Class: OmniauthOpenidFederation::AccessToken
- Inherits:
-
Object
- Object
- OmniauthOpenidFederation::AccessToken
- Defined in:
- lib/omniauth_openid_federation/access_token.rb,
sig/strategy.rbs
Instance Attribute Summary collapse
-
#access_token ⇒ Object
readonly
Returns the value of attribute access_token.
-
#client ⇒ Object
readonly
Returns the value of attribute client.
-
#expires_in ⇒ Object
readonly
Returns the value of attribute expires_in.
-
#id_token ⇒ Object
readonly
Returns the value of attribute id_token.
-
#refresh_token ⇒ Object
readonly
Returns the value of attribute refresh_token.
Class Method Summary collapse
Instance Method Summary collapse
- #decode_response_body(body) ⇒ Object
- #extract_encryption_key_for_decryption ⇒ Object
- #fetch_signed_jwks ⇒ Hash[String, untyped]?
- #get_strategy_options ⇒ Hash[Symbol, untyped]
-
#initialize(access_token:, client:, refresh_token: nil, expires_in: nil, id_token: nil, strategy_options: nil, oauth_token: nil) ⇒ AccessToken
constructor
A new instance of AccessToken.
- #load_entity_statement_keys_for_jwks_validation ⇒ Array[untyped]
- #resolve_jwks_uri_from_entity_statement ⇒ String?
- #resource_request { ... } ⇒ Object
- #userinfo!(params = {}, http_method: :get, headers: {}) ⇒ Object
Constructor Details
#initialize(access_token:, client:, refresh_token: nil, expires_in: nil, id_token: nil, strategy_options: nil, oauth_token: nil) ⇒ AccessToken
Returns a new instance of AccessToken.
13 14 15 16 17 18 19 20 21 22 |
# File 'lib/omniauth_openid_federation/access_token.rb', line 13 def initialize(access_token:, client:, refresh_token: nil, expires_in: nil, id_token: nil, strategy_options: nil, oauth_token: nil) @access_token = access_token @refresh_token = refresh_token @expires_in = expires_in @id_token = id_token @client = client @strategy_options = @oauth_token = oauth_token end |
Instance Attribute Details
#access_token ⇒ Object (readonly)
Returns the value of attribute access_token.
11 12 13 |
# File 'lib/omniauth_openid_federation/access_token.rb', line 11 def access_token @access_token end |
#client ⇒ Object (readonly)
Returns the value of attribute client.
11 12 13 |
# File 'lib/omniauth_openid_federation/access_token.rb', line 11 def client @client end |
#expires_in ⇒ Object (readonly)
Returns the value of attribute expires_in.
11 12 13 |
# File 'lib/omniauth_openid_federation/access_token.rb', line 11 def expires_in @expires_in end |
#id_token ⇒ Object (readonly)
Returns the value of attribute id_token.
11 12 13 |
# File 'lib/omniauth_openid_federation/access_token.rb', line 11 def id_token @id_token end |
#refresh_token ⇒ Object (readonly)
Returns the value of attribute refresh_token.
11 12 13 |
# File 'lib/omniauth_openid_federation/access_token.rb', line 11 def refresh_token @refresh_token end |
Class Method Details
.from_oauth2_token(oauth_token, strategy_options: nil) ⇒ Object
24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
# File 'lib/omniauth_openid_federation/access_token.rb', line 24 def self.from_oauth2_token(oauth_token, strategy_options: nil) token_params = oauth_token.params || {} id_token_value = token_params["id_token"] || token_params[:id_token] new( access_token: oauth_token.token, refresh_token: oauth_token.refresh_token, expires_in: oauth_token.expires_in, id_token: id_token_value, client: oauth_token.client, strategy_options: , oauth_token: oauth_token ) end |
Instance Method Details
#decode_response_body(body) ⇒ Object
68 69 70 |
# File 'lib/omniauth_openid_federation/access_token.rb', line 68 def decode_response_body(body) JwtResponseDecoder.new(strategy_options: , client: client).decode(body) end |
#extract_encryption_key_for_decryption ⇒ Object
53 |
# File 'sig/strategy.rbs', line 53
def extract_encryption_key_for_decryption: () -> untyped
|
#fetch_signed_jwks ⇒ Hash[String, untyped]?
54 |
# File 'sig/strategy.rbs', line 54
def fetch_signed_jwks: (Hash[Symbol, untyped] strategy_options) -> Hash[String, untyped]?
|
#get_strategy_options ⇒ Hash[Symbol, untyped]
121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 |
# File 'lib/omniauth_openid_federation/access_token.rb', line 121 def if @strategy_options.is_a?(Hash) return @strategy_options end if respond_to?(:client) && client = client.instance_variable_get(:@strategy_options) return if &.is_a?(Hash) end if respond_to?(:client) && client = {} [:jwks_uri] = client.jwks_uri.to_s if client.respond_to?(:jwks_uri) && client.jwks_uri [:private_key] = client.private_key if client.respond_to?(:private_key) && client.private_key return { client_options: } end OmniauthOpenidFederation::Logger.warn("[AccessToken] Could not determine strategy options from client. Some features may not work correctly.") {} end |
#load_entity_statement_keys_for_jwks_validation ⇒ Array[untyped]
55 |
# File 'sig/strategy.rbs', line 55
def load_entity_statement_keys_for_jwks_validation: (Hash[Symbol, untyped] strategy_options) -> Array[untyped]
|
#resolve_jwks_uri_from_entity_statement ⇒ String?
56 |
# File 'sig/strategy.rbs', line 56
def resolve_jwks_uri_from_entity_statement: (Hash[Symbol, untyped] strategy_options) -> String?
|
#resource_request { ... } ⇒ Object
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 |
# File 'lib/omniauth_openid_federation/access_token.rb', line 98 def resource_request res = yield status_code = if res.status.is_a?(Integer) res.status else (res.status.respond_to?(:code) ? res.status.code : res.status) end case status_code when 200 decode_response_body(res.body) when 400 raise BadRequest.new("API Access Faild", res) when 401 raise Unauthorized.new("Access Token Invalid or Expired", res) when 403 raise Forbidden.new("Insufficient Scope", res) else raise HttpError.new(res.status, "Unknown HttpError", res) end end |
#userinfo!(params = {}, http_method: :get, headers: {}) ⇒ Object
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
# File 'lib/omniauth_openid_federation/access_token.rb', line 39 def userinfo!(params = {}, http_method: :get, headers: {}) unless [:get, :post].include?(http_method) raise ArgumentError, "http_method must be :get or :post" end endpoint = client.userinfo_endpoint unless OmniauthOpenidFederation::StringHelpers.present?(endpoint) raise ConfigurationError, "Userinfo endpoint not configured" end unless @oauth_token raise ConfigurationError, "OAuth token reference not available for userinfo request" end response = case http_method when :get @oauth_token.get(endpoint.to_s, params: params, headers: headers) when :post @oauth_token.post( endpoint.to_s, body: params, headers: headers.merge("Content-Type" => "application/x-www-form-urlencoded") ) end claims = parse_userinfo_response(response) OmniauthOpenidFederation::UserInfo.new(claims) end |