Class: Aptible::Auth::Token
- Defined in:
- lib/aptible/auth/token.rb
Class Method Summary collapse
Instance Method Summary collapse
- #authenticate_client(id, secret, subject, options = {}) ⇒ Object
- #authenticate_impersonate(subject_token, subject_token_type, options) ⇒ Object
- #authenticate_user(email, password, options = {}) ⇒ Object
- #expires_at ⇒ Object
- #oauth ⇒ Object
- #process_options(options) ⇒ Object
- #token ⇒ Object
Methods inherited from Resource
Class Method Details
.create(options) ⇒ Object
24 25 26 27 28 29 30 31 |
# File 'lib/aptible/auth/token.rb', line 24 def self.create() # For backwards compatibility: we used to throw in .create (which isn't # consistent with other resources), and we probably need to continue # doing this. We also need to continue throwing a OAuth2::Error. token = new token.() token end |
.create!(options) ⇒ Object
33 34 35 36 37 38 39 40 |
# File 'lib/aptible/auth/token.rb', line 33 def self.create!() Token.create() rescue OAuth2::Error => e # Rethrow OAuth2::Error as HyperResource::ResponseError for # aptible-resource to handle raise HyperResource::ResponseError.new(e.code, response: e.response, cause: e) end |
Instance Method Details
#authenticate_client(id, secret, subject, options = {}) ⇒ Object
48 49 50 51 52 53 54 55 56 57 58 59 60 |
# File 'lib/aptible/auth/token.rb', line 48 def authenticate_client(id, secret, subject, = {}) [:scope] ||= 'manage' # Unlike other methods, the assertion token grant requirs an "exp" # parameter rather than expires_in, but since we'd like to expose a # consistent API to consumers, we override it here expires_in = .delete(:expires_in) [:exp] = Time.now.utc.to_i + expires_in if expires_in oauth_token = oauth.assertion.get_token({ iss: id, sub: subject }.merge(signing_params_from_secret(secret).merge())) apply_oauth_response(oauth_token) end |
#authenticate_impersonate(subject_token, subject_token_type, options) ⇒ Object
62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 |
# File 'lib/aptible/auth/token.rb', line 62 def authenticate_impersonate(subject_token, subject_token_type, ) # TODO: This duplicates aptible-resource, is it worth extracting? actor_token = \ case actor_token = .delete(:token) when Aptible::Resource::Base then actor_token.access_token when Fridge::AccessToken then actor_token.to_s when String then actor_token else bearer_token end # TODO: Do we want to check whether the token is non-nil at this stage? [:scope] ||= 'manage' oauth_token = oauth.token_exchange.get_token( actor_token, 'urn:ietf:params:oauth:token-type:jwt', subject_token, subject_token_type, ) apply_oauth_response(oauth_token) end |
#authenticate_user(email, password, options = {}) ⇒ Object
42 43 44 45 46 |
# File 'lib/aptible/auth/token.rb', line 42 def authenticate_user(email, password, = {}) [:scope] ||= 'manage' oauth_token = oauth.password.get_token(email, password, ) apply_oauth_response(oauth_token) end |
#expires_at ⇒ Object
126 127 128 129 130 131 132 |
# File 'lib/aptible/auth/token.rb', line 126 def expires_at # The Auth API returns the expiry as a timestamp (i.e. an Integer), but # our API client knows only to handle times as strings. This overrides # the field method for expires_at to return a Time despite the # underlying API field being an Integer. Time.at(attributes[:expires_at]) end |
#oauth ⇒ Object
81 82 83 84 85 86 87 88 89 90 91 92 |
# File 'lib/aptible/auth/token.rb', line 81 def oauth = { site: root_url, token_url: '/tokens', connection_opts: { headers: { 'User-Agent' => Aptible::Resource.configuration.user_agent } } } @oauth ||= OAuth2::Client.new(nil, nil, ) end |
#process_options(options) ⇒ Object
94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 |
# File 'lib/aptible/auth/token.rb', line 94 def () = .dup if (email = .delete(:email)) && (password = .delete(:password)) authenticate_user(email, password, ) elsif (client_id = .delete(:client_id)) && (client_secret = .delete(:client_secret)) && (subject = .delete(:subject)) authenticate_client(client_id, client_secret, subject, ) elsif (href = .delete(:user_href)) authenticate_impersonate(href, 'aptible:user:href', ) elsif (href = .delete(:organization_href)) authenticate_impersonate(href, 'aptible:organization:href', ) elsif (email = .delete(:user_email)) authenticate_impersonate(email, 'aptible:user:email', ) else # rubocop:disable Style/SignalException fail 'Unrecognized options' # rubocop:enable Style/SignalException end end |
#token ⇒ Object
116 117 118 119 120 121 122 123 124 |
# File 'lib/aptible/auth/token.rb', line 116 def token # If the user set an arbitrary token, then we'll return that one, # otherwise we'll fall back to the Token itself, which makes it # possible to create a token and immediately access it #user or #actor # methods. # NOTE: Setting the token after the fact probably doesn't work anyway, # since the Authorization header won't be updated. @token || access_token end |