Class: Zitadel::Client::Auth::OpenId

Inherits:

Object

• Object
• Zitadel::Client::Auth::OpenId

Defined in:

lib/zitadel/client/auth/open_id.rb

Overview

OpenId retrieves OpenID Connect configuration from a given host.

It builds the well-known configuration URL from the provided hostname, fetches the configuration, and extracts the token endpoint.

Instance Attribute Summary

• #host_endpoint ⇒ Object

  Returns the value of attribute host_endpoint.

• #token_endpoint ⇒ Object

  Returns the value of attribute token_endpoint.

Class Method Summary

• .build_well_known_url(hostname) ⇒ String

  Builds the well-known OpenID configuration URL for the given hostname.

Instance Method Summary

• #initialize(hostname, transport_options: nil) ⇒ OpenId constructor

  Initializes a new OpenId instance.

Constructor Details

#initialize(hostname, transport_options: nil) ⇒ OpenId

Initializes a new OpenId instance.

noinspection HttpUrlsUsage rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity

Parameters:

• hostname (String) —

  the hostname for the OpenID provider.

• transport_options (TransportOptions, nil) (defaults to: nil) —

  Optional transport options for TLS, proxy, and headers.

Raises:

• (RuntimeError) —

  if the OpenID configuration cannot be fetched or the token_endpoint is missing.

# File 'lib/zitadel/client/auth/open_id.rb', line 29

def initialize(hostname, transport_options: nil)
  transport_options ||= TransportOptions.defaults
  hostname = "https://#{hostname}" unless hostname.start_with?('http://', 'https://')
  @host_endpoint = hostname
  well_known_url = self.class.build_well_known_url(hostname)

  uri = URI.parse(well_known_url)
  http = if transport_options.proxy_url
           proxy_uri = URI.parse(transport_options.proxy_url)
           Net::HTTP.new(uri.host.to_s, uri.port, proxy_uri.host, proxy_uri.port,
                         proxy_uri.user, proxy_uri.password)
         else
           Net::HTTP.new(uri.host.to_s, uri.port)
         end
  http.use_ssl = (uri.scheme == 'https')
  if transport_options.insecure
    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
  elsif transport_options.ca_cert_path
    store = OpenSSL::X509::Store.new
    store.set_default_paths
    store.add_file(transport_options.ca_cert_path)
    http.cert_store = store
    http.verify_mode = OpenSSL::SSL::VERIFY_PEER
  end
  request = Net::HTTP::Get.new(uri)
  transport_options.default_headers.each { |k, v| request[k] = v }
  response = http.request(request)
  raise "Failed to fetch OpenID configuration: HTTP #{response.code}" unless response.code.to_i == 200

  config = JSON.parse(response.body)
  token_endpoint = config['token_endpoint']
  raise 'token_endpoint not found in OpenID configuration' unless token_endpoint

  @token_endpoint = token_endpoint
end

Instance Attribute Details

#host_endpoint ⇒ Object

Returns the value of attribute host_endpoint.

# File 'lib/zitadel/client/auth/open_id.rb', line 18

def host_endpoint
  @host_endpoint
end

#token_endpoint ⇒ Object

Returns the value of attribute token_endpoint.

# File 'lib/zitadel/client/auth/open_id.rb', line 18

def token_endpoint
  @token_endpoint
end

Class Method Details

.build_well_known_url(hostname) ⇒ String

Builds the well-known OpenID configuration URL for the given hostname.

Parameters:

• hostname (String) —

  the hostname for the OpenID provider.

Returns:

• (String) —

  the well-known configuration URL.

# File 'lib/zitadel/client/auth/open_id.rb', line 72

def self.build_well_known_url(hostname)
  URI.join(hostname, '/.well-known/openid-configuration').to_s
end