Class: Rack::OAuth2::AssertionProfile
- Inherits:
-
Auth::AbstractHandler
- Object
- Auth::AbstractHandler
- Rack::OAuth2::AssertionProfile
- Defined in:
- lib/rack/oauth2/assertion_profile.rb
Overview
Rack::OAuth2::AssertionProfile implements the Assertion Profile for generating authorization tokens as per draft-ieft-oauth. This is a preliminary version based on the Apr 16, 2010 working standard developed by the IETF.
Initialize with the Rack application that will work as Authorization Server, and a set of parameters that enables specific checks. The only mandatory parameter is :shared_secret which is required for HMAC-SHA256 processing.
Defined Under Namespace
Classes: Request
Instance Method Summary collapse
-
#call(env) ⇒ Object
Authorizes the request and generates the _access token_ on the body, signed with the shared key (passed as c’tor parameter), as a successful response of the token processing.
-
#initialize(app, opts = {}) ⇒ AssertionProfile
constructor
Creates a new instance of Rack::OAuth2::Provider, the opts are required.
-
#token_builder ⇒ Object
Singleton instance of the SimpleWebTokenBuilder.
Constructor Details
#initialize(app, opts = {}) ⇒ AssertionProfile
Creates a new instance of Rack::OAuth2::Provider, the opts are required
19 20 21 22 |
# File 'lib/rack/oauth2/assertion_profile.rb', line 19 def initialize(app, opts = {}) @app = app @opts = opts end |
Instance Method Details
#call(env) ⇒ Object
Authorizes the request and generates the _access token_ on the body, signed with the shared key (passed as c’tor parameter), as a successful response of the token processing.
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
# File 'lib/rack/oauth2/assertion_profile.rb', line 27 def call(env) request = Request.new(env) if (request.assertion_profile? && request.format == :saml) InformationCard::Config.audience_scope, InformationCard::Config.audiences = :site, [@opts[:scope]] token = InformationCard::SamlToken.create(request.token) unless token.valid? return [400, {'Content-Type' => "application/x-www-form-urlencoded"}, "error=unauthorized_client"] end # conver the received claims into SWT swt = token_builder.build(token.claims) return [200, {'Content-Type' => "application/x-www-form-urlencoded"}, "access_token=#{CGI.escape(swt)}"] end return @app.call(env) end |
#token_builder ⇒ Object
Singleton instance of the SimpleWebTokenBuilder
see alse: SimpleWebToken::SimpleWebTokenBuilder
49 50 51 |
# File 'lib/rack/oauth2/assertion_profile.rb', line 49 def token_builder @token_builder ||= SimpleWebToken::SimpleWebTokenBuilder.new(@opts) end |