Class: PusherPlatform::Authenticator

Inherits:

Object

• Object
• PusherPlatform::Authenticator

Defined in:

lib/pusher-platform/authenticator.rb

Instance Method Summary

• #authenticate(auth_payload, options) ⇒ Object
• #authenticate_with_refresh_token(auth_payload, options) ⇒ Object
• #authenticate_with_refresh_token_and_request(request, options) ⇒ Object
• #authenticate_with_request(request, options) ⇒ Object
• #generate_access_token(options) ⇒ Object
• #initialize(instance_id, key_id, key_secret) ⇒ Authenticator constructor

  A new instance of Authenticator.

Constructor Details

#initialize(instance_id, key_id, key_secret) ⇒ Authenticator

Returns a new instance of Authenticator.

# File 'lib/pusher-platform/authenticator.rb', line 11

def initialize(instance_id, key_id, key_secret)
  @instance_id = instance_id
  @key_id = key_id
  @key_secret = key_secret
  # see https://github.com/rack/rack/blob/5559676e7b5a3107d39552285ce8b714b672bde6/lib/rack/utils.rb#L27
  @query_parser = QueryParser.make_default(65536, 100)
end

Instance Method Details

#authenticate(auth_payload, options) ⇒ Object

# File 'lib/pusher-platform/authenticator.rb', line 19

def authenticate(auth_payload, options)
  grant_type = auth_payload['grant_type'] || auth_payload[:grant_type]

  unless grant_type == "client_credentials"
    return AuthenticationResponse.new({
      status: 422,
      body: {
        error: 'token_provider/invalid_grant_type',
        error_description: "The grant_type provided, #{grant_type}, is unsupported"
      }
    })
  end

  authenticate_using_client_credentials(options)
end

#authenticate_with_refresh_token(auth_payload, options) ⇒ Object

# File 'lib/pusher-platform/authenticator.rb', line 40

def authenticate_with_refresh_token(auth_payload, options)
  authenticate_based_on_grant_type(auth_payload, options)
end

#authenticate_with_refresh_token_and_request(request, options) ⇒ Object

# File 'lib/pusher-platform/authenticator.rb', line 44

def authenticate_with_refresh_token_and_request(request, options)
  auth_data = @query_parser.parse_nested_query request.body.read
  authenticate_based_on_grant_type(auth_data, options)
end

#authenticate_with_request(request, options) ⇒ Object

# File 'lib/pusher-platform/authenticator.rb', line 35

def authenticate_with_request(request, options)
  auth_data = @query_parser.parse_nested_query request.body.read
  authenticate(auth_data, options)
end

#generate_access_token(options) ⇒ Object

# File 'lib/pusher-platform/authenticator.rb', line 49

def generate_access_token(options)
  now = Time.now.utc.to_i

  claims = {
    instance: @instance_id,
    iss: "api_keys/#{@key_id}",
    iat: now,
    exp: now + TOKEN_EXPIRY
  }

  claims.merge!({ sub: options[:user_id] }) unless options[:user_id].nil?
  claims.merge!({ su: true }) if options[:su]
  claims.merge!(options[:service_claims]) if options[:service_claims]

  {
    token: JWT.encode(claims, @key_secret, 'HS256'),
    expires_in: TOKEN_EXPIRY
  }
end