Module: GDS::SSO::BearerToken

Defined in:
lib/gds-sso/bearer_token.rb

Class Method Summary collapse

Class Method Details

.locate(token_string) ⇒ Object 



8
9
10
11
12
13
14
15
16
17
18
19
20
 
# File 'lib/gds-sso/bearer_token.rb', line 8

def self.locate(token_string)
  return if token_string.nil? || token_string.empty?

  user_details = GDS::SSO::Config.cache.fetch(["api-user-cache", token_string], expires_in: 5.minutes) do
    access_token = OAuth2::AccessToken.new(oauth_client, token_string)
    response_body = access_token.get("/user.json?client_id=#{CGI.escape(GDS::SSO::Config.oauth_id)}").body
    omniauth_style_response(response_body)
  end

  GDS::SSO::Config.user_klass.find_for_gds_oauth(user_details)
rescue OAuth2::Error
  nil
end

.oauth_clientObject 



22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/gds-sso/bearer_token.rb', line 22

def self.oauth_client
  @oauth_client ||= OAuth2::Client.new(
    GDS::SSO::Config.oauth_id,
    GDS::SSO::Config.oauth_secret,
    site: GDS::SSO::Config.oauth_root_url,
    connection_opts: {
      headers: {
        user_agent: "gds-sso/#{GDS::SSO::VERSION} (#{ENV['GOVUK_APP_NAME']})",
      },
    }.merge(GDS::SSO::Config.connection_opts),
  )
end

.omniauth_style_response(response_body) ⇒ Object

Our User code assumes we’re getting our user data back via omniauth and so receiving it in omniauth’s preferred structure. Here we’re addressing signon directly so we need to transform the response ourselves.



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'lib/gds-sso/bearer_token.rb', line 39

def self.omniauth_style_response(response_body)
  input = JSON.parse(response_body).fetch("user")

  {
    "uid" => input["uid"],
    "info" => {
      "email" => input["email"],
      "name" => input["name"],
    },
    "extra" => {
      "user" => {
        "permissions" => input["permissions"],
        "organisation_slug" => input["organisation_slug"],
        "organisation_content_id" => input["organisation_content_id"],
      },
    },
  }
end