Class: StandardId::ClientApplication

Inherits:

ApplicationRecord

• Object
• ActiveRecord::Base
• ApplicationRecord
• StandardId::ClientApplication

Defined in:

app/models/standard_id/client_application.rb

Instance Method Summary

• #activate! ⇒ Object
• #active? ⇒ Boolean
• #authenticate_client_secret(secret) ⇒ Object

  Check if client can authenticate with given secret.

• #code_challenge_methods_array ⇒ Object
• #confidential? ⇒ Boolean
• #create_client_secret!(name: "Default Secret", **options) ⇒ Object

  Generate a new client secret credential.

• #deactivate! ⇒ Object
• #grant_types_array ⇒ Object
• #primary_client_secret ⇒ Object

  Get the primary (first active) client secret.

• #public? ⇒ Boolean
• #redirect_uris_array ⇒ Object

  OAuth configuration helpers.

• #response_types_array ⇒ Object
• #rotate_client_secret!(new_secret_name: "Rotated Secret #{Time.current.strftime('%Y%m%d')}", client_secret: SecureRandom.hex(32)) ⇒ Object

  Client secret rotation support.

• #scopes_array ⇒ Object
• #supports_grant_type?(grant_type) ⇒ Boolean
• #supports_pkce_method?(method) ⇒ Boolean
• #supports_response_type?(response_type) ⇒ Boolean
• #valid_redirect_uri?(uri) ⇒ Boolean

Instance Method Details

#activate! ⇒ Object

# File 'app/models/standard_id/client_application.rb', line 39

def activate!
  update!(active: true, deactivated_at: nil)
end

#active? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/standard_id/client_application.rb', line 43

def active?
  active && deactivated_at.nil?
end

#authenticate_client_secret(secret) ⇒ Object

Check if client can authenticate with given secret

# File 'app/models/standard_id/client_application.rb', line 124

def authenticate_client_secret(secret)
  client_secret_credentials.active.find { |cred| cred.authenticate_client_secret(secret) }
end

#code_challenge_methods_array ⇒ Object

# File 'app/models/standard_id/client_application.rb', line 64

def code_challenge_methods_array
  code_challenge_methods.to_s.split(/\s+/).map(&:strip).reject(&:blank?)
end

#confidential? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/standard_id/client_application.rb', line 85

def confidential?
  client_type == "confidential"
end

#create_client_secret!(name: "Default Secret", **options) ⇒ Object

Generate a new client secret credential

# File 'app/models/standard_id/client_application.rb', line 94

def create_client_secret!(name: "Default Secret", **options)
  client_secret_credentials.create!({
    name: name,
    client_id: client_id,
    scopes: scopes
  }.merge(options))
end

#deactivate! ⇒ Object

# File 'app/models/standard_id/client_application.rb', line 35

def deactivate!
  update!(active: false, deactivated_at: Time.current)
end

#grant_types_array ⇒ Object

# File 'app/models/standard_id/client_application.rb', line 56

def grant_types_array
  grant_types.to_s.split(/\s+/).map(&:strip).reject(&:blank?)
end

#primary_client_secret ⇒ Object

Get the primary (first active) client secret

# File 'app/models/standard_id/client_application.rb', line 103

def primary_client_secret
  client_secret_credentials.active.first
end

#public? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/standard_id/client_application.rb', line 89

def public?
  client_type == "public"
end

#redirect_uris_array ⇒ Object

OAuth configuration helpers

# File 'app/models/standard_id/client_application.rb', line 48

def redirect_uris_array
  redirect_uris.to_s.split(/\s+/).map(&:strip).reject(&:blank?)
end

#response_types_array ⇒ Object

# File 'app/models/standard_id/client_application.rb', line 60

def response_types_array
  response_types.to_s.split(/\s+/).map(&:strip).reject(&:blank?)
end

#rotate_client_secret!(new_secret_name: "Rotated Secret #{Time.current.strftime('%Y%m%d')}", client_secret: SecureRandom.hex(32)) ⇒ Object

Client secret rotation support

# File 'app/models/standard_id/client_application.rb', line 108

def rotate_client_secret!(new_secret_name: "Rotated Secret #{Time.current.strftime('%Y%m%d')}", client_secret: SecureRandom.hex(32))
  transaction do
    # Create new secret
    new_secret = create_client_secret!(name: new_secret_name, client_secret: client_secret)

    # Deactivate old secrets (but don't delete for audit trail)
    client_secret_credentials.where.not(id: new_secret.id).update_all(
      active: false,
      revoked_at: Time.current
    )

    new_secret
  end
end

#scopes_array ⇒ Object

# File 'app/models/standard_id/client_application.rb', line 52

def scopes_array
  scopes.to_s.split(/\s+/).map(&:strip).reject(&:blank?)
end

#supports_grant_type?(grant_type) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/standard_id/client_application.rb', line 68

def supports_grant_type?(grant_type)
  grant_types_array.include?(grant_type.to_s)
end

#supports_pkce_method?(method) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/standard_id/client_application.rb', line 76

def supports_pkce_method?(method)
  return false unless require_pkce?
  code_challenge_methods_array.include?(method.to_s)
end

#supports_response_type?(response_type) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/standard_id/client_application.rb', line 72

def supports_response_type?(response_type)
  response_types_array.include?(response_type.to_s)
end

#valid_redirect_uri?(uri) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/standard_id/client_application.rb', line 81

def valid_redirect_uri?(uri)
  redirect_uris_array.include?(uri.to_s)
end