Class: OmniAuth::Strategies::BaseStrategy

Inherits:

OpenIDConnect

• Object
• OpenIDConnect
• OmniAuth::Strategies::BaseStrategy

Defined in:

lib/omniauth/strategies/base_strategy.rb

Direct Known Subclasses

NitroId, TempoId

Defined Under Namespace

Classes: APIError, ClientCredentialsError

Class Method Summary

• .decode_logout_token(token) ⇒ Object
• .fetch_jwks ⇒ Object
• .introspect_token(token, api_key) ⇒ Object

Instance Method Summary

• #client ⇒ Object
• #public_key ⇒ Object

Class Method Details

.decode_logout_token(token) ⇒ Object

# File 'lib/omniauth/strategies/base_strategy.rb', line 29

def self.decode_logout_token(token)
  jwks = fetch_jwks
  JSON::JWT.decode(token, jwks)
end

.fetch_jwks ⇒ Object

# File 'lib/omniauth/strategies/base_strategy.rb', line 34

def self.fetch_jwks
  key = ::OpenIDConnect.http_client.get("#{default_options[:issuer]}/.well-known/jwks.json").body
  json = key.is_a?(String) ? JSON.parse(key) : key
  return JSON::JWK::Set.new(json["keys"]) if json.key?("keys")

  JSON::JWK.new(json)
end

.introspect_token(token, api_key) ⇒ Object

Raises:

• (APIError)

# File 'lib/omniauth/strategies/base_strategy.rb', line 42

def self.introspect_token(token, api_key)
  options = {
    header: { Authorization: api_key },
    body: { token: token },
  }

  response = ::OpenIDConnect.http_client.post("#{default_options[:issuer]}/api/tokens/introspect", **options)

  raise APIError, "#{default_options[:name]} error: #{response.status}" if response.status.to_i >= 400

  JSON.parse(response.body)
end

Instance Method Details

#client ⇒ Object

# File 'lib/omniauth/strategies/base_strategy.rb', line 22

def client
  super
rescue AttrRequired::AttrMissing
  raise ClientCredentialsError,
        "#{options[:name].camelize} client credentials not found. Please check your environment."
end

#public_key ⇒ Object

# File 'lib/omniauth/strategies/base_strategy.rb', line 12

def public_key
  @public_key ||= if options.discovery
                    config.jwks
                  elsif key_or_secret
                    key_or_secret
                  elsif client_options.jwks_uri
                    fetch_key
                  end
end