Class: OmniAuth::Strategies::KeycloakOpenId
- Inherits:
-
OAuth2
- Object
- OAuth2
- OmniAuth::Strategies::KeycloakOpenId
show all
- Defined in:
- lib/omniauth/strategies/keycloak-openid.rb
Defined Under Namespace
Classes: ConfigurationError, Error, IntegrationError
Instance Attribute Summary collapse
Instance Method Summary
collapse
Instance Attribute Details
#authorize_url ⇒ Object
Returns the value of attribute authorize_url.
14
15
16
|
# File 'lib/omniauth/strategies/keycloak-openid.rb', line 14
def authorize_url
@authorize_url
end
|
#certs ⇒ Object
Returns the value of attribute certs.
16
17
18
|
# File 'lib/omniauth/strategies/keycloak-openid.rb', line 16
def certs
@certs
end
|
#token_url ⇒ Object
Returns the value of attribute token_url.
15
16
17
|
# File 'lib/omniauth/strategies/keycloak-openid.rb', line 15
def token_url
@token_url
end
|
Instance Method Details
#auth_url_base ⇒ Object
67
68
69
70
71
72
73
|
# File 'lib/omniauth/strategies/keycloak-openid.rb', line 67
def auth_url_base
return '/auth' unless options.client_options[:base_url]
base_url = options.client_options[:base_url]
return base_url if (base_url == '' || base_url[0] == '/')
raise ConfigurationError, "Keycloak base_url option should start with '/'. Current value: #{base_url}"
end
|
#build_access_token ⇒ Object
92
93
94
95
96
97
98
|
# File 'lib/omniauth/strategies/keycloak-openid.rb', line 92
def build_access_token
verifier = request.params["code"]
client.auth_code.get_token(verifier,
{:redirect_uri => callback_url.gsub(/\?.+\Z/, "")}
.merge(token_params.to_hash(:symbolize_keys => true)),
deep_symbolize(options.auth_token_params))
end
|
#log_config(config_json) ⇒ Object
82
83
84
85
86
87
88
89
90
|
# File 'lib/omniauth/strategies/keycloak-openid.rb', line 82
def log_config(config_json)
log_keycloak_config = options.client_options.fetch(:log_keycloak_config, false)
log :debug, "Successfully got Keycloak config"
log :debug, "Keycloak config: #{config_json}" if log_keycloak_config
log :debug, "Certs endpoint: #{@certs_endpoint}"
log :debug, "Userinfo endpoint: #{@userinfo_endpoint}"
log :debug, "Authorize url: #{@authorize_url}"
log :debug, "Token url: #{@token_url}"
end
|
#prevent_site_option_mistake ⇒ Object
75
76
77
78
79
80
|
# File 'lib/omniauth/strategies/keycloak-openid.rb', line 75
def prevent_site_option_mistake
site = options.client_options[:site]
return unless site =~ /\/auth$/
raise ConfigurationError, "Keycloak site parameter should not include /auth part, only domain. Current value: #{site}"
end
|
#raw_info ⇒ Object
118
119
120
121
122
123
|
# File 'lib/omniauth/strategies/keycloak-openid.rb', line 118
def raw_info
id_token_string = access_token.token
jwks = JSON::JWK::Set.new(@certs)
id_token = JSON::JWT.decode id_token_string, jwks
id_token
end
|
#setup_phase ⇒ Object
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
# File 'lib/omniauth/strategies/keycloak-openid.rb', line 18
def setup_phase
super
if @authorize_url.nil? || @token_url.nil?
prevent_site_option_mistake
realm = options.client_options[:realm].nil? ? options.client_id : options.client_options[:realm]
site = options.client_options[:site]
raise_on_failure = options.client_options.fetch(:raise_on_failure, false)
config_url = URI.join(site, "#{auth_url_base}/realms/#{realm}/.well-known/openid-configuration")
log :debug, "Going to get Keycloak configuration. URL: #{config_url}"
response = Faraday.get config_url
if (response.status == 200)
json = MultiJson.load(response.body)
@certs_endpoint = json["jwks_uri"]
@userinfo_endpoint = json["userinfo_endpoint"]
@authorize_url = URI(json["authorization_endpoint"]).path
@token_url = URI(json["token_endpoint"]).path
log_config(json)
options.client_options.merge!({
authorize_url: @authorize_url,
token_url: @token_url
})
log :debug, "Going to get certificates. URL: #{@certs_endpoint}"
certs = Faraday.get @certs_endpoint
if (certs.status == 200)
json = MultiJson.load(certs.body)
@certs = json["keys"]
log :debug, "Successfully got certificate. Certificate length: #{@certs.length}"
else
message = "Coundn't get certificate. URL: #{@certs_endpoint}"
log :error, message
raise IntegrationError, message if raise_on_failure
end
else
message = "Keycloak configuration request failed with status: #{response.status}. " \
"URL: #{config_url}"
log :error, message
raise IntegrationError, message if raise_on_failure
end
end
end
|