Class: OmniAuth::Strategies::OpenIDConnect

Inherits:

Object

• Object
• OmniAuth::Strategies::OpenIDConnect

Extended by:

Forwardable

Includes:

OmniAuth::Strategy

Defined in:

lib/omniauth/strategies/openid_connect.rb

Defined Under Namespace

Classes: CallbackError

Instance Method Summary

• #authorization_code ⇒ Object
• #authorize_uri ⇒ Object
• #callback_phase ⇒ Object
• #client ⇒ Object
• #config ⇒ Object
• #end_session_uri ⇒ Object
• #other_phase ⇒ Object
• #public_key ⇒ Object
• #request_phase ⇒ Object
• #uid ⇒ Object

Instance Method Details

#authorization_code ⇒ Object

# File 'lib/omniauth/strategies/openid_connect.rb', line 143

def authorization_code
  params['code']
end

#authorize_uri ⇒ Object

# File 'lib/omniauth/strategies/openid_connect.rb', line 155

def authorize_uri
  client.redirect_uri = redirect_uri
  opts = {
    response_type: options.response_type,
    response_mode: options.response_mode,
    scope: options.scope,
    state: new_state,
    login_hint: params['login_hint'],
    ui_locales: params['ui_locales'],
    claims_locales: params['claims_locales'],
    prompt: options.prompt,
    nonce: (new_nonce if options.send_nonce),
    hd: options.hd,
  }
  client.authorization_uri(opts.reject { |_k, v| v.nil? })
end

#callback_phase ⇒ Object

# File 'lib/omniauth/strategies/openid_connect.rb', line 103

def callback_phase
  error = params['error_reason'] || params['error']
  error_description = params['error_description'] || params['error_reason']
  invalid_state = params['state'].to_s.empty? || params['state'] != stored_state

  raise CallbackError.new(params['error'], error_description, params['error_uri']) if error

  raise CallbackError, 'Invalid state parameter' if invalid_state

  return fail!(:missing_code, OmniAuth::OpenIDConnect::MissingCodeError.new(params['error'])) unless params['code']

  options.issuer = issuer if options.issuer.nil? || options.issuer.empty?

  decode_id_token(params['id_token'])
    .verify! issuer: options.issuer,
             client_id: client_options.identifier,
             nonce: stored_nonce

  discover!
  client.redirect_uri = redirect_uri
  client.authorization_code = authorization_code
  access_token
  super
rescue CallbackError, ::Rack::OAuth2::Client::Error => e
  fail!(:invalid_credentials, e)
rescue ::Timeout::Error, ::Errno::ETIMEDOUT => e
  fail!(:timeout, e)
rescue ::SocketError => e
  fail!(:failed_to_connect, e)
end

#client ⇒ Object

# File 'lib/omniauth/strategies/openid_connect.rb', line 89

def client
  @client ||= ::OpenIDConnect::Client.new(client_options)
end

#config ⇒ Object

# File 'lib/omniauth/strategies/openid_connect.rb', line 93

def config
  @config ||= ::OpenIDConnect::Discovery::Provider::Config.discover!(options.issuer)
end

#end_session_uri ⇒ Object

# File 'lib/omniauth/strategies/openid_connect.rb', line 147

def end_session_uri
  return unless end_session_endpoint_is_valid?

  end_session_uri = URI(client_options.end_session_endpoint)
  end_session_uri.query = encoded_post_logout_redirect_uri
  end_session_uri.to_s
end

#other_phase ⇒ Object

# File 'lib/omniauth/strategies/openid_connect.rb', line 134

def other_phase
  if logout_path_pattern.match?(current_path)
    options.issuer = issuer if options.issuer.to_s.empty?
    discover!
    return redirect(end_session_uri) if end_session_uri
  end
  call_app!
end

#public_key ⇒ Object

# File 'lib/omniauth/strategies/openid_connect.rb', line 172

def public_key
  return config.jwks if options.discovery

  key_or_secret
end

#request_phase ⇒ Object

# File 'lib/omniauth/strategies/openid_connect.rb', line 97

def request_phase
  options.issuer = issuer if options.issuer.to_s.empty?
  discover!
  redirect authorize_uri
end

#uid ⇒ Object

# File 'lib/omniauth/strategies/openid_connect.rb', line 54

def uid
  user_info.public_send(options.uid_field.to_s)
rescue NoMethodError
  log :warn, "User sub:#{user_info.sub} missing info field: #{options.uid_field}"
  user_info.sub
end