Class: CF::UAA::Info
Overview
Provides interfaces to various UAA endpoints that are not in the context of an overall class of operations like SCIM resources or OAuth2 tokens.
Constant Summary
Constants included from Http
Http::FORM_UTF8, Http::JSON_UTF8
Instance Attribute Summary collapse
-
#key_style ⇒ Object
readonly
Returns the value of attribute key_style.
-
#target ⇒ Object
Returns the value of attribute target.
Instance Method Summary collapse
-
#decode_token(client_id, client_secret, token, token_type = "bearer", audience_ids = nil) ⇒ Hash
Sends
token
to the server to validate and decode. -
#discover_uaa ⇒ String
Gets a base url for the associated UAA from the target server by inspecting the links returned from its info endpoint.
-
#initialize(target, options = {}) ⇒ Info
constructor
A new instance of Info.
-
#password_strength(password) ⇒ Hash
Gets information about the given password, including a strength score and an indication of what strength is required.
-
#server ⇒ Hash
Gets basic information about the target server, including version number, commit ID, and links to API endpoints.
-
#symbolize_keys=(bool) ⇒ Boolean
sets whether the keys in returned hashes should be symbols.
-
#validation_key(client_id = nil, client_secret = nil) ⇒ Hash
Gets the key from the server that is used to validate token signatures.
-
#validation_keys_hash(client_id = nil, client_secret = nil) ⇒ Hash
Gets all currently valid token verification keys.
-
#varz(name, pwd) ⇒ Hash
Gets various monitoring and status variables from the server.
-
#whoami(auth_header) ⇒ Hash
Gets information about the user authenticated by the token in the
auth_header
.
Methods included from Http
basic_auth, #logger, #logger=, #set_request_handler, #trace?
Constructor Details
#initialize(target, options = {}) ⇒ Info
Returns a new instance of Info.
32 33 34 35 36 37 38 |
# File 'lib/uaa/info.rb', line 32 def initialize(target, = {}) self.target = target self.skip_ssl_validation = [:skip_ssl_validation] self.ssl_ca_file = [:ssl_ca_file] self.ssl_cert_store = [:ssl_cert_store] self.symbolize_keys = [:symbolize_keys] end |
Instance Attribute Details
#key_style ⇒ Object (readonly)
Returns the value of attribute key_style.
24 25 26 |
# File 'lib/uaa/info.rb', line 24 def key_style @key_style end |
#target ⇒ Object
Returns the value of attribute target.
23 24 25 |
# File 'lib/uaa/info.rb', line 23 def target @target end |
Instance Method Details
#decode_token(client_id, client_secret, token, token_type = "bearer", audience_ids = nil) ⇒ Hash
Sends token
to the server to validate and decode. Authenticates with client_id
and client_secret
. If audience_ids
are specified and the token’s “aud” attribute does not contain one or more of the audience_ids, raises AuthError – meaning the token is not for this audience.
132 133 134 135 136 137 138 139 140 |
# File 'lib/uaa/info.rb', line 132 def decode_token(client_id, client_secret, token, token_type = "bearer", audience_ids = nil) reply = json_get(target, "/check_token?token_type=#{token_type}&token=#{token}", key_style, "authorization" => Http.basic_auth(client_id, client_secret)) auds = Util.arglist(reply[:aud] || reply['aud']) if audience_ids && (!auds || (auds & audience_ids).empty?) raise AuthError, "invalid audience: #{auds.join(' ')}" end reply end |
#discover_uaa ⇒ String
Gets a base url for the associated UAA from the target server by inspecting the links returned from its info endpoint.
79 80 81 82 83 84 85 |
# File 'lib/uaa/info.rb', line 79 def discover_uaa info = server links = info['links'] || info[:links] uaa = links && (links['uaa'] || links[:uaa]) uaa || target end |
#password_strength(password) ⇒ Hash
Gets information about the given password, including a strength score and an indication of what strength is required.
146 147 148 149 150 |
# File 'lib/uaa/info.rb', line 146 def password_strength(password) json_parse_reply(key_style, *request(target, :post, '/password/score', Util.encode_form(:password => password), "content-type" => Http::FORM_UTF8, "accept" => Http::JSON_UTF8)) end |
#server ⇒ Hash
Gets basic information about the target server, including version number, commit ID, and links to API endpoints.
70 71 72 73 74 |
# File 'lib/uaa/info.rb', line 70 def server reply = json_get(target, '/login', key_style) return reply if reply && (reply[:prompts] || reply['prompts']) raise BadResponse, "Invalid response from target #{target}" end |
#symbolize_keys=(bool) ⇒ Boolean
sets whether the keys in returned hashes should be symbols.
42 43 44 |
# File 'lib/uaa/info.rb', line 42 def symbolize_keys=(bool) @key_style = bool ? :sym : nil end |
#validation_key(client_id = nil, client_secret = nil) ⇒ Hash
Gets the key from the server that is used to validate token signatures. If the server is configured to use a symetric key, the caller must authenticate by providing a a client_id
and client_secret
. If the server is configured to sign with a private key, this call will retrieve the public key and client_id
must be nil.
94 95 96 97 98 |
# File 'lib/uaa/info.rb', line 94 def validation_key(client_id = nil, client_secret = nil) hdrs = client_id && client_secret ? { "authorization" => Http.basic_auth(client_id, client_secret)} : {} json_get(target, "/token_key", key_style, hdrs) end |
#validation_keys_hash(client_id = nil, client_secret = nil) ⇒ Hash
Gets all currently valid token verification keys. If the server has had its signing key changed, then /token_key
will return a verification key that does not match a JWT token issued before the change. To validate the signature of these tokens, refer to the kid
header of the JWT token. The validation_keys_hash
method returns a hash of all currently valid verification keys, indexed by kid
. To retrieve symmetric keys as part of the result, client credentials are required.
109 110 111 112 113 114 115 116 117 118 119 120 121 |
# File 'lib/uaa/info.rb', line 109 def validation_keys_hash(client_id = nil, client_secret = nil) hdrs = client_id && client_secret ? { "authorization" => Http.basic_auth(client_id, client_secret)} : {} response = json_get(target, "/token_keys", key_style, hdrs) keys_map = {} response['keys'].each do |key| keys_map[key['kid']] = key end keys_map end |
#varz(name, pwd) ⇒ Hash
Gets various monitoring and status variables from the server. Authenticates using name
and pwd
for basic authentication.
63 64 65 |
# File 'lib/uaa/info.rb', line 63 def varz(name, pwd) json_get(target, "/varz", key_style, "authorization" => Http.basic_auth(name, pwd)) end |
#whoami(auth_header) ⇒ Hash
Gets information about the user authenticated by the token in the auth_header
. It GETs from the target
‘s /userinfo
endpoint and returns user information as specified by OpenID Connect.
55 56 57 |
# File 'lib/uaa/info.rb', line 55 def whoami(auth_header) json_get(target, "/userinfo?schema=openid", key_style, "authorization" => auth_header) end |