Class: OmniauthOpenidFederation::OidcClient

Inherits:
OAuth2::Client
  • Object
show all
Defined in:
lib/omniauth_openid_federation/oidc_client.rb

Constant Summary collapse

CLIENT_ASSERTION_TYPE =
"urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
CLIENT_ASSERTION_EXPIRATION_SECONDS =
180

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(identifier:, redirect_uri:, authorization_endpoint:, token_endpoint:, secret: nil, userinfo_endpoint: nil, jwks_uri: nil) ⇒ OidcClient

Returns a new instance of OidcClient.



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# File 'lib/omniauth_openid_federation/oidc_client.rb', line 17

def initialize(identifier:, redirect_uri:, authorization_endpoint:, token_endpoint:, secret: nil,
  userinfo_endpoint: nil, jwks_uri: nil)
  token_uri = URI.parse(token_endpoint.to_s)
  site = build_site(token_uri)

  super(
    identifier,
    secret,
    site: site,
    authorize_url: authorization_endpoint,
    token_url: token_endpoint,
    redirect_uri: redirect_uri,
    auth_scheme: :private_key_jwt
  )

  @authorization_endpoint = authorization_endpoint
  @token_endpoint = token_endpoint
  @userinfo_endpoint = userinfo_endpoint
  @jwks_uri = jwks_uri
  @authorization_code = nil
end

Instance Attribute Details

#authorization_codeObject

Returns the value of attribute authorization_code.



14
15
16
# File 'lib/omniauth_openid_federation/oidc_client.rb', line 14

def authorization_code
  @authorization_code
end

#authorization_endpointObject (readonly)

Returns the value of attribute authorization_endpoint.



15
16
17
# File 'lib/omniauth_openid_federation/oidc_client.rb', line 15

def authorization_endpoint
  @authorization_endpoint
end

#jwks_uriObject

Returns the value of attribute jwks_uri.



14
15
16
# File 'lib/omniauth_openid_federation/oidc_client.rb', line 14

def jwks_uri
  @jwks_uri
end

#private_keyObject

Returns the value of attribute private_key.



14
15
16
# File 'lib/omniauth_openid_federation/oidc_client.rb', line 14

def private_key
  @private_key
end

#token_endpointObject (readonly)

Returns the value of attribute token_endpoint.



15
16
17
# File 'lib/omniauth_openid_federation/oidc_client.rb', line 15

def token_endpoint
  @token_endpoint
end

#userinfo_endpointObject (readonly)

Returns the value of attribute userinfo_endpoint.



15
16
17
# File 'lib/omniauth_openid_federation/oidc_client.rb', line 15

def userinfo_endpoint
  @userinfo_endpoint
end

Instance Method Details

#access_token!(client_auth_method = :jwt_bearer) ⇒ Object



59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# File 'lib/omniauth_openid_federation/oidc_client.rb', line 59

def access_token!(client_auth_method = :jwt_bearer)
  unless client_auth_method == :jwt_bearer
    raise ConfigurationError, "Unsupported client_auth_method: #{client_auth_method}"
  end

  OmniauthOpenidFederation::Validators.validate_private_key!(private_key)

  oauth_token = auth_code.get_token(
    authorization_code,
    redirect_uri: redirect_uri,
    client_assertion_type: CLIENT_ASSERTION_TYPE,
    client_assertion: build_client_assertion
  )

  OmniauthOpenidFederation::AccessToken.from_oauth2_token(
    oauth_token,
    strategy_options: instance_variable_get(:@strategy_options)
  )
end

#hostObject



55
56
57
# File 'lib/omniauth_openid_federation/oidc_client.rb', line 55

def host
  URI.parse(site.to_s).host
end

#identifierObject



39
40
41
# File 'lib/omniauth_openid_federation/oidc_client.rb', line 39

def identifier
  id
end

#identifier=(value) ⇒ Object



43
44
45
# File 'lib/omniauth_openid_federation/oidc_client.rb', line 43

def identifier=(value)
  @id = value
end

#redirect_uriObject



47
48
49
# File 'lib/omniauth_openid_federation/oidc_client.rb', line 47

def redirect_uri
  options[:redirect_uri]
end

#redirect_uri=(value) ⇒ Object



51
52
53
# File 'lib/omniauth_openid_federation/oidc_client.rb', line 51

def redirect_uri=(value)
  options[:redirect_uri] = value
end