib/omniauth/strategies/auth0.rb', line 90

def authorize_params
  params = super
  %w[connection connection_scope prompt screen_hint login_hint organization invitation ui_locales].each do |key|
    params[key] = request.params[key] if request.params.key?(key)
  end

  # Generate nonce
  params[:nonce] = SecureRandom.hex
  # Generate leeway if none exists
  params[:leeway] = 60 unless params[:leeway]

  # Store authorize params in the session for token verification
  session['authorize_params'] = params.to_hash

  params
end

#build_access_token ⇒ Object

# File 'lib/omniauth/strategies/auth0.rb', line 107

def build_access_token
  options.token_params.merge!(client_assertion_signing_key_token_params) if client_assertion_signing_key_auth?
  options.token_params[:headers] = { 'Auth0-Client' => telemetry_encoded }
  super
end

#callback_phase ⇒ Object

# File 'lib/omniauth/strategies/auth0.rb', line 124

def callback_phase
  super
rescue OmniAuth::Auth0::TokenValidationError => e
  fail!(:token_validation_error, e)
end

#client ⇒ Object

Setup client URLs used during authentication

# File 'lib/omniauth/strategies/auth0.rb', line 29

def client
  options.client_options.site = domain_url
  options.client_options.authorize_url = '/authorize'
  options.client_options.token_url = '/oauth/token'
  options.client_options.userinfo_url = '/userinfo'
  setup_client_options_auth_scheme

  super
end

#request_phase ⇒ Object

Declarative override for the request phase of authentication

# File 'lib/omniauth/strategies/auth0.rb', line 114

def request_phase
  return fail!(:missing_client_id) if no_client_id?
  return fail!(:missing_client_secret) if no_client_secret?
  return fail!(:missing_domain) if no_domain?
  return fail!(:missing_client_assertion_signing_key) if no_client_assertion_signing_key?

  # All checks pass, run the Oauth2 request_phase method.
  super
end