Module: KindeSdk

Defined in:

lib/kinde_sdk.rb,
lib/kinde_sdk/client.rb,
lib/kinde_sdk/version.rb,
lib/kinde_sdk/configuration.rb,
lib/kinde_sdk/client/permissions.rb,
lib/kinde_sdk/client/feature_flags.rb

Defined Under Namespace

Classes: Client, Configuration

Constant Summary

VERSION =

"1.2.1"

Class Attribute Summary

• .config ⇒ Object

  Returns the value of attribute config.

Class Method Summary

• .api_client(bearer_token) ⇒ KindeApi::ApiClient

  init sdk api client by bearer token.

• .auth_url(redirect_uri: @config.callback_url, **kwargs) ⇒ Hash

  receive url for authorization in Kinde itself.

• .client(tokens_hash) ⇒ KindeSdk::Client

  tokens_hash #=> “expires_in”=>86399, “id_token”=>“eyJhbGciOiJSUz”, “refresh_token”=>“eyJhbGciOiJSUz”, “scope”=>“openid offline email profile”, “token_type”=>“bearer”.

• .client_credentials_access(client_id: @config.client_id, client_secret: @config.client_secret, audience: "#{@config.domain}/api") ⇒ Object
• .configure ⇒ Object
• .fetch_tokens(params_or_code, code_verifier: nil, redirect_uri: @config.callback_url) ⇒ Hash

  when callback processor receives code, it needs to be used for fetching bearer token.

• .logout_url ⇒ Object
• .refresh_token(hash) ⇒ Hash
• .token_expired?(hash) ⇒ Boolean

Class Attribute Details

.config ⇒ Object

Returns the value of attribute config.

# File 'lib/kinde_sdk.rb', line 15

def config
  @config
end

Class Method Details

.api_client(bearer_token) ⇒ KindeApi::ApiClient

init sdk api client by bearer token

# File 'lib/kinde_sdk.rb', line 107

def api_client(bearer_token)
  config = KindeApi::Configuration.default
  config.configure do |c|
    c.access_token = bearer_token
    c.host = @config.domain
    c.debugging = @config.debugging
    c.logger = @config.logger
    c.scheme = url_scheme(c.scheme)
  end

  KindeApi::ApiClient.new(config)
end

.auth_url(redirect_uri: @config.callback_url, **kwargs) ⇒ Hash

receive url for authorization in Kinde itself

# File 'lib/kinde_sdk.rb', line 30

def auth_url(redirect_uri: @config.callback_url, **kwargs)
  params = {
    redirect_uri: redirect_uri,
    state: SecureRandom.hex,
    scope: @config.scope
  }.merge(**kwargs)
  return { url: @config.oauth_client.auth_code.authorize_url(params) } unless @config.pkce_enabled

  pkce_challenge = PkceChallenge.challenge(char_length: 128)
  params.merge!(code_challenge_method: 'S256', code_challenge: pkce_challenge.code_challenge)
  {
    url: @config.oauth_client.auth_code.authorize_url(params),
    code_verifier: pkce_challenge.code_verifier
  }
end

.client(tokens_hash) ⇒ KindeSdk::Client

tokens_hash #=>

"expires_in"=>86399,
"id_token"=>"eyJhbGciOiJSUz",
"refresh_token"=>"eyJhbGciOiJSUz",
"scope"=>"openid offline email profile",
"token_type"=>"bearer"

# File 'lib/kinde_sdk.rb', line 68

def client(tokens_hash)
  sdk_api_client = api_client(tokens_hash["access_token"])
  KindeSdk::Client.new(sdk_api_client, tokens_hash, @config.auto_refresh_tokens)
end

.client_credentials_access(client_id: @config.client_id, client_secret: @config.client_secret, audience: "#{@config.domain}/api") ⇒ Object

# File 'lib/kinde_sdk.rb', line 79

def client_credentials_access(
  client_id: @config.client_id,
  client_secret: @config.client_secret,
  audience: "#{@config.domain}/api"
)
  Faraday.new(url: @config.domain) do |faraday|
    faraday.response :json
    faraday.use Faraday::FollowRedirects::Middleware
  end
    .post(@config.token_url) do |req|
    req.headers[:content_type] = 'application/x-www-form-urlencoded'
    req.body =
      "grant_type=client_credentials&client_id=#{client_id}&client_secret=#{client_secret}&audience=#{audience}"
  end.body
end

.configure ⇒ Object

# File 'lib/kinde_sdk.rb', line 17

def configure
  if block_given?
    yield(Configuration.default)
  else
    Configuration.default
  end

  @config = Configuration.default
end

.fetch_tokens(params_or_code, code_verifier: nil, redirect_uri: @config.callback_url) ⇒ Hash

when callback processor receives code, it needs to be used for fetching bearer token

# File 'lib/kinde_sdk.rb', line 49

def fetch_tokens(params_or_code, code_verifier: nil, redirect_uri: @config.callback_url)
  code = params_or_code.kind_of?(Hash) ? params.fetch("code") : params_or_code
  params = {
    redirect_uri: redirect_uri,
    headers: { 'User-Agent' => "Kinde-SDK: Ruby/#{KindeSdk::VERSION}" }
  }
  params[:code_verifier] = code_verifier if code_verifier
  @config.oauth_client.auth_code.get_token(code.to_s, params).to_hash
end

.logout_url ⇒ Object

# File 'lib/kinde_sdk.rb', line 73

def logout_url
  query = @config.logout_url ? URI.encode_www_form(redirect: @config.logout_url) : nil
  host = URI::parse(@config.domain).host
  URI::HTTP.build(host: host, path: '/logout', query: query).to_s
end

.refresh_token(hash) ⇒ Hash

# File 'lib/kinde_sdk.rb', line 100

def refresh_token(hash)
  OAuth2::AccessToken.from_hash(@config.oauth_client, hash).refresh.to_hash
end

.token_expired?(hash) ⇒ Boolean

# File 'lib/kinde_sdk.rb', line 95

def token_expired?(hash)
  OAuth2::AccessToken.from_hash(@config.oauth_client, hash).expired?
end