Module: GDS::SSO::BearerToken

Defined in:

lib/gds-sso/bearer_token.rb

Class Method Summary

• .locate(token_string) ⇒ Object
• .oauth_client ⇒ Object
• .omniauth_style_response(response_body) ⇒ Object

  Our User code assumes we’re getting our user data back via omniauth and so receiving it in omniauth’s preferred structure.

Class Method Details

.locate(token_string) ⇒ Object

# File 'lib/gds-sso/bearer_token.rb', line 7

def self.locate(token_string)
  user_details = GDS::SSO::Config.cache.fetch(['api-user-cache', token_string], expires_in: 5.minutes) do
    access_token = OAuth2::AccessToken.new(oauth_client, token_string)
    response_body = access_token.get("/user.json?client_id=#{CGI.escape(GDS::SSO::Config.oauth_id)}").body
    omniauth_style_response(response_body)
  end

  GDS::SSO::Config.user_klass.find_for_gds_oauth(user_details)
rescue OAuth2::Error
  nil
end

.oauth_client ⇒ Object

# File 'lib/gds-sso/bearer_token.rb', line 19

def self.oauth_client
  @oauth_client ||= OAuth2::Client.new(
    GDS::SSO::Config.oauth_id,
    GDS::SSO::Config.oauth_secret,
    :site => GDS::SSO::Config.oauth_root_url
  )
end

.omniauth_style_response(response_body) ⇒ Object

Our User code assumes we’re getting our user data back via omniauth and so receiving it in omniauth’s preferred structure. Here we’re addressing signon directly so we need to transform the response ourselves.

# File 'lib/gds-sso/bearer_token.rb', line 31

def self.omniauth_style_response(response_body)
  input = MultiJson.decode(response_body)['user']

  {
    'uid' => input['uid'],
    'info' => {
      'email' => input['email'],
      'name' => input['name']
    },
    'extra' => {
      'user' => {
        'permissions' => input['permissions'],
        'organisation_slug' => input['organisation_slug'],
        'organisation_content_id' => input['organisation_content_id'],
      }
    }
  }
end