Class: Shakha::AuthController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• Shakha::AuthController

Includes:

PKCEMixin

Defined in:

app/controllers/shakha/auth_controller.rb

Constant Summary

Constants included from PKCEMixin

PKCEMixin::CODE_CHALLENGE_METHOD, PKCEMixin::CODE_VERIFIER_LENGTH

Instance Method Summary

• #authorize ⇒ Object
• #callback ⇒ Object
• #error ⇒ Object
• #new ⇒ Object
• #token ⇒ Object

Methods included from PKCEMixin

generate_code_challenge, generate_code_verifier

Instance Method Details

#authorize ⇒ Object

# File 'app/controllers/shakha/auth_controller.rb', line 17

def authorize
  pkce = create_pkce_bundle
  @client = find_or_create_client

  google_auth_url = build_google_auth_url(pkce)

  redirect_to google_auth_url
end

#callback ⇒ Object

# File 'app/controllers/shakha/auth_controller.rb', line 26

def callback
  verifier = verify_pkce!(params[:code])

  exchange_code_for_tokens(params[:code], verifier)
rescue PKCEError, GoogleOAuthError => e
  redirect_to shakha.error_path(message: e.message)
end

#error ⇒ Object

# File 'app/controllers/shakha/auth_controller.rb', line 52

def error
  @message = params[:message] || "Authentication failed"
end

#new ⇒ Object

# File 'app/controllers/shakha/auth_controller.rb', line 12

def new
  @client = find_or_create_client
  @return_to = params[:return_to] || "/"
end

#token ⇒ Object

# File 'app/controllers/shakha/auth_controller.rb', line 34

def token
  code = params[:code]
  verifier = params[:code_verifier]

  raise PKCEError, "Missing code" unless code
  raise PKCEError, "Missing code_verifier" unless verifier

  id_token = exchange_code_for_id_token(code, verifier)

  render json: {
    id_token: id_token,
    pairwise_sub: id_token_payload(id_token)[:sub],
    expires_in: 24.hours.to_i
  }
rescue PKCEError, JWTError, GoogleOAuthError => e
  render json: { error: e.message }, status: :unauthorized
end