Module: OmniauthOpenidFederation

Defined in:
lib/omniauth_openid_federation.rb,
lib/omniauth_openid_federation.rb,
lib/omniauth_openid_federation/jwe.rb,
lib/omniauth_openid_federation/jws.rb,
lib/omniauth_openid_federation/cache.rb,
lib/omniauth_openid_federation/utils.rb,
lib/omniauth_openid_federation/engine.rb,
lib/omniauth_openid_federation/errors.rb,
lib/omniauth_openid_federation/logger.rb,
lib/omniauth_openid_federation/railtie.rb,
lib/omniauth_openid_federation/version.rb,
lib/omniauth_openid_federation/id_token.rb,
lib/omniauth_openid_federation/constants.rb,
lib/omniauth_openid_federation/user_info.rb,
lib/omniauth_openid_federation/jwks/cache.rb,
lib/omniauth_openid_federation/jwks/fetch.rb,
lib/omniauth_openid_federation/validators.rb,
lib/omniauth_openid_federation/http_client.rb,
lib/omniauth_openid_federation/http_errors.rb,
lib/omniauth_openid_federation/jwks/decode.rb,
lib/omniauth_openid_federation/jwks/rotate.rb,
lib/omniauth_openid_federation/oidc_client.rb,
lib/omniauth_openid_federation/access_token.rb,
lib/omniauth_openid_federation/rate_limiter.rb,
lib/omniauth_openid_federation/tasks_helper.rb,
lib/omniauth_openid_federation/time_helpers.rb,
lib/omniauth_openid_federation/cache_adapter.rb,
lib/omniauth_openid_federation/configuration.rb,
lib/omniauth_openid_federation/jwks/selector.rb,
lib/omniauth_openid_federation/key_extractor.rb,
lib/omniauth_openid_federation/rack_endpoint.rb,
lib/omniauth_openid_federation/secure_compare.rb,
lib/omniauth_openid_federation/string_helpers.rb,
lib/omniauth_openid_federation/instrumentation.rb,
lib/omniauth_openid_federation/jwks/normalizer.rb,
lib/omniauth_openid_federation/endpoint_resolver.rb,
lib/omniauth_openid_federation/federation_endpoint.rb,
lib/omniauth_openid_federation/tasks/path_resolver.rb,
lib/omniauth_openid_federation/jwt_response_decoder.rb,
lib/omniauth_openid_federation/federation/signed_jwks.rb,
lib/omniauth_openid_federation/entity_statement_reader.rb,
lib/omniauth_openid_federation/strategy/jwks_resolution.rb,
lib/omniauth_openid_federation/tasks/callback_processor.rb,
lib/omniauth_openid_federation/strategy/failure_handling.rb,
lib/omniauth_openid_federation/strategy/callback_handling.rb,
lib/omniauth_openid_federation/strategy/id_token_decoding.rb,
lib/omniauth_openid_federation/strategy/userinfo_decoding.rb,
lib/omniauth_openid_federation/tasks/client_keys_preparer.rb,
lib/omniauth_openid_federation/federation/entity_statement.rb,
lib/omniauth_openid_federation/tasks/local_endpoint_tester.rb,
lib/omniauth_openid_federation/strategy/client_construction.rb,
lib/omniauth_openid_federation/strategy/endpoint_resolution.rb,
lib/omniauth_openid_federation/strategy/authorization_request.rb,
lib/omniauth_openid_federation/federation/trust_chain_resolver.rb,
lib/omniauth_openid_federation/strategy/client_entity_statement.rb,
lib/omniauth_openid_federation/tasks/authentication_flow_tester.rb,
app/controllers/omniauth_openid_federation/federation_controller.rb,
lib/omniauth_openid_federation/federation/metadata_policy_merger.rb,
lib/omniauth_openid_federation/federation/entity_statement_helper.rb,
lib/omniauth_openid_federation/federation/entity_statement_parser.rb,
lib/omniauth_openid_federation/strategy/provider_entity_statement.rb,
lib/omniauth_openid_federation/federation/entity_statement_builder.rb,
lib/omniauth_openid_federation/federation/entity_statement_fetcher.rb,
lib/omniauth_openid_federation/federation/entity_statement_validator.rb,
sig/jwks.rbs,
sig/strategy.rbs,
sig/federation.rbs,
sig/omniauth_openid_federation.rbs

Overview

Entity Statement Validator for OpenID Federation 1.0 Implements all required validation steps from OpenID Federation 1.0 Section 3.2.1. Entity Statements MUST be validated in the following manner per the specification.

Examples:

Validate an entity statement

validator = EntityStatementValidator.new(
  jwt_string: entity_statement_jwt,
  issuer_entity_configuration: issuer_config  # Optional, for Subordinate Statement validation
)
validator.validate!

See Also:

Defined Under Namespace

Modules: Cache, Constants, Federation, Instrumentation, Jwe, Jwks, RateLimiter, SecureCompare, Strategy, StringHelpers, Tasks, TasksHelper, TimeHelpers, Utils, Validators Classes: AccessToken, BadRequest, CacheAdapter, Configuration, ConfigurationError, DecryptionError, EncryptionError, EndpointResolver, Engine, EntityStatementReader, Error, FederationController, FederationEndpoint, FetchError, Forbidden, HttpClient, HttpError, IdToken, Jws, JwtResponseDecoder, KeyExtractor, KeyRelatedError, KeyRelatedValidationError, Logger, NetworkError, OidcClient, RackEndpoint, Railtie, SecurityError, SignatureError, Unauthorized, UserInfo, ValidationError

Constant Summary collapse

VERSION =

Returns:

  • (String)
"2.0.0".freeze

Class Method Summary collapse

Class Method Details

.configConfiguration

Get the global configuration

Returns:



24
25
26
# File 'lib/omniauth_openid_federation.rb', line 24

def self.config
  Configuration.config
end

.configure {|config| ... } ⇒ Configuration

Configure the gem

Examples:

OmniauthOpenidFederation.configure do |config|
  config.verify_ssl = false # Only for development
  config.cache_ttl = 3600
end

Yields:

  • (config)

    Yields the configuration object

Yield Parameters:

Yield Returns:

  • (void)

Returns:



16
17
18
19
# File 'lib/omniauth_openid_federation.rb', line 16

def self.configure
  yield(Configuration.config) if block_given?
  Configuration.config
end

.rotate_jwks(jwks_uri, entity_statement_path: nil) ⇒ Hash

Rotate JWKS cache for a provider This is useful for background jobs to proactively refresh keys

Examples:

# Rotate JWKS for a provider
OmniauthOpenidFederation.rotate_jwks(
  "https://provider.example.com/.well-known/jwks.json",
  entity_statement_path: "config/provider-entity-statement.jwt"
)

Parameters:

  • jwks_uri (String)

    The JWKS URI to refresh

  • entity_statement_path (String, nil) (defaults to: nil)

    Path to entity statement file (optional)

  • entity_statement_path: (String, nil) (defaults to: nil)

Returns:

  • (Hash)

    The refreshed JWKS hash

Raises:



87
88
89
# File 'lib/omniauth_openid_federation.rb', line 87

def self.rotate_jwks(jwks_uri, entity_statement_path: nil)
  Jwks::Rotate.run(jwks_uri, entity_statement_path: entity_statement_path)
end