Class: OmniAuth::Strategies::Okta
- Inherits:
-
OAuth2
- Object
- OAuth2
- OmniAuth::Strategies::Okta
- Defined in:
- lib/omniauth/strategies/okta.rb
Constant Summary collapse
- DEFAULT_SCOPE =
%{openid profile email}.freeze
Instance Method Summary collapse
- #access_token ⇒ Object
-
#authorization_server_audience ⇒ String
Specifies the audience for the authorization server.
-
#authorization_server_path ⇒ String
Returns the qualified URL for the authorization server.
- #callback_url ⇒ Object
- #client_options ⇒ Object
- #oauth2_access_token ⇒ Object
- #raw_info ⇒ Object
- #validated_token(token) ⇒ Object
Instance Method Details
#access_token ⇒ Object
58 59 60 61 62 63 64 65 66 |
# File 'lib/omniauth/strategies/okta.rb', line 58 def access_token if oauth2_access_token ::OAuth2::AccessToken.new(client, oauth2_access_token.token, { refresh_token: oauth2_access_token.refresh_token, expires_in: oauth2_access_token.expires_in, expires_at: oauth2_access_token.expires_at }) end end |
#authorization_server_audience ⇒ String
Specifies the audience for the authorization server
By default, this is ‘default’. If using a custom authorization server, this will need to be set
98 99 100 |
# File 'lib/omniauth/strategies/okta.rb', line 98 def .fetch(:audience, 'default') end |
#authorization_server_path ⇒ String
Returns the qualified URL for the authorization server
This is necessary in the case where there is a custom authorization server.
Okta provides a default, by default.
85 86 87 88 89 90 |
# File 'lib/omniauth/strategies/okta.rb', line 85 def site = .fetch(:site) = .fetch(:authorization_server, 'default') "#{site}/oauth2/#{}" end |
#callback_url ⇒ Object
74 75 76 |
# File 'lib/omniauth/strategies/okta.rb', line 74 def callback_url [:redirect_uri] || (full_host + callback_path) end |
#client_options ⇒ Object
52 53 54 |
# File 'lib/omniauth/strategies/okta.rb', line 52 def .fetch(:client_options) end |
#oauth2_access_token ⇒ Object
56 |
# File 'lib/omniauth/strategies/okta.rb', line 56 alias :oauth2_access_token :access_token |
#raw_info ⇒ Object
68 69 70 71 72 |
# File 'lib/omniauth/strategies/okta.rb', line 68 def raw_info @_raw_info ||= access_token.get(.fetch(:user_info_url)).parsed || {} rescue ::Errno::ETIMEDOUT raise ::Timeout::Error end |
#validated_token(token) ⇒ Object
102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 |
# File 'lib/omniauth/strategies/okta.rb', line 102 def validated_token(token) JWT.decode(token, nil, false, verify_iss: true, verify_aud: true, iss: , aud: , verify_sub: true, verify_expiration: true, verify_not_before: true, verify_iat: true, verify_jti: false, leeway: [:jwt_leeway] ).first end |