Class: Rack::OAuth2::Client

Inherits:

Object

• Object
• Rack::OAuth2::Client

Includes:

AttrOptional, AttrRequired

Defined in:

lib/rack/oauth2/client.rb,
lib/rack/oauth2/client/error.rb,
lib/rack/oauth2/client/grant.rb,
lib/rack/oauth2/client/grant/password.rb,
lib/rack/oauth2/client/grant/jwt_bearer.rb,
lib/rack/oauth2/client/grant/saml2_bearer.rb,
lib/rack/oauth2/client/grant/refresh_token.rb,
lib/rack/oauth2/client/grant/token_exchange.rb,
lib/rack/oauth2/client/grant/authorization_code.rb,
lib/rack/oauth2/client/grant/client_credentials.rb

Defined Under Namespace

Classes: Error, Grant

Instance Method Summary

• #access_token!(*args) ⇒ Object
• #authorization_code=(code) ⇒ Object
• #authorization_uri(params = {}) ⇒ Object
• #force_token_type!(token_type) ⇒ Object
• #initialize(attributes = {}) ⇒ Client constructor

  A new instance of Client.

• #jwt_bearer=(assertion) ⇒ Object
• #refresh_token=(token) ⇒ Object
• #resource_owner_credentials=(credentials) ⇒ Object
• #saml2_bearer=(assertion) ⇒ Object
• #subject_token=(subject_token, subject_token_type = URN::TokenType::JWT) ⇒ Object

Constructor Details

#initialize(attributes = {}) ⇒ Client

Returns a new instance of Client.

# File 'lib/rack/oauth2/client.rb', line 8

def initialize(attributes = {})
  (required_attributes + optional_attributes).each do |key|
    self.send :"#{key}=", attributes[key]
  end
  @grant = Grant::ClientCredentials.new
  @authorization_endpoint ||= '/oauth2/authorize'
  @token_endpoint ||= '/oauth2/token'
  attr_missing!
end

Instance Method Details

#access_token!(*args) ⇒ Object

# File 'lib/rack/oauth2/client.rb', line 71

def access_token!(*args)
  headers, params = {}, @grant.as_json
  http_client = Rack::OAuth2.http_client

  # NOTE:
  #  Using Array#extract_options! for backward compatibility.
  #  Until v1.0.5, the first argument was 'client_auth_method' in scalar.
  options = args.extract_options!
  client_auth_method = args.first || options.delete(:client_auth_method).try(:to_sym) || :basic

  params[:scope] = Array(options.delete(:scope)).join(' ') if options[:scope].present?
  params.merge! options

  case client_auth_method
  when :basic
    cred = Base64.strict_encode64 [
      Util.www_form_url_encode(identifier),
      Util.www_form_url_encode(secret)
    ].join(':')
    headers.merge!(
      'Authorization' => "Basic #{cred}"
    )
  when :basic_without_www_form_urlencode
    cred = ["#{identifier}:#{secret}"].pack('m').tr("\n", '')
    headers.merge!(
      'Authorization' => "Basic #{cred}"
    )
  when :jwt_bearer
    params.merge!(
      client_assertion_type: URN::ClientAssertionType::JWT_BEARER
    )
    # NOTE: optionally auto-generate client_assertion.
    if params[:client_assertion].blank?
      require 'json/jwt'
      params[:client_assertion] = JSON::JWT.new(
        iss: identifier,
        sub: identifier,
        aud: absolute_uri_for(token_endpoint),
        jti: SecureRandom.hex(16),
        iat: Time.now,
        exp: 3.minutes.from_now
      ).sign(private_key || secret).to_s
    end
  when :saml2_bearer
    params.merge!(
      client_assertion_type: URN::ClientAssertionType::SAML2_BEARER
    )
  when :mtls
    params.merge!(
      client_id: identifier
    )
    http_client.ssl_config.client_key = private_key
    http_client.ssl_config.client_cert = certificate
  else
    params.merge!(
      client_id: identifier,
      client_secret: secret
    )
  end
  handle_response do
    http_client.post(
      absolute_uri_for(token_endpoint),
      Util.compact_hash(params),
      headers
    )
  end
end

#authorization_code=(code) ⇒ Object

# File 'lib/rack/oauth2/client.rb', line 28

def authorization_code=(code)
  @grant = Grant::AuthorizationCode.new(
    code: code,
    redirect_uri: self.redirect_uri
  )
end

#authorization_uri(params = {}) ⇒ Object

# File 'lib/rack/oauth2/client.rb', line 18

def authorization_uri(params = {})
  params[:redirect_uri] ||= self.redirect_uri
  params[:response_type] ||= :code
  params[:response_type] = Array(params[:response_type]).join(' ')
  params[:scope] = Array(params[:scope]).join(' ')
  Util.redirect_uri absolute_uri_for(authorization_endpoint), :query, params.merge(
    client_id: self.identifier
  )
end

#force_token_type!(token_type) ⇒ Object

# File 'lib/rack/oauth2/client.rb', line 67

def force_token_type!(token_type)
  @forced_token_type = token_type.to_s
end

#jwt_bearer=(assertion) ⇒ Object

# File 'lib/rack/oauth2/client.rb', line 48

def jwt_bearer=(assertion)
  @grant = Grant::JWTBearer.new(
    assertion: assertion
  )
end

#refresh_token=(token) ⇒ Object

# File 'lib/rack/oauth2/client.rb', line 42

def refresh_token=(token)
  @grant = Grant::RefreshToken.new(
    refresh_token: token
  )
end

#resource_owner_credentials=(credentials) ⇒ Object

# File 'lib/rack/oauth2/client.rb', line 35

def resource_owner_credentials=(credentials)
  @grant = Grant::Password.new(
    username: credentials.first,
    password: credentials.last
  )
end

#saml2_bearer=(assertion) ⇒ Object

# File 'lib/rack/oauth2/client.rb', line 54

def saml2_bearer=(assertion)
  @grant = Grant::SAML2Bearer.new(
    assertion: assertion
  )
end

#subject_token=(subject_token, subject_token_type = URN::TokenType::JWT) ⇒ Object

# File 'lib/rack/oauth2/client.rb', line 60

def subject_token=(subject_token, subject_token_type = URN::TokenType::JWT)
  @grant = Grant::TokenExchange.new(
    subject_token: subject_token,
    subject_token_type: subject_token_type
  )
end