Class: Candid::Auth::Default::Client

Inherits:

Object

Object
Candid::Auth::Default::Client

show all

Defined in:: lib/candid/auth/default/client.rb

Instance Method Summary collapse

#get_token(request_options: {}, **params) ⇒ Candid::Auth::Default::Types::AuthGetTokenResponse

<Callout intent=“info”> Candid Health SDKs automatically handle authentication workflows after configuring them with the ‘client_id` and `client_secret`.
#initialize(client:) ⇒ Candid::Auth::Default::Client constructor

Constructor Details

#initialize(client:) ⇒ `Candid::Auth::Default::Client`



8
9
10

# File 'lib/candid/auth/default/client.rb', line 8

def initialize(client:)
  @client = client
end

Instance Method Details

#get_token(request_options: {}, **params) ⇒ `Candid::Auth::Default::Types::AuthGetTokenResponse`

<Callout intent=“info”> Candid Health SDKs automatically handle authentication workflows after configuring them with the ‘client_id` and `client_secret`. </Callout>

Candid Health utilizes the [OAuth 2.0 bearer token authentication scheme](developer.mozilla.org/en-US/docs/Web/HTTP/Authentication) in our auth flow. You obtain the bearer token for all subsequent API requests via the ‘/auth/v2/token` endpoint defined below, which requires you to provide your `client_id` and `client_secret`. Your `client_id` and `client_secret` can be [generated](support.joincandidhealth.com/hc/en-us/articles/23065219476244–Generating-Candid-API-Keys) from the “Users & Credentials” tab by your org admin.

The ‘/auth/v2/token` endpoint accepts both `Content-Type: application/json` and `Content-Type: application/x-www-form-urlencoded`. The request body should contain the `client_id` and `client_secret` as follows:

“‘json

"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET"

“‘ or as URL-encoded form data:

“‘ client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET “`

The bearer token is a signed [JWT](jwt.io/). The public key for the JWT can be found [here](candidhealth.auth0.com/pem) for any verification workflows.

The bearer token should be provided in the ‘Authorization` header for all subsequent API calls.

<Callout intent=“warning”> The bearer token expires 5 hours after it has been created. After it has expired, the client will receive an “HTTP 401 Unauthorized” error, at which point the client should generate a new token. It is important that tokens be reused between requests; if the client attempts to generate a token too often, it will be rate-limited and will receive an ‘HTTP 429 Too Many Requests` error. </Callout>

Returns:

(Candid::Auth::Default::Types::AuthGetTokenResponse)

# File 'lib/candid/auth/default/client.rb', line 45

def get_token(request_options: {}, **params)
  _request = Candid::Internal::JSON::Request.new(
    base_url: request_options[:base_url] || Candid::Environment::PRODUCTION,
    method: "POST",
    path: "/api/auth/v2/token",
    body: params
  )
  begin
    _response = @client.send(_request)
  rescue Net::HTTPRequestTimeout
    raise Candid::Errors::TimeoutError
  end
  code = _response.code.to_i
  if code.between?(200, 299)
    Candid::Auth::Default::Types::AuthGetTokenResponse.load(_response.body)
  else
    error_class = Candid::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(_response.body, code: code)
  end
end