Class: Rack::OAuth2::AssertionProfile

Inherits:

Auth::AbstractHandler

Object
Auth::AbstractHandler
Rack::OAuth2::AssertionProfile

Defined in:: lib/rack/oauth2/assertion_profile.rb

Overview

Rack::OAuth2::AssertionProfile implements the Assertion Profile for generating authorization tokens as per draft-ieft-oauth. This is a preliminary version based on the Apr 16, 2010 working standard developed by the IETF.

Initialize with the Rack application that will work as Authorization Server, and a set of parameters that enables specific checks. The only mandatory parameter is :shared_secret which is required for HMAC-SHA256 processing.

Defined Under Namespace

Classes: Request

Instance Method Summary collapse

#call(env) ⇒ Object

Authorizes the request and generates the _access token_ on the body, signed with the shared key (passed as c’tor parameter), as a successful response of the token processing.
#initialize(app, opts = {}) ⇒ AssertionProfile constructor

Creates a new instance of Rack::OAuth2::Provider, the opts are required.
#token_builder ⇒ Object

Singleton instance of the SimpleWebTokenBuilder.

Constructor Details

#initialize(app, opts = {}) ⇒ `AssertionProfile`

Creates a new instance of Rack::OAuth2::Provider, the opts are required

# File 'lib/rack/oauth2/assertion_profile.rb', line 19

def initialize(app, opts = {})
  @app = app
  @opts = opts
end

Instance Method Details

#call(env) ⇒ `Object`

Authorizes the request and generates the _access token_ on the body, signed with the shared key (passed as c’tor parameter), as a successful response of the token processing.

# File 'lib/rack/oauth2/assertion_profile.rb', line 27

def call(env)
  request = Request.new(env)
  
  if (request.assertion_profile? && request.format == :saml)
    InformationCard::Config.audience_scope,  InformationCard::Config.audiences = :site, [@opts[:scope]]
    token = InformationCard::SamlToken.create(request.token)
    
    unless token.valid?
      return [400, {'Content-Type' => "application/x-www-form-urlencoded"}, "error=unauthorized_client"] 
    end 
    
    # conver the received claims into SWT
    swt = token_builder.build(token.claims)
    return [200, {'Content-Type' => "application/x-www-form-urlencoded"}, "access_token=#{CGI.escape(swt)}"]
  end
  
  return @app.call(env)
end

#token_builder ⇒ `Object`

Singleton instance of the SimpleWebTokenBuilder

see alse: SimpleWebToken::SimpleWebTokenBuilder



49
50
51

# File 'lib/rack/oauth2/assertion_profile.rb', line 49

def token_builder
  @token_builder ||= SimpleWebToken::SimpleWebTokenBuilder.new(@opts)
end