Module: SignInService::Client::Session

Included in:

SignInService::Client

Defined in:

lib/sign_in_service/client/session.rb

Constant Summary

LOGOUT_PATH =

'/v0/sign_in/logout'

REFRESH_PATH =

'/v0/sign_in/refresh'

REVOKE_PATH =

'/v0/sign_in/revoke'

REVOKE_ALL_PATH =

'/v0/sign_in/revoke_all_sessions'

Instance Method Summary

• #logout(access_token:, anti_csrf_token: nil) ⇒ Faraday::Response

  Destroys the user session associated with the access token.

• #refresh_token(refresh_token:, anti_csrf_token: nil) ⇒ Faraday::Response

  Refresh session tokens.

• #revoke_all_sessions(access_token:) ⇒ Faraday::Response

  Revokes all sessions associated with a user.

• #revoke_token(refresh_token:, anti_csrf_token:) ⇒ Faraday::Response

  Revokes a user session.

Instance Method Details

#logout(access_token:, anti_csrf_token: nil) ⇒ Faraday::Response

Destroys the user session associated with the access token.

Parameters:

• access_token (String) —

  Access token of session to logout of

• anti_csrf_token (String) (defaults to: nil) —

  Optional token if enabled on client

Returns:

• (Faraday::Response) —

  Empty body with a 200 status

# File 'lib/sign_in_service/client/session.rb', line 19

def logout(access_token:, anti_csrf_token: nil)
  connection.get(LOGOUT_PATH) do |req|
    req.params[:client_id] = client_id
    if cookie_auth?
      req.headers = cookie_header({ access_token:, anti_csrf_token: })
    else
      req.params[:anti_csrf_token] = anti_csrf_token
      req.headers = api_header(access_token)
    end
  end
end

#refresh_token(refresh_token:, anti_csrf_token: nil) ⇒ Faraday::Response

Refresh session tokens

Parameters:

• refresh_token (String) —

  URI-encoded refresh token

• anti_csrf_token (String) (defaults to: nil) —

  Optional token if enabled on client

Returns:

• (Faraday::Response) —

  Response with tokens in header or body

# File 'lib/sign_in_service/client/session.rb', line 39

def refresh_token(refresh_token:, anti_csrf_token: nil)
  connection.post(REFRESH_PATH) do |req|
    if cookie_auth?
      req.headers = cookie_header({ refresh_token:, anti_csrf_token: })
    else
      req.params[:refresh_token] = refresh_token
      req.params[:anti_csrf_token] = anti_csrf_token if anti_csrf_token
    end
  end
end

#revoke_all_sessions(access_token:) ⇒ Faraday::Response

Revokes all sessions associated with a user

Parameters:

• access_token (String) —

  Access token of session

Returns:

• (Faraday::Response) —

  Empty body with a 200 status

# File 'lib/sign_in_service/client/session.rb', line 72

def revoke_all_sessions(access_token:)
  connection.get(REVOKE_ALL_PATH) do |req|
    req.headers = if cookie_auth?
                    cookie_header({ access_token: })
                  else
                    api_header(access_token)
                  end
  end
end

#revoke_token(refresh_token:, anti_csrf_token:) ⇒ Faraday::Response

Revokes a user session

Parameters:

• refresh_token (String) —

  URI-encoded refresh token

• anti_csrf_token (String) —

  Optional token if enabled on client

Returns:

• (Faraday::Response) —

  Empty body with a 200 status

# File 'lib/sign_in_service/client/session.rb', line 58

def revoke_token(refresh_token:, anti_csrf_token:)
  connection.post(REVOKE_PATH) do |req|
    req.params[:refresh_token] = CGI.escape(refresh_token)
    req.params[:anti_csrf_token] = CGI.escape(anti_csrf_token)
  end
end