Class: OmniAuth::Strategies::Okta

Inherits:
OAuth2
  • Object
show all
Defined in:
lib/omniauth/strategies/okta.rb

Constant Summary collapse

DEFAULT_SCOPE = 
%[openid profile email].freeze

Instance Method Summary collapse

Instance Method Details

#access_tokenObject 



51
52
53
54
55
56
 
# File 'lib/omniauth/strategies/okta.rb', line 51

def access_token
  ::OAuth2::AccessToken.new(client, oauth2_access_token.token, {
    :expires_in => oauth2_access_token.expires_in,
    :expires_at => oauth2_access_token.expires_at
  })
end

#callback_phaseObject 



74
75
76
 
# File 'lib/omniauth/strategies/okta.rb', line 74

def callback_phase
  super
end

#callback_urlObject 



78
79
80
 
# File 'lib/omniauth/strategies/okta.rb', line 78

def callback_url
  options[:redirect_uri] || (full_host + script_name + callback_path)
end

#oauth2_access_tokenObject 



49
 
# File 'lib/omniauth/strategies/okta.rb', line 49

alias :oauth2_access_token :access_token

#raw_infoObject 



58
59
60
61
62
63
64
65
66
67
68
 
# File 'lib/omniauth/strategies/okta.rb', line 58

def raw_info
  if options[:auth_server_id]
    options[:auth_server_id] = options[:auth_server_id] + "/"
  else
    options[:auth_server_id] = ""
  end

  @_raw_info ||= access_token.get('/oauth2/' + options[:auth_server_id] + 'v1/userinfo').parsed || {}
rescue ::Errno::ETIMEDOUT
  raise ::Timeout::Error
end

#request_phaseObject 



70
71
72
 
# File 'lib/omniauth/strategies/okta.rb', line 70

def request_phase
  super
end

#validated_token(token) ⇒ Object 



82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
# File 'lib/omniauth/strategies/okta.rb', line 82

def validated_token(token)
  JWT.decode(token,
             nil,
             false,
             verify_iss:        true,
             iss:               options[:issuer],
             verify_aud:        true,
             aud:               options[:audience],
             verify_sub:        true,
             verify_expiration: true,
             verify_not_before: true,
             verify_iat:        true,
             verify_jti:        false,
             leeway:            options[:jwt_leeway]
             ).first
end