Class: OAuth2::Authenticator

Inherits:

Object

• Object
• OAuth2::Authenticator

Includes:

FilteredAttributes

Defined in:

lib/oauth2/authenticator.rb

Overview

Builds and applies client authentication to token and revoke requests.

Depending on the selected mode, credentials are applied as Basic Auth headers, request body parameters, or only the client_id is sent (TLS).

Instance Attribute Summary

• #id ⇒ Symbol, ... readonly
• #mode ⇒ Symbol, ... readonly
• #secret ⇒ Symbol, ... readonly

Class Method Summary

• .encode_basic_auth(user, password) ⇒ String

  Encodes a Basic Authorization header value for the provided credentials.

Instance Method Summary

• #apply(params) ⇒ Hash

  Apply the request credentials used to authenticate to the Authorization Server.

• #initialize(id, secret, mode) ⇒ Authenticator constructor

  Create a new Authenticator.

Methods included from FilteredAttributes

included, #inspect

Constructor Details

#initialize(id, secret, mode) ⇒ Authenticator

Create a new Authenticator

Parameters:

• id (String, nil) —

  Client identifier

• secret (String, nil) —

  Client secret

• mode (Symbol, String) —

  Authentication mode

# File 'lib/oauth2/authenticator.rb', line 24

def initialize(id, secret, mode)
  @id = id
  @secret = secret
  @mode = mode
end

Instance Attribute Details

#id ⇒ Symbol, ... (readonly)

Returns:

• (Symbol, String) —

  Authentication mode (e.g., :basic_auth, :request_body, :tls_client_auth, :private_key_jwt)

• (String, nil) —

  Client identifier

• (String, nil) —

  Client secret (filtered in inspected output)

# File 'lib/oauth2/authenticator.rb', line 16

def id
  @id
end

#mode ⇒ Symbol, ... (readonly)

Returns:

• (Symbol, String) —

  Authentication mode (e.g., :basic_auth, :request_body, :tls_client_auth, :private_key_jwt)

• (String, nil) —

  Client identifier

• (String, nil) —

  Client secret (filtered in inspected output)

# File 'lib/oauth2/authenticator.rb', line 16

def mode
  @mode
end

#secret ⇒ Symbol, ... (readonly)

Returns:

• (Symbol, String) —

  Authentication mode (e.g., :basic_auth, :request_body, :tls_client_auth, :private_key_jwt)

• (String, nil) —

  Client identifier

• (String, nil) —

  Client secret (filtered in inspected output)

# File 'lib/oauth2/authenticator.rb', line 16

def secret
  @secret
end

Class Method Details

.encode_basic_auth(user, password) ⇒ String

Encodes a Basic Authorization header value for the provided credentials.

Parameters:

• user (String) —

  The client identifier

• password (String) —

  The client secret

Returns:

• (String) —

  The value to use for the Authorization header

# File 'lib/oauth2/authenticator.rb', line 59

def self.encode_basic_auth(user, password)
  "Basic #{Base64.strict_encode64("#{user}:#{password}")}"
end

Instance Method Details

#apply(params) ⇒ Hash

Apply the request credentials used to authenticate to the Authorization Server

Depending on the configuration, this might be as request params or as an Authorization header.

User-provided params and header take precedence.

Parameters:

• params (Hash) —

  a Hash of params for the token endpoint

Returns:

• (Hash) —

  params amended with appropriate authentication details

# File 'lib/oauth2/authenticator.rb', line 39

def apply(params)
  case mode.to_sym
  when :basic_auth
    apply_basic_auth(params)
  when :request_body
    apply_params_auth(params)
  when :tls_client_auth
    apply_client_id(params)
  when :private_key_jwt
    params
  else
    raise NotImplementedError
  end
end