Class: OmniauthOpenidFederation::AccessToken

Inherits:
Object
  • Object
show all
Defined in:
lib/omniauth_openid_federation/access_token.rb,
sig/strategy.rbs

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(access_token:, client:, refresh_token: nil, expires_in: nil, id_token: nil, strategy_options: nil, oauth_token: nil) ⇒ AccessToken

Returns a new instance of AccessToken.



13
14
15
16
17
18
19
20
21
22
# File 'lib/omniauth_openid_federation/access_token.rb', line 13

def initialize(access_token:, client:, refresh_token: nil, expires_in: nil, id_token: nil,
  strategy_options: nil, oauth_token: nil)
  @access_token = access_token
  @refresh_token = refresh_token
  @expires_in = expires_in
  @id_token = id_token
  @client = client
  @strategy_options = strategy_options
  @oauth_token = oauth_token
end

Instance Attribute Details

#access_tokenObject (readonly)

Returns the value of attribute access_token.



11
12
13
# File 'lib/omniauth_openid_federation/access_token.rb', line 11

def access_token
  @access_token
end

#clientObject (readonly)

Returns the value of attribute client.



11
12
13
# File 'lib/omniauth_openid_federation/access_token.rb', line 11

def client
  @client
end

#expires_inObject (readonly)

Returns the value of attribute expires_in.



11
12
13
# File 'lib/omniauth_openid_federation/access_token.rb', line 11

def expires_in
  @expires_in
end

#id_tokenObject (readonly)

Returns the value of attribute id_token.



11
12
13
# File 'lib/omniauth_openid_federation/access_token.rb', line 11

def id_token
  @id_token
end

#refresh_tokenObject (readonly)

Returns the value of attribute refresh_token.



11
12
13
# File 'lib/omniauth_openid_federation/access_token.rb', line 11

def refresh_token
  @refresh_token
end

Class Method Details

.from_oauth2_token(oauth_token, strategy_options: nil) ⇒ Object



24
25
26
27
28
29
30
31
32
33
34
35
36
37
# File 'lib/omniauth_openid_federation/access_token.rb', line 24

def self.from_oauth2_token(oauth_token, strategy_options: nil)
  token_params = oauth_token.params || {}
  id_token_value = token_params["id_token"] || token_params[:id_token]

  new(
    access_token: oauth_token.token,
    refresh_token: oauth_token.refresh_token,
    expires_in: oauth_token.expires_in,
    id_token: id_token_value,
    client: oauth_token.client,
    strategy_options: strategy_options,
    oauth_token: oauth_token
  )
end

Instance Method Details

#decode_response_body(body) ⇒ Object



68
69
70
# File 'lib/omniauth_openid_federation/access_token.rb', line 68

def decode_response_body(body)
  JwtResponseDecoder.new(strategy_options: get_strategy_options, client: client).decode(body)
end

#extract_encryption_key_for_decryptionObject

Returns:

  • (Object)


53
# File 'sig/strategy.rbs', line 53

def extract_encryption_key_for_decryption: () -> untyped

#fetch_signed_jwksHash[String, untyped]?

Parameters:

  • strategy_options (Hash[Symbol, untyped])

Returns:

  • (Hash[String, untyped], nil)


54
# File 'sig/strategy.rbs', line 54

def fetch_signed_jwks: (Hash[Symbol, untyped] strategy_options) -> Hash[String, untyped]?

#get_strategy_optionsHash[Symbol, untyped]

Returns:

  • (Hash[Symbol, untyped])


121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
# File 'lib/omniauth_openid_federation/access_token.rb', line 121

def get_strategy_options
  if @strategy_options.is_a?(Hash)
    return @strategy_options
  end

  if respond_to?(:client) && client
    strategy_options = client.instance_variable_get(:@strategy_options)
    return strategy_options if strategy_options&.is_a?(Hash)
  end

  if respond_to?(:client) && client
    client_options = {}
    client_options[:jwks_uri] = client.jwks_uri.to_s if client.respond_to?(:jwks_uri) && client.jwks_uri
    client_options[:private_key] = client.private_key if client.respond_to?(:private_key) && client.private_key

    return {
      client_options: client_options
    }
  end

  OmniauthOpenidFederation::Logger.warn("[AccessToken] Could not determine strategy options from client. Some features may not work correctly.")
  {}
end

#load_entity_statement_keys_for_jwks_validationArray[untyped]

Parameters:

  • strategy_options (Hash[Symbol, untyped])

Returns:

  • (Array[untyped])


55
# File 'sig/strategy.rbs', line 55

def load_entity_statement_keys_for_jwks_validation: (Hash[Symbol, untyped] strategy_options) -> Array[untyped]

#resolve_jwks_uri_from_entity_statementString?

Parameters:

  • strategy_options (Hash[Symbol, untyped])

Returns:

  • (String, nil)


56
# File 'sig/strategy.rbs', line 56

def resolve_jwks_uri_from_entity_statement: (Hash[Symbol, untyped] strategy_options) -> String?

#resource_request { ... } ⇒ Object

Yields:

Yield Returns:

  • (Object)

Returns:

  • (Object)


98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# File 'lib/omniauth_openid_federation/access_token.rb', line 98

def resource_request
  res = yield
  status_code = if res.status.is_a?(Integer)
    res.status
  else
    (res.status.respond_to?(:code) ? res.status.code : res.status)
  end
  case status_code
  when 200
    decode_response_body(res.body)
  when 400
    raise BadRequest.new("API Access Faild", res)
  when 401
    raise Unauthorized.new("Access Token Invalid or Expired", res)
  when 403
    raise Forbidden.new("Insufficient Scope", res)
  else
    raise HttpError.new(res.status, "Unknown HttpError", res)
  end
end

#userinfo!(params = {}, http_method: :get, headers: {}) ⇒ Object

Returns:

  • (Object)


39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# File 'lib/omniauth_openid_federation/access_token.rb', line 39

def userinfo!(params = {}, http_method: :get, headers: {})
  unless [:get, :post].include?(http_method)
    raise ArgumentError, "http_method must be :get or :post"
  end

  endpoint = client.userinfo_endpoint
  unless OmniauthOpenidFederation::StringHelpers.present?(endpoint)
    raise ConfigurationError, "Userinfo endpoint not configured"
  end

  unless @oauth_token
    raise ConfigurationError, "OAuth token reference not available for userinfo request"
  end

  response = case http_method
  when :get
    @oauth_token.get(endpoint.to_s, params: params, headers: headers)
  when :post
    @oauth_token.post(
      endpoint.to_s,
      body: params,
      headers: headers.merge("Content-Type" => "application/x-www-form-urlencoded")
    )
  end

  claims = parse_userinfo_response(response)
  OmniauthOpenidFederation::UserInfo.new(claims)
end