Class: KindeSdk::AuthController

Inherits:

ActionController::Base

• Object
• ActionController::Base
• KindeSdk::AuthController

Includes:

AuthHelper

Defined in:

app/controllers/kinde_sdk/auth_controller.rb

Overview

AuthController handles all authentication-related actions for the Kinde SDK including OAuth2 flows, token management, and session handling

Instance Method Summary

• #auth ⇒ void

  Initiates the OAuth2 authorization flow Generates a secure nonce and redirects to Kinde’s authorization endpoint.

• #callback ⇒ void

  Handles the OAuth2 callback from Kinde Validates the response, exchanges code for tokens, and sets up the session.

• #client_credentials_auth ⇒ void

  Handles machine-to-machine (M2M) authentication using client credentials Stores the access token in Redis for subsequent API calls.

• #logout ⇒ void

  Initiates the logout process by redirecting to Kinde’s logout endpoint.

• #logout_callback ⇒ void

  Handles the callback after successful logout.

• #refresh_token ⇒ void

  Refreshes the access token using the refresh token.

Methods included from AuthHelper

#get_client, #logged_in?, #refresh_session_tokens, #session_present_in?, #set_session_tokens, #token_expired?

Instance Method Details

#auth ⇒ void

This method returns an undefined value.

Initiates the OAuth2 authorization flow Generates a secure nonce and redirects to Kinde’s authorization endpoint

# File 'app/controllers/kinde_sdk/auth_controller.rb', line 20

def auth
  # Generate a secure random nonce for CSRF protection
  nonce = SecureRandom.urlsafe_base64(16)
  
  # Get authorization URL and PKCE code verifier from SDK
  auth_data = KindeSdk.auth_url(nonce: nonce)
  
  # Store PKCE code verifier and nonce in session for validation
  session[:code_verifier] = auth_data[:code_verifier] if auth_data[:code_verifier].present?
  session[:auth_nonce] = nonce
  session[:auth_state] = {
    requested_at: Time.current.to_i,
    redirect_url: auth_data[:url],
    # Only allow reauth-leniency when reauth_state was provided
    supports_reauth: params[:reauth_state].present?
  }
  
  redirect_to auth_data[:url], allow_other_host: true
rescue StandardError => e
  handle_error("Auth initialization failed", e)
end

#callback ⇒ void

This method returns an undefined value.

Handles the OAuth2 callback from Kinde Validates the response, exchanges code for tokens, and sets up the session

# File 'app/controllers/kinde_sdk/auth_controller.rb', line 45

def callback
  # Handle reauth errors first
  if handle_reauth_error
    return
  end

  tokens = fetch_and_validate_tokens
  return if performed?

  # Store tokens and user information in session
  set_session_tokens(tokens)
  
  # Clean up temporary auth session data
  clear_auth_session
  
  redirect_to "/"
rescue StandardError => e
  handle_error("Authentication callback failed", e)
end

#client_credentials_auth ⇒ void

This method returns an undefined value.

Handles machine-to-machine (M2M) authentication using client credentials Stores the access token in Redis for subsequent API calls

# File 'app/controllers/kinde_sdk/auth_controller.rb', line 68

def client_credentials_auth
  result = KindeSdk.client_credentials_access(
    client_id: ENV["KINDE_MANAGEMENT_CLIENT_ID"],
    client_secret: ENV["KINDE_MANAGEMENT_CLIENT_SECRET"]
  )
  
  if result["error"].present?
    raise result["error"]
  end
  
  # Store M2M token in Redis with expiration
  $redis.set("kinde_m2m_token", result["access_token"], ex: result["expires_in"].to_i)
  redirect_to mgmt_path
rescue StandardError => e
  handle_error("Client credentials authentication failed", e)
end

#logout ⇒ void

This method returns an undefined value.

Initiates the logout process by redirecting to Kinde’s logout endpoint

# File 'app/controllers/kinde_sdk/auth_controller.rb', line 101

def logout
  # Ensure we have a valid logout URL configured
  unless KindeSdk.config.logout_url.present?
    redirect_with_error("Logout URL not configured")
    return
  end

  # Get the logout URL with our callback URL
  logout_url = KindeSdk.logout_url(
    logout_url: KindeSdk.config.logout_url,
    domain: KindeSdk.config.domain
  )

  # Clear local session before redirecting to Kinde
  session.delete(:kinde_token_store)
  session.delete(:kinde_user)
  clear_auth_session

  # Redirect to Kinde's logout endpoint
  redirect_to logout_url, allow_other_host: true
rescue StandardError => e
  handle_error("Logout initialization failed", e)
end

#logout_callback ⇒ void

This method returns an undefined value.

Handles the callback after successful logout

# File 'app/controllers/kinde_sdk/auth_controller.rb', line 127

def logout_callback
  # Session is already cleared in logout method
  # Just redirect to home page
  redirect_to "/"
end

#refresh_token ⇒ void

This method returns an undefined value.

Refreshes the access token using the refresh token

# File 'app/controllers/kinde_sdk/auth_controller.rb', line 87

def refresh_token
  return redirect_with_error("No valid session found") unless session[:kinde_token_store].present?

  if refresh_session_tokens
    redirect_to "/"
  else
    redirect_with_error("Failed to refresh token")
  end
rescue StandardError => e
  handle_error("Token refresh failed", e)
end