Class: OmniAuth::Strategies::OpenIDConnect

Inherits:

Object

• Object
• OmniAuth::Strategies::OpenIDConnect

Includes:

OmniAuth::Strategy

Defined in:

lib/omniauth/strategies/openid_connect.rb

Defined Under Namespace

Classes: CallbackError

Instance Method Summary

• #authorization_code ⇒ Object
• #authorize_uri ⇒ Object
• #callback_phase ⇒ Object
• #client ⇒ Object
• #config ⇒ Object
• #public_key ⇒ Object
• #request_phase ⇒ Object

Instance Method Details

#authorization_code ⇒ Object

# File 'lib/omniauth/strategies/openid_connect.rb', line 114

def authorization_code
  request.params["code"]
end

#authorize_uri ⇒ Object

# File 'lib/omniauth/strategies/openid_connect.rb', line 118

def authorize_uri
  client.redirect_uri = client_options.redirect_uri
  opts = {
      response_type: options.response_type,
      scope: options.scope,
      state: new_state,
      nonce: (new_nonce if options.send_nonce),
      hd: options.hd,
  }
  client.authorization_uri(opts.reject{|k,v| v.nil?})
end

#callback_phase ⇒ Object

# File 'lib/omniauth/strategies/openid_connect.rb', line 89

def callback_phase
  error = request.params['error_reason'] || request.params['error']
  if error
    raise CallbackError.new(request.params['error'], request.params['error_description'] || request.params['error_reason'], request.params['error_uri'])
  elsif request.params['state'].to_s.empty? || request.params['state'] != stored_state
    return Rack::Response.new(['401 Unauthorized'], 401).finish
  elsif !request.params["code"]
    return fail!(:missing_code, OmniAuth::OpenIDConnect::MissingCodeError.new(request.params["error"]))
  else
    options.issuer = issuer if options.issuer.blank?
    discover! if options.discovery
    client.redirect_uri = client_options.redirect_uri
    client.authorization_code = authorization_code
    access_token
    super
  end
rescue CallbackError => e
  fail!(:invalid_credentials, e)
rescue ::Timeout::Error, ::Errno::ETIMEDOUT => e
  fail!(:timeout, e)
rescue ::SocketError => e
  fail!(:failed_to_connect, e)
end

#client ⇒ Object

# File 'lib/omniauth/strategies/openid_connect.rb', line 75

def client
  @client ||= ::OpenIDConnect::Client.new(client_options)
end

#config ⇒ Object

# File 'lib/omniauth/strategies/openid_connect.rb', line 79

def config
  @config ||= ::OpenIDConnect::Discovery::Provider::Config.discover!(options.issuer)
end

#public_key ⇒ Object

# File 'lib/omniauth/strategies/openid_connect.rb', line 130

def public_key
  if options.discovery
    config.jwks
  else
    key_or_secret
  end
end

#request_phase ⇒ Object

# File 'lib/omniauth/strategies/openid_connect.rb', line 83

def request_phase
  options.issuer = issuer if options.issuer.blank?
  discover! if options.discovery
  redirect authorize_uri
end