Class: OmniAuth::Strategies::OpenIDConnect
- Inherits:
-
Object
- Object
- OmniAuth::Strategies::OpenIDConnect
- Extended by:
- Forwardable
- Includes:
- OmniAuth::Strategy
- Defined in:
- lib/omniauth/strategies/openid_connect.rb
Defined Under Namespace
Classes: CallbackError
Instance Method Summary collapse
- #authorization_code ⇒ Object
- #authorize_uri ⇒ Object
- #callback_phase ⇒ Object
- #client ⇒ Object
- #config ⇒ Object
- #end_session_uri ⇒ Object
- #other_phase ⇒ Object
- #public_key ⇒ Object
- #request_phase ⇒ Object
- #uid ⇒ Object
Instance Method Details
#authorization_code ⇒ Object
143 144 145 |
# File 'lib/omniauth/strategies/openid_connect.rb', line 143 def params['code'] end |
#authorize_uri ⇒ Object
155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/omniauth/strategies/openid_connect.rb', line 155 def client.redirect_uri = redirect_uri opts = { response_type: .response_type, response_mode: .response_mode, scope: .scope, state: new_state, login_hint: params['login_hint'], ui_locales: params['ui_locales'], claims_locales: params['claims_locales'], prompt: .prompt, nonce: (new_nonce if .send_nonce), hd: .hd, } client.(opts.reject { |_k, v| v.nil? }) end |
#callback_phase ⇒ Object
103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 |
# File 'lib/omniauth/strategies/openid_connect.rb', line 103 def callback_phase error = params['error_reason'] || params['error'] error_description = params['error_description'] || params['error_reason'] invalid_state = params['state'].to_s.empty? || params['state'] != stored_state raise CallbackError.new(params['error'], error_description, params['error_uri']) if error raise CallbackError, 'Invalid state parameter' if invalid_state return fail!(:missing_code, OmniAuth::OpenIDConnect::MissingCodeError.new(params['error'])) unless params['code'] .issuer = issuer if .issuer.nil? || .issuer.empty? decode_id_token(params['id_token']) .verify! issuer: .issuer, client_id: .identifier, nonce: stored_nonce discover! client.redirect_uri = redirect_uri client. = access_token super rescue CallbackError, ::Rack::OAuth2::Client::Error => e fail!(:invalid_credentials, e) rescue ::Timeout::Error, ::Errno::ETIMEDOUT => e fail!(:timeout, e) rescue ::SocketError => e fail!(:failed_to_connect, e) end |
#client ⇒ Object
89 90 91 |
# File 'lib/omniauth/strategies/openid_connect.rb', line 89 def client @client ||= ::OpenIDConnect::Client.new() end |
#config ⇒ Object
93 94 95 |
# File 'lib/omniauth/strategies/openid_connect.rb', line 93 def config @config ||= ::OpenIDConnect::Discovery::Provider::Config.discover!(.issuer) end |
#end_session_uri ⇒ Object
147 148 149 150 151 152 153 |
# File 'lib/omniauth/strategies/openid_connect.rb', line 147 def end_session_uri return unless end_session_endpoint_is_valid? end_session_uri = URI(.end_session_endpoint) end_session_uri.query = encoded_post_logout_redirect_uri end_session_uri.to_s end |
#other_phase ⇒ Object
134 135 136 137 138 139 140 141 |
# File 'lib/omniauth/strategies/openid_connect.rb', line 134 def other_phase if logout_path_pattern.match?(current_path) .issuer = issuer if .issuer.to_s.empty? discover! return redirect(end_session_uri) if end_session_uri end call_app! end |
#public_key ⇒ Object
172 173 174 175 176 |
# File 'lib/omniauth/strategies/openid_connect.rb', line 172 def public_key return config.jwks if .discovery key_or_secret end |
#request_phase ⇒ Object
97 98 99 100 101 |
# File 'lib/omniauth/strategies/openid_connect.rb', line 97 def request_phase .issuer = issuer if .issuer.to_s.empty? discover! redirect end |
#uid ⇒ Object
54 55 56 57 58 59 |
# File 'lib/omniauth/strategies/openid_connect.rb', line 54 def uid user_info.public_send(.uid_field.to_s) rescue NoMethodError log :warn, "User sub:#{user_info.sub} missing info field: #{.uid_field}" user_info.sub end |