Class: AuthressSdk::ServiceClientTokenProvider

Inherits:

Object

• Object
• AuthressSdk::ServiceClientTokenProvider

Defined in:

lib/authress-sdk/service_client_token_provider.rb

Instance Method Summary

• #get_issuer(unsanitizedAuthressCustomDomain, decodedAccessKey) ⇒ Object
• #get_token ⇒ Object
• #initialize(client_access_key, custom_domain_url = nil) ⇒ ServiceClientTokenProvider constructor

  A new instance of ServiceClientTokenProvider.

• #sanitizeUrl(url) ⇒ Object

Constructor Details

#initialize(client_access_key, custom_domain_url = nil) ⇒ ServiceClientTokenProvider

Returns a new instance of ServiceClientTokenProvider.

# File 'lib/authress-sdk/service_client_token_provider.rb', line 8

def initialize(client_access_key, custom_domain_url = nil)
  @custom_domain_url = custom_domain_url
  @client_access_key = client_access_key
  @cachedKeyData = nil
end

Instance Method Details

#get_issuer(unsanitizedAuthressCustomDomain, decodedAccessKey) ⇒ Object

# File 'lib/authress-sdk/service_client_token_provider.rb', line 30

def get_issuer(unsanitizedAuthressCustomDomain, decodedAccessKey)
  authressCustomDomain = sanitizeUrl(@custom_domain_url).gsub(/\/+$/, '')
  return "#{authressCustomDomain}/v1/clients/#{decodedAccessKey.clientId}"
end

#get_token ⇒ Object

# File 'lib/authress-sdk/service_client_token_provider.rb', line 35

def get_token()
  if @cachedKeyData && @cachedKeyData.token && Time.now().to_i() + 3600 < @cachedKeyData.expiresAtInSeconds
    return @cachedKeyData.token
  end

  accountId = @client_access_key.split('.')[2];
  decodedAccessKeyHash = {
    clientId: @client_access_key.split('.')[0],
    keyId: @client_access_key.split('.')[1],
    audience: "#{accountId}.accounts.authress.io",
    privateKey: @client_access_key.split('.')[3]
  }
  decodedAccessKey = Struct.new(*decodedAccessKeyHash.keys).new(*decodedAccessKeyHash.values)

  now = Time.now().to_i()
  jwt = {
    aud: decodedAccessKey.audience,
    iss: get_issuer(@custom_domain_url || "#{accountId}.api.authress.io", decodedAccessKey),
    sub: decodedAccessKey.clientId,
    client_id: decodedAccessKey.clientId,
    iat: now,
    # valid for 24 hours
    exp: now + 60 * 60 * 24,
    scope: 'openid'
  }

  if decodedAccessKey.privateKey.nil?
    raise Exception("Invalid Service Client Access Key")
  end

  return decodedAccessKey.privateKey

  # The Ed25519 module is broken right now and doesn't accept valid private keys.
  # private_key = RbNaCl::Signatures::Ed25519::SigningKey.new(Base64.decode64(decodedAccessKey.privateKey)[0, 32])
  
  # token = JWT.encode(jwt, private_key, 'ED25519', { typ: 'at+jwt', alg: 'EdDSA', kid: decodedAccessKey.keyId })
  # @cachedKeyData = { token: token, expires: jwt['exp'] }
  # return token
end

#sanitizeUrl(url) ⇒ Object

# File 'lib/authress-sdk/service_client_token_provider.rb', line 14

def sanitizeUrl(url)
  if url.nil?
    return nil
  end

  if (url.match(/^http/))
    return url
  end

  if (url.match(/^localhost/))
    return "http://#{url}"
  end

  return "https://#{url}"
end