Class: Okta::DirectoryService

Inherits:

Common::Client::Base

• Object
• Common::Client::Base
• Okta::DirectoryService

Defined in:

lib/okta/directory_service.rb

Constant Summary

DEFAULT_OKTA_SCOPES =

%w[openid profile email address phone offline_access device_sso].freeze

Instance Attribute Summary

• #okta_service ⇒ Object

  Returns the value of attribute okta_service.

Instance Method Summary

• #handle_health_server ⇒ Object
• #handle_nonhealth_server(category) ⇒ Object
• #initialize ⇒ DirectoryService constructor

  A new instance of DirectoryService.

• #remove_base_okta_scopes(scopes) ⇒ Object
• #remove_scope_keys(scopes) ⇒ Object
• #scopes(category) ⇒ Object

Methods inherited from Common::Client::Base

configuration, #raise_backend_exception

Methods included from SentryLogging

#log_exception_to_sentry, #log_message_to_sentry, #non_nil_hash?, #normalize_level, #rails_logger

Constructor Details

#initialize ⇒ DirectoryService

Returns a new instance of DirectoryService.

# File 'lib/okta/directory_service.rb', line 12

def initialize
  @okta_service = Okta::Service.new
end

Instance Attribute Details

#okta_service ⇒ Object

Returns the value of attribute okta_service.

# File 'lib/okta/directory_service.rb', line 10

def okta_service
  @okta_service
end

Instance Method Details

#handle_health_server ⇒ Object

# File 'lib/okta/directory_service.rb', line 22

def handle_health_server
  server = okta_service.auth_server(Settings.directory.health_server_id)
  scopes = okta_service.get_server_scopes(server.body['id'])
  remove_scope_keys(scopes)
end

#handle_nonhealth_server(category) ⇒ Object

# File 'lib/okta/directory_service.rb', line 28

def handle_nonhealth_server(category)
  servers = okta_service.auth_servers
  server = servers.body.select { |auth_server| auth_server['name'].include?(category.downcase) }
  return server if server.empty?

  scopes = @okta_service.get_server_scopes(server[0]['id'])
  remove_scope_keys(scopes)
end

#remove_base_okta_scopes(scopes) ⇒ Object

# File 'lib/okta/directory_service.rb', line 47

def remove_base_okta_scopes(scopes)
  scopes.delete_if { |scope| DEFAULT_OKTA_SCOPES.include? scope['name'] }
end

#remove_scope_keys(scopes) ⇒ Object

# File 'lib/okta/directory_service.rb', line 37

def remove_scope_keys(scopes)
  # Removing unneccesary key/value pairs from the Okta Response.
  # Our response only requires the names and description
  parsed_scopes = scopes.body.each do |item|
    item.select! { |k, _v| %w[name displayName description].include?(k.to_s) }
  end
  # Removing the default scopes assigned to each Okta Authorization Server
  remove_base_okta_scopes(parsed_scopes)
end

#scopes(category) ⇒ Object

# File 'lib/okta/directory_service.rb', line 16

def scopes(category)
  # if the category is health we need to call a specific server instead of relying on querying by name,
  # since there is a 'health/systems' auth server that would affect results
  category == 'health' ? handle_health_server : handle_nonhealth_server(category)
end