Class: Shakha::AuthController
Constant Summary
Constants included
from PKCEMixin
PKCEMixin::CODE_CHALLENGE_METHOD, PKCEMixin::CODE_VERIFIER_LENGTH, PKCEMixin::PKCE_COOKIE_EXPIRY_SECONDS, PKCEMixin::PKCE_COOKIE_NAME
Instance Method Summary
collapse
Methods included from PKCEMixin
generate_code_challenge, generate_code_verifier
Instance Method Details
#authorize ⇒ Object
17
18
19
20
21
22
23
24
|
# File 'app/controllers/shakha/auth_controller.rb', line 17
def authorize
pkce = create_pkce_bundle
@client = find_or_create_client
google_auth_url = build_google_auth_url(pkce)
redirect_to google_auth_url, allow_other_host: true
end
|
#callback ⇒ Object
26
27
28
29
30
31
|
# File 'app/controllers/shakha/auth_controller.rb', line 26
def callback
pkce_result = verify_pkce!(params[:code], params[:state])
exchange_code_for_tokens(params[:code], pkce_result[:verifier], pkce_result[:return_to])
rescue PKCEError, GoogleOAuthError => e
redirect_to "/auth/shakha/error?message=#{URI.encode_www_form_component(e.message)}"
end
|
#error ⇒ Object
51
52
53
|
# File 'app/controllers/shakha/auth_controller.rb', line 51
def error
@message = params[:message] || "Authentication failed"
end
|
#new ⇒ Object
12
13
14
15
|
# File 'app/controllers/shakha/auth_controller.rb', line 12
def new
@client = find_or_create_client
@return_to = params[:return_to] || "/"
end
|
#token ⇒ Object
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
# File 'app/controllers/shakha/auth_controller.rb', line 33
def token
code = params[:code]
verifier = params[:code_verifier]
raise PKCEError, "Missing code" unless code
raise PKCEError, "Missing code_verifier" unless verifier
id_token = exchange_code_for_id_token(code, verifier)
render json: {
id_token: id_token,
pairwise_sub: id_token_payload(id_token)[:sub],
expires_in: 24.hours.to_i
}
rescue PKCEError, JWTError, GoogleOAuthError => e
render json: { error: e.message }, status: :unauthorized
end
|