Class: OmniAuth::Strategies::Honin

Inherits:
OAuth2
  • Object
show all
Defined in:
lib/omniauth/strategies/honin.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.jwks_cache_for(uri) ⇒ Object

Class-level JWKS cache — persists across requests, keyed by URI.



109
110
111
112
 
# File 'lib/omniauth/strategies/honin.rb', line 109

def self.jwks_cache_for(uri)
  @jwks_caches ||= {}
  @jwks_caches[uri] ||= HoninClient::JwksCache.new(uri)
end

Instance Method Details

#authorize_paramsObject 



44
45
46
47
48
49
 
# File 'lib/omniauth/strategies/honin.rb', line 44

def authorize_params
  super.tap do |params|
    params[:code_challenge] = session[:honin_pkce_challenge]
    params[:code_challenge_method] = "S256"
  end
end

#callback_phaseObject 



57
58
59
60
61
62
 
# File 'lib/omniauth/strategies/honin.rb', line 57

def callback_phase
  super
ensure
  session.delete(:honin_pkce_verifier)
  session.delete(:honin_pkce_challenge)
end

#clientObject 



87
88
89
90
91
92
 
# File 'lib/omniauth/strategies/honin.rb', line 87

def client
  @client ||= ::OAuth2::Client.new(options.client_id, options.client_secret,
    site: options.client_options.site,
    authorize_url: "#{options.base_path}/oauth/authorize",
    token_url: "#{options.base_path}/oauth/token")
end

#honin_identityObject 



94
95
96
97
98
99
100
101
102
103
104
105
106
 
# File 'lib/omniauth/strategies/honin.rb', line 94

def honin_identity
  @honin_identity ||= if options.jwks_uri && !options.jwks_uri.to_s.empty?
    build_verifier(self.class.jwks_cache_for(options.jwks_uri)).verify(access_token.token)
  elsif options.jwks
    build_verifier(HoninClient::JwksCache::Static.new(options.jwks)).verify(access_token.token)
  else
    # No JWKS configured — decode without verification (dev/test only)
    payload, = JWT.decode(access_token.token, nil, false)
    HoninClient::Identity.new(payload)
  end
rescue HoninClient::Error => e
  raise OmniAuth::Strategies::OAuth2::CallbackError.new(:jwt_verification_failed, e.message)
end

#request_phaseObject 



37
38
39
40
41
42
 
# File 'lib/omniauth/strategies/honin.rb', line 37

def request_phase
  pkce = HoninClient::PKCE.new
  session[:honin_pkce_verifier] = pkce.code_verifier
  session[:honin_pkce_challenge] = pkce.code_challenge
  super
end

#token_paramsObject 



51
52
53
54
55
 
# File 'lib/omniauth/strategies/honin.rb', line 51

def token_params
  super.tap do |params|
    params[:code_verifier] = session[:honin_pkce_verifier]
  end
end