Class: Signet::OAuth2::Client
- Inherits:
-
Object
- Object
- Signet::OAuth2::Client
- Defined in:
- lib/signet/oauth_2/client.rb
Instance Attribute Summary collapse
-
#sub ⇒ Object
The target “sub” when issuing assertions.
Instance Method Summary collapse
-
#access_token ⇒ String
Returns the access token associated with this client.
-
#access_token=(new_access_token) ⇒ Object
Sets the access token associated with this client.
-
#additional_parameters ⇒ Hash
Returns the set of additional (non standard) parameters to be used by the client.
-
#additional_parameters=(new_additional_parameters) ⇒ Object
Sets additional (non standard) parameters to be used by the client.
-
#audience ⇒ String
Returns the issuer ID associated with this client.
-
#audience=(new_audience) ⇒ Object
Sets the target audience ID when issuing assertions.
-
#authorization_uri(options = {}) ⇒ Addressable::URI
Returns the authorization URI that the user should be redirected to.
-
#authorization_uri=(new_authorization_uri) ⇒ Object
Sets the authorization URI for this client.
-
#clear_credentials! ⇒ Object
Removes all credentials from the client.
-
#client_id ⇒ String
Returns the client identifier for this client.
-
#client_id=(new_client_id) ⇒ Object
Sets the client identifier for this client.
-
#client_secret ⇒ String
Returns the client secret for this client.
-
#client_secret=(new_client_secret) ⇒ Object
Sets the client secret for this client.
-
#code ⇒ String
Returns the authorization code issued to this client.
-
#code=(new_code) ⇒ Object
Sets the authorization code issued to this client.
-
#coerce_uri(incoming_uri) ⇒ Object
Addressable expects URIs formatted as hashes to come in with symbols as keys.
-
#decoded_id_token(public_key = nil) ⇒ String
Returns the decoded ID token associated with this client.
-
#expired? ⇒ TrueClass, FalseClass
Returns true if the access token has expired.
-
#expires_at ⇒ Integer
Returns the timestamp the access token will expire at.
-
#expires_at=(new_expires_at) ⇒ Object
Limits the lifetime of the access token as number of seconds since the Epoch.
-
#expires_in ⇒ Integer
Returns the lifetime of the access token in seconds.
-
#expires_in=(new_expires_in) ⇒ Object
Sets the lifetime of the access token in seconds.
-
#expiry ⇒ Fixnum
Returns the number of seconds assertions are valid for Used only by the assertion grant type.
-
#expiry=(new_expiry) ⇒ Object
Sets the number of seconds assertions are valid for Used only by the assertion grant type.
-
#extension_parameters ⇒ Hash
Returns the set of extension parameters used by the client.
-
#extension_parameters=(new_extension_parameters) ⇒ Object
Sets extension parameters used by the client.
- #fetch_access_token(options = {}) ⇒ Object
- #fetch_access_token!(options = {}) ⇒ Object
-
#fetch_protected_resource(options = {}) ⇒ Array
Transmits a request for a protected resource.
-
#generate_access_token_request(options = {}) ⇒ Array
Generates a request for token credentials.
-
#generate_authenticated_request(options = {}) ⇒ Faraday::Request
Generates an authenticated request for protected resources.
-
#grant_type ⇒ String
Returns the inferred grant type, based on the current state of the client object.
- #grant_type=(new_grant_type) ⇒ Object
-
#id_token ⇒ String
Returns the ID token associated with this client.
-
#id_token=(new_id_token) ⇒ Object
Sets the ID token associated with this client.
-
#initialize(options = {}) ⇒ Client
constructor
Creates an OAuth 2.0 client.
-
#issued_at ⇒ Integer
Returns the timestamp the access token was issued at.
-
#issued_at=(new_issued_at) ⇒ Object
Sets the timestamp the access token was issued at.
-
#issuer ⇒ String
Returns the issuer ID associated with this client.
-
#issuer=(new_issuer) ⇒ Object
Sets the issuer ID associated with this client.
-
#password ⇒ String
Returns the password associated with this client.
-
#password=(new_password) ⇒ Object
Sets the password associated with this client.
-
#principal ⇒ String
(also: #person)
Returns the target resource owner for impersonation.
-
#principal=(new_person) ⇒ Object
(also: #person=)
Sets the target resource owner for impersonation.
-
#redirect_uri ⇒ String
Returns the redirect URI for this client.
-
#redirect_uri=(new_redirect_uri) ⇒ Object
Sets the redirect URI for this client.
-
#refresh!(options = {}) ⇒ Object
Refresh the access token, if possible.
-
#refresh_token ⇒ String
Returns the refresh token associated with this client.
-
#refresh_token=(new_refresh_token) ⇒ Object
Sets the refresh token associated with this client.
-
#scope ⇒ Array
Returns the scope for this client.
-
#scope=(new_scope) ⇒ Object
Sets the scope for this client.
-
#signing_algorithm ⇒ String
Algorithm used for signing JWTs.
-
#signing_key ⇒ String, OpenSSL::PKey
Returns the signing key associated with this client.
-
#signing_key=(new_key) ⇒ Object
Sets the signing key when issuing assertions.
-
#state ⇒ String
Returns the client’s current state value.
-
#state=(new_state) ⇒ Object
Sets the client’s current state value.
-
#to_json ⇒ String
Serialize the client object to JSON.
- #to_jwt(options = {}) ⇒ Object
-
#token_credential_uri ⇒ Addressable::URI
Returns the token credential URI for this client.
-
#token_credential_uri=(new_token_credential_uri) ⇒ Object
Sets the token credential URI for this client.
-
#update!(options = {}) ⇒ Object
Updates an OAuth 2.0 client.
-
#update_token!(options = {}) ⇒ Object
Updates an OAuth 2.0 client.
-
#username ⇒ String
Returns the username associated with this client.
-
#username=(new_username) ⇒ Object
Sets the username associated with this client.
Constructor Details
#initialize(options = {}) ⇒ Client
Creates an OAuth 2.0 client.
91 92 93 |
# File 'lib/signet/oauth_2/client.rb', line 91 def initialize(={}) self.update!() end |
Instance Attribute Details
#sub ⇒ Object
The target “sub” when issuing assertions. Used in some Admin SDK APIs.
540 541 542 |
# File 'lib/signet/oauth_2/client.rb', line 540 def sub @sub end |
Instance Method Details
#access_token ⇒ String
Returns the access token associated with this client.
655 656 657 |
# File 'lib/signet/oauth_2/client.rb', line 655 def access_token return @access_token ||= nil end |
#access_token=(new_access_token) ⇒ Object
Sets the access token associated with this client.
664 665 666 |
# File 'lib/signet/oauth_2/client.rb', line 664 def access_token=(new_access_token) @access_token = new_access_token end |
#additional_parameters ⇒ Hash
Returns the set of additional (non standard) parameters to be used by the client.
616 617 618 |
# File 'lib/signet/oauth_2/client.rb', line 616 def additional_parameters return @additional_parameters ||= {} end |
#additional_parameters=(new_additional_parameters) ⇒ Object
Sets additional (non standard) parameters to be used by the client.
625 626 627 628 629 630 631 632 |
# File 'lib/signet/oauth_2/client.rb', line 625 def additional_parameters=(new_additional_parameters) if new_additional_parameters.respond_to?(:to_hash) @additional_parameters = new_additional_parameters.to_hash else raise TypeError, "Expected Hash, got #{new_additional_parameters.class}." end end |
#audience ⇒ String
Returns the issuer ID associated with this client. Used only by the assertion grant type.
500 501 502 |
# File 'lib/signet/oauth_2/client.rb', line 500 def audience return @audience end |
#audience=(new_audience) ⇒ Object
Sets the target audience ID when issuing assertions. Used only by the assertion grant type.
510 511 512 |
# File 'lib/signet/oauth_2/client.rb', line 510 def audience=(new_audience) @audience = new_audience end |
#authorization_uri(options = {}) ⇒ Addressable::URI
Returns the authorization URI that the user should be redirected to.
234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 |
# File 'lib/signet/oauth_2/client.rb', line 234 def (={}) # Normalize external input = deep_hash_normalize() return nil if @authorization_uri == nil unless [:response_type] [:response_type] = :code end unless [:access_type] [:access_type] = :offline end [:client_id] ||= self.client_id [:redirect_uri] ||= self.redirect_uri if [:prompt] && [:approval_prompt] raise ArgumentError, "prompt and approval_prompt are mutually exclusive parameters" end if ![:client_id] raise ArgumentError, "Missing required client identifier." end unless [:redirect_uri] raise ArgumentError, "Missing required redirect URI." end if ![:scope] && self.scope [:scope] = self.scope.join(' ') end [:state] = self.state unless [:state] .merge!(self.additional_parameters.merge([:additional_parameters] || {})) .delete(:additional_parameters) uri = Addressable::URI.parse( ::Signet::OAuth2.( @authorization_uri, ) ) if uri.normalized_scheme != 'https' raise Signet::UnsafeOperationError, 'Authorization endpoint must be protected by TLS.' end return uri end |
#authorization_uri=(new_authorization_uri) ⇒ Object
Sets the authorization URI for this client.
279 280 281 |
# File 'lib/signet/oauth_2/client.rb', line 279 def () @authorization_uri = coerce_uri() end |
#clear_credentials! ⇒ Object
Removes all credentials from the client.
777 778 779 780 781 782 783 784 785 786 |
# File 'lib/signet/oauth_2/client.rb', line 777 def clear_credentials! @access_token = nil @refresh_token = nil @id_token = nil @username = nil @password = nil @code = nil @issued_at = nil @expires_in = nil end |
#client_id ⇒ String
Returns the client identifier for this client.
314 315 316 |
# File 'lib/signet/oauth_2/client.rb', line 314 def client_id return @client_id end |
#client_id=(new_client_id) ⇒ Object
Sets the client identifier for this client.
323 324 325 |
# File 'lib/signet/oauth_2/client.rb', line 323 def client_id=(new_client_id) @client_id = new_client_id end |
#client_secret ⇒ String
Returns the client secret for this client.
331 332 333 |
# File 'lib/signet/oauth_2/client.rb', line 331 def client_secret return @client_secret end |
#client_secret=(new_client_secret) ⇒ Object
Sets the client secret for this client.
340 341 342 |
# File 'lib/signet/oauth_2/client.rb', line 340 def client_secret=(new_client_secret) @client_secret = new_client_secret end |
#code ⇒ String
Returns the authorization code issued to this client. Used only by the authorization code access grant type.
401 402 403 |
# File 'lib/signet/oauth_2/client.rb', line 401 def code return @code end |
#code=(new_code) ⇒ Object
Sets the authorization code issued to this client. Used only by the authorization code access grant type.
411 412 413 |
# File 'lib/signet/oauth_2/client.rb', line 411 def code=(new_code) @code = new_code end |
#coerce_uri(incoming_uri) ⇒ Object
Addressable expects URIs formatted as hashes to come in with symbols as keys. Returns nil implicitly for the nil case.
302 303 304 305 306 307 308 |
# File 'lib/signet/oauth_2/client.rb', line 302 def coerce_uri(incoming_uri) if incoming_uri.is_a? Hash Addressable::URI.new(deep_hash_normalize(incoming_uri)) elsif incoming_uri Addressable::URI.parse(incoming_uri) end end |
#decoded_id_token(public_key = nil) ⇒ String
Returns the decoded ID token associated with this client.
693 694 695 696 697 698 699 700 701 702 |
# File 'lib/signet/oauth_2/client.rb', line 693 def decoded_id_token(public_key=nil) payload, header = JWT.decode(self.id_token, public_key, !!public_key) if !payload.has_key?('aud') raise Signet::UnsafeOperationError, 'No ID token audience declared.' elsif payload['aud'] != self.client_id raise Signet::UnsafeOperationError, 'ID token audience did not match Client ID.' end return payload end |
#expired? ⇒ TrueClass, FalseClass
Returns true if the access token has expired.
770 771 772 |
# File 'lib/signet/oauth_2/client.rb', line 770 def expired? return self.expires_at != nil && Time.now >= self.expires_at end |
#expires_at ⇒ Integer
Returns the timestamp the access token will expire at.
748 749 750 751 752 753 754 755 756 |
# File 'lib/signet/oauth_2/client.rb', line 748 def expires_at if @expires_at @expires_at elsif @issued_at && @expires_in return @issued_at + @expires_in else return nil end end |
#expires_at=(new_expires_at) ⇒ Object
Limits the lifetime of the access token as number of seconds since the Epoch
761 762 763 |
# File 'lib/signet/oauth_2/client.rb', line 761 def expires_at=(new_expires_at) @expires_at = Time.at new_expires_at end |
#expires_in ⇒ Integer
Returns the lifetime of the access token in seconds.
708 709 710 |
# File 'lib/signet/oauth_2/client.rb', line 708 def expires_in return @expires_in end |
#expires_in=(new_expires_in) ⇒ Object
Sets the lifetime of the access token in seconds. Resets the issued timestamp.
718 719 720 721 722 723 724 725 |
# File 'lib/signet/oauth_2/client.rb', line 718 def expires_in=(new_expires_in) if new_expires_in != nil @expires_in = new_expires_in.to_i @issued_at = Time.now else @expires_in, @issued_at = nil, nil end end |
#expiry ⇒ Fixnum
Returns the number of seconds assertions are valid for Used only by the assertion grant type.
547 548 549 |
# File 'lib/signet/oauth_2/client.rb', line 547 def expiry return @expiry end |
#expiry=(new_expiry) ⇒ Object
Sets the number of seconds assertions are valid for Used only by the assertion grant type.
557 558 559 |
# File 'lib/signet/oauth_2/client.rb', line 557 def expiry=(new_expiry) @expiry = new_expiry end |
#extension_parameters ⇒ Hash
Returns the set of extension parameters used by the client. Used only by extension access grant types.
593 594 595 |
# File 'lib/signet/oauth_2/client.rb', line 593 def extension_parameters return @extension_parameters ||= {} end |
#extension_parameters=(new_extension_parameters) ⇒ Object
Sets extension parameters used by the client. Used only by extension access grant types.
603 604 605 606 607 608 609 610 |
# File 'lib/signet/oauth_2/client.rb', line 603 def extension_parameters=(new_extension_parameters) if new_extension_parameters.respond_to?(:to_hash) @extension_parameters = new_extension_parameters.to_hash else raise TypeError, "Expected Hash, got #{new_extension_parameters.class}." end end |
#fetch_access_token(options = {}) ⇒ Object
931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 |
# File 'lib/signet/oauth_2/client.rb', line 931 def fetch_access_token(={}) = deep_hash_normalize() [:connection] ||= Faraday.default_connection request = self.generate_access_token_request() request_env = request.to_env([:connection]) request_env[:request] ||= request response = [:connection].app.call(request_env) if response.status.to_i == 200 content_type = response.headers['content-type'] return ::Signet::OAuth2.parse_credentials(response.body, content_type) elsif [400, 401, 403].include?(response.status.to_i) = 'Authorization failed.' if response.body.to_s.strip.length > 0 += " Server message:\n#{response.body.to_s.strip}" end raise ::Signet::AuthorizationError.new( , :request => request, :response => response ) else = "Unexpected status code: #{response.status}." if response.body.to_s.strip.length > 0 += " Server message:\n#{response.body.to_s.strip}" end raise ::Signet::AuthorizationError.new( , :request => request, :response => response ) end end |
#fetch_access_token!(options = {}) ⇒ Object
961 962 963 964 965 966 967 968 969 970 971 972 973 974 |
# File 'lib/signet/oauth_2/client.rb', line 961 def fetch_access_token!(={}) = deep_hash_normalize() token_hash = self.fetch_access_token() if token_hash # No-op for grant types other than `authorization_code`. # An authorization code is a one-time use token and is immediately # revoked after usage. self.code = nil self.issued_at = Time.now self.update_token!(token_hash) end return token_hash end |
#fetch_protected_resource(options = {}) ⇒ Array
Transmits a request for a protected resource.
1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 |
# File 'lib/signet/oauth_2/client.rb', line 1095 def fetch_protected_resource(={}) = deep_hash_normalize() [:connection] ||= Faraday.default_connection request = self.generate_authenticated_request() request_env = request.to_env([:connection]) request_env[:request] ||= request response = [:connection].app.call(request_env) if response.status.to_i == 401 # When accessing a protected resource, we only want to raise an # error for 401 responses. = 'Authorization failed.' if response.body.to_s.strip.length > 0 += " Server message:\n#{response.body.to_s.strip}" end raise ::Signet::AuthorizationError.new( , :request => request, :response => response ) else return response end end |
#generate_access_token_request(options = {}) ⇒ Array
Generates a request for token credentials.
884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 |
# File 'lib/signet/oauth_2/client.rb', line 884 def generate_access_token_request(={}) = deep_hash_normalize() if self.token_credential_uri == nil raise ArgumentError, 'Missing token endpoint URI.' end [:connection] ||= Faraday.default_connection method = 'POST' parameters = {"grant_type" => self.grant_type} case self.grant_type when 'authorization_code' parameters['code'] = self.code parameters['redirect_uri'] = self.redirect_uri when 'password' parameters['username'] = self.username parameters['password'] = self.password when 'refresh_token' parameters['refresh_token'] = self.refresh_token when 'urn:ietf:params:oauth:grant-type:jwt-bearer' parameters['assertion'] = self.to_jwt() else if self.redirect_uri # Grant type was intended to be `authorization_code` because of # the presence of the redirect URI. raise ArgumentError, 'Missing authorization code.' end parameters.merge!(self.extension_parameters) end parameters['client_id'] = self.client_id unless self.client_id.nil? parameters['client_secret'] = self.client_secret unless self.client_secret.nil? headers = [ ['Cache-Control', 'no-store'], ['Content-Type', 'application/x-www-form-urlencoded'] ] parameters.merge!(self.additional_parameters.merge([:additional_parameters] || {})) return [:connection].build_request( method.to_s.downcase.to_sym ) do |req| req.url(Addressable::URI.parse( self.token_credential_uri ).normalize.to_s) req.headers = Faraday::Utils::Headers.new(headers) req.body = Addressable::URI.form_encode(parameters) end end |
#generate_authenticated_request(options = {}) ⇒ Faraday::Request
Generates an authenticated request for protected resources.
1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 |
# File 'lib/signet/oauth_2/client.rb', line 1005 def generate_authenticated_request(={}) = deep_hash_normalize() if self.access_token == nil raise ArgumentError, 'Missing access token.' end = { :realm => nil }.merge() if [:request].kind_of?(Faraday::Request) request = [:request] else if [:request].kind_of?(Array) method, uri, headers, body = [:request] else method = [:method] || :get uri = [:uri] headers = [:headers] || [] body = [:body] || '' end headers = headers.to_a if headers.kind_of?(Hash) request_components = { :method => method, :uri => uri, :headers => headers, :body => body } # Verify that we have all pieces required to return an HTTP request request_components.each do |(key, value)| unless value raise ArgumentError, "Missing :#{key} parameter." end end method = method.to_s.downcase.to_sym request = [:connection].build_request(method.to_s.downcase.to_sym) do |req| req.url(Addressable::URI.parse(uri).normalize.to_s) req.headers = Faraday::Utils::Headers.new(headers) req.body = body end end request['Authorization'] = ::Signet::OAuth2.( self.access_token, [:realm] ? [['realm', [:realm]]] : nil ) request['Cache-Control'] = 'no-store' return request end |
#grant_type ⇒ String
Returns the inferred grant type, based on the current state of the client object. Returns ‘“none”` if the client has insufficient information to make an in-band authorization request.
796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 |
# File 'lib/signet/oauth_2/client.rb', line 796 def grant_type @grant_type ||= nil if @grant_type return @grant_type else if self.code && self.redirect_uri 'authorization_code' elsif self.refresh_token 'refresh_token' elsif self.username && self.password 'password' elsif self.issuer && self.signing_key 'urn:ietf:params:oauth:grant-type:jwt-bearer' else # We don't have sufficient auth information, assume an out-of-band # authorization arrangement between the client and server, or an # extension grant type. nil end end end |
#grant_type=(new_grant_type) ⇒ Object
818 819 820 821 822 823 824 825 826 |
# File 'lib/signet/oauth_2/client.rb', line 818 def grant_type=(new_grant_type) case new_grant_type when 'authorization_code', 'refresh_token', 'password', 'client_credentials' @grant_type = new_grant_type else @grant_type = Addressable::URI.parse(new_grant_type) end end |
#id_token ⇒ String
Returns the ID token associated with this client.
672 673 674 |
# File 'lib/signet/oauth_2/client.rb', line 672 def id_token return @id_token ||= nil end |
#id_token=(new_id_token) ⇒ Object
Sets the ID token associated with this client.
681 682 683 |
# File 'lib/signet/oauth_2/client.rb', line 681 def id_token=(new_id_token) @id_token = new_id_token end |
#issued_at ⇒ Integer
Returns the timestamp the access token was issued at.
731 732 733 |
# File 'lib/signet/oauth_2/client.rb', line 731 def issued_at return @issued_at end |
#issued_at=(new_issued_at) ⇒ Object
Sets the timestamp the access token was issued at.
740 741 742 |
# File 'lib/signet/oauth_2/client.rb', line 740 def issued_at=(new_issued_at) @issued_at = new_issued_at end |
#issuer ⇒ String
Returns the issuer ID associated with this client. Used only by the assertion grant type.
481 482 483 |
# File 'lib/signet/oauth_2/client.rb', line 481 def issuer return @issuer end |
#issuer=(new_issuer) ⇒ Object
Sets the issuer ID associated with this client. Used only by the assertion grant type.
491 492 493 |
# File 'lib/signet/oauth_2/client.rb', line 491 def issuer=(new_issuer) @issuer = new_issuer end |
#password ⇒ String
Returns the password associated with this client. Used only by the resource owner password credential access grant type.
462 463 464 |
# File 'lib/signet/oauth_2/client.rb', line 462 def password return @password end |
#password=(new_password) ⇒ Object
Sets the password associated with this client. Used only by the resource owner password credential access grant type.
472 473 474 |
# File 'lib/signet/oauth_2/client.rb', line 472 def password=(new_password) @password = new_password end |
#principal ⇒ String Also known as: person
Returns the target resource owner for impersonation. Used only by the assertion grant type.
519 520 521 |
# File 'lib/signet/oauth_2/client.rb', line 519 def principal return @principal end |
#principal=(new_person) ⇒ Object Also known as: person=
Sets the target resource owner for impersonation. Used only by the assertion grant type.
529 530 531 |
# File 'lib/signet/oauth_2/client.rb', line 529 def principal=(new_person) @principal = new_person end |
#redirect_uri ⇒ String
Returns the redirect URI for this client.
419 420 421 |
# File 'lib/signet/oauth_2/client.rb', line 419 def redirect_uri return @redirect_uri end |
#redirect_uri=(new_redirect_uri) ⇒ Object
Sets the redirect URI for this client.
428 429 430 431 432 433 434 435 436 |
# File 'lib/signet/oauth_2/client.rb', line 428 def redirect_uri=(new_redirect_uri) new_redirect_uri = Addressable::URI.parse(new_redirect_uri) #TODO - Better solution to allow google postmessage flow. For now, make an exception to the spec. if new_redirect_uri == nil|| new_redirect_uri.absolute? || (new_redirect_uri) || uri_is_oob?(new_redirect_uri) @redirect_uri = new_redirect_uri else raise ArgumentError, "Redirect URI must be an absolute URI." end end |
#refresh!(options = {}) ⇒ Object
Refresh the access token, if possible
978 979 980 981 982 |
# File 'lib/signet/oauth_2/client.rb', line 978 def refresh!(={}) = deep_hash_normalize() self.fetch_access_token!() end |
#refresh_token ⇒ String
Returns the refresh token associated with this client.
638 639 640 |
# File 'lib/signet/oauth_2/client.rb', line 638 def refresh_token return @refresh_token ||= nil end |
#refresh_token=(new_refresh_token) ⇒ Object
Sets the refresh token associated with this client.
647 648 649 |
# File 'lib/signet/oauth_2/client.rb', line 647 def refresh_token=(new_refresh_token) @refresh_token = new_refresh_token end |
#scope ⇒ Array
Returns the scope for this client. Scope is a list of access ranges defined by the authorization server.
349 350 351 |
# File 'lib/signet/oauth_2/client.rb', line 349 def scope return @scope end |
#scope=(new_scope) ⇒ Object
Sets the scope for this client.
360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 |
# File 'lib/signet/oauth_2/client.rb', line 360 def scope=(new_scope) case new_scope when Array new_scope.each do |scope| if scope.include?(' ') raise ArgumentError, "Individual scopes cannot contain the space character." end end @scope = new_scope when String @scope = new_scope.split(' ') when nil @scope = nil else raise TypeError, "Expected Array or String, got #{new_scope.class}" end end |
#signing_algorithm ⇒ String
Algorithm used for signing JWTs
584 585 586 |
# File 'lib/signet/oauth_2/client.rb', line 584 def signing_algorithm self.signing_key.is_a?(String) ? "HS256" : "RS256" end |
#signing_key ⇒ String, OpenSSL::PKey
Returns the signing key associated with this client. Used only by the assertion grant type.
567 568 569 |
# File 'lib/signet/oauth_2/client.rb', line 567 def signing_key return @signing_key end |
#signing_key=(new_key) ⇒ Object
Sets the signing key when issuing assertions. Used only by the assertion grant type.
577 578 579 |
# File 'lib/signet/oauth_2/client.rb', line 577 def signing_key=(new_key) @signing_key = new_key end |
#state ⇒ String
Returns the client’s current state value.
383 384 385 |
# File 'lib/signet/oauth_2/client.rb', line 383 def state return @state end |
#state=(new_state) ⇒ Object
Sets the client’s current state value.
392 393 394 |
# File 'lib/signet/oauth_2/client.rb', line 392 def state=(new_state) @state = new_state end |
#to_json ⇒ String
A serialized client contains sensitive information. Persist or transmit with care.
Serialize the client object to JSON.
851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 |
# File 'lib/signet/oauth_2/client.rb', line 851 def to_json return MultiJson.dump({ 'authorization_uri' => self., 'token_credential_uri' => self.token_credential_uri, 'client_id' => self.client_id, 'client_secret' => self.client_secret, 'scope' => self.scope, 'state' => self.state, 'code' => self.code, 'redirect_uri' => self.redirect_uri, 'username' => self.username, 'password' => self.password, 'issuer' => self.issuer, 'audience' => self.audience, 'person' => self.person, 'expiry' => self.expiry, 'signing_key' => self.signing_key, 'refresh_token' => self.refresh_token, 'access_token' => self.access_token, 'id_token' => self.id_token, 'extension_parameters' => self.extension_parameters }) end |
#to_jwt(options = {}) ⇒ Object
828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 |
# File 'lib/signet/oauth_2/client.rb', line 828 def to_jwt(={}) = deep_hash_normalize() now = Time.new skew = [:skew] || 60 assertion = { "iss" => self.issuer, "scope" => self.scope.join(' '), "aud" => self.audience, "exp" => (now + self.expiry).to_i, "iat" => (now - skew).to_i } assertion['prn'] = self.person unless self.person.nil? assertion['sub'] = self.sub unless self.sub.nil? JWT.encode(assertion, self.signing_key, self.signing_algorithm) end |
#token_credential_uri ⇒ Addressable::URI
Returns the token credential URI for this client.
287 288 289 |
# File 'lib/signet/oauth_2/client.rb', line 287 def token_credential_uri return @token_credential_uri end |
#token_credential_uri=(new_token_credential_uri) ⇒ Object
Sets the token credential URI for this client.
296 297 298 |
# File 'lib/signet/oauth_2/client.rb', line 296 def token_credential_uri=(new_token_credential_uri) @token_credential_uri = coerce_uri(new_token_credential_uri) end |
#update!(options = {}) ⇒ Object
Updates an OAuth 2.0 client.
155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 |
# File 'lib/signet/oauth_2/client.rb', line 155 def update!(={}) # Normalize all keys to symbols to allow indifferent access. = deep_hash_normalize() self. = [:authorization_uri] if .has_key?(:authorization_uri) self.token_credential_uri = [:token_credential_uri] if .has_key?(:token_credential_uri) self.client_id = [:client_id] if .has_key?(:client_id) self.client_secret = [:client_secret] if .has_key?(:client_secret) self.scope = [:scope] if .has_key?(:scope) self.state = [:state] if .has_key?(:state) self.code = [:code] if .has_key?(:code) self.redirect_uri = [:redirect_uri] if .has_key?(:redirect_uri) self.username = [:username] if .has_key?(:username) self.password = [:password] if .has_key?(:password) self.issuer = [:issuer] if .has_key?(:issuer) self.person = [:person] if .has_key?(:person) self.sub = [:sub] if .has_key?(:sub) self.expiry = [:expiry] || 60 self.audience = [:audience] if .has_key?(:audience) self.signing_key = [:signing_key] if .has_key?(:signing_key) self.extension_parameters = [:extension_parameters] || {} self.additional_parameters = [:additional_parameters] || {} self.update_token!() return self end |
#update_token!(options = {}) ⇒ Object
Updates an OAuth 2.0 client.
209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 |
# File 'lib/signet/oauth_2/client.rb', line 209 def update_token!(={}) # Normalize all keys to symbols to allow indifferent access internally = deep_hash_normalize() self.expires_in = [:expires] if .has_key?(:expires) self.expires_in = [:expires_in] if .has_key?(:expires_in) self.expires_at = [:expires_at] if .has_key?(:expires_at) # By default, the token is issued at `Time.now` when `expires_in` is # set, but this can be used to supply a more precise time. self.issued_at = [:issued_at] if .has_key?(:issued_at) self.access_token = [:access_token] if .has_key?(:access_token) self.refresh_token = [:refresh_token] if .has_key?(:refresh_token) self.id_token = [:id_token] if .has_key?(:id_token) return self end |
#username ⇒ String
Returns the username associated with this client. Used only by the resource owner password credential access grant type.
443 444 445 |
# File 'lib/signet/oauth_2/client.rb', line 443 def username return @username end |
#username=(new_username) ⇒ Object
Sets the username associated with this client. Used only by the resource owner password credential access grant type.
453 454 455 |
# File 'lib/signet/oauth_2/client.rb', line 453 def username=(new_username) @username = new_username end |