Class: OCI::Auth::FederationClient

Inherits:

Object

Object
OCI::Auth::FederationClient

show all

Defined in:: lib/oci/auth/federation_client.rb

Overview

A client which can be used to retrieve a token from Auth Service. It needs the following supplied to it:

* The endpoint for Auth Service
* Our tenancy OCID
* A session key supplier so that we can send its public key as part of the token request. The private key in the session key supplier should be used to sign all requests made with the token
* The certificate (via leaf_certificate_supplier) which will be used to sign the requests to Auth Service.

Optionally, intermediate certificates (if present) can be supplied as part of the request to Auth Service.

The client has knowledge of its last requested token and can re-request the token if it is expired (otherwise it will vend the last requested token if it is not expired).

Instance Attribute Summary collapse

#session_key_supplier ⇒ OCI::Auth::SessionKeySupplier readonly

A supplier which vends a private and public key for signing token requests to Auth Service.

Instance Method Summary collapse

#initialize(federation_endpoint, tenancy_id, session_key_supplier, leaf_certificate_supplier, intermediate_certificate_suppliers: [], cert_bundle_path: nil) ⇒ FederationClient constructor

Creates a new FederationClient.
#security_token ⇒ String

Retrieves the security token held by the client.
#security_token! ⇒ String

Retrieves a security token, but always asks Auth Service for a new token, regardless of whether or not the previously requested token is still valid.

Constructor Details

#initialize(federation_endpoint, tenancy_id, session_key_supplier, leaf_certificate_supplier, intermediate_certificate_suppliers: [], cert_bundle_path: nil) ⇒ `FederationClient`

Creates a new FederationClient

# File 'lib/oci/auth/federation_client.rb', line 38

def initialize(federation_endpoint, tenancy_id, session_key_supplier, leaf_certificate_supplier, intermediate_certificate_suppliers: [], cert_bundle_path: nil)
  @federation_endpoint = federation_endpoint
  uri = URI(@federation_endpoint)
  @federation_http_client = Net::HTTP.new(uri.hostname, uri.port)
  @federation_http_client.use_ssl = (uri.scheme == 'https')
  @federation_http_client.ca_file = cert_bundle_path if cert_bundle_path

  @tenancy_id = tenancy_id
  @session_key_supplier = session_key_supplier
  @leaf_certificate_supplier = leaf_certificate_supplier
  @intermediate_certificate_suppliers = intermediate_certificate_suppliers

  @refresh_lock = Mutex.new
  @security_token = nil
end

Instance Attribute Details

#session_key_supplier ⇒ `OCI::Auth::SessionKeySupplier` (readonly)

A supplier which vends a private and public key for signing token requests to Auth Service. The public key will be sent as part of the token request and the private key should be used to sign all requests made with the token vended by this client



28
29
30

# File 'lib/oci/auth/federation_client.rb', line 28

def session_key_supplier
  @session_key_supplier
end

Instance Method Details

#security_token ⇒ `String`

Retrieves the security token held by the client. If the previously retrieved token is still valid, it is vended rather than making another request

# File 'lib/oci/auth/federation_client.rb', line 64

def security_token
  return @security_token.security_token if @security_token && @security_token.token_valid?
  refresh_security_token_inner
end

#security_token! ⇒ `String`

Retrieves a security token, but always asks Auth Service for a new token, regardless of whether or not the previously requested token is still valid



57
58
59

# File 'lib/oci/auth/federation_client.rb', line 57

def security_token!
  refresh_security_token_inner
end