require "aws-cognito-srp"
module FmRest
module Cloud
class ClarisIdTokenManager
include TokenStore
COGNITO_CLIENT_ID = "4l9rvl4mv5es1eep1qe97cautn"
COGNITO_POOL_ID = "us-west-2_NqkuZcXQY"
AWS_REGION = "us-west-2"
TOKEN_STORE_PREFIX = "claris-cognito"
def initialize(settings)
@settings = settings
end
def fetch_token
if token = token_store.load(token_store_key)
return token
end
tokens = get_cognito_tokens
token_store.store(token_store_key, tokens.id_token)
token_store.store(token_store_key(:refresh), tokens.refresh_token) if tokens.refresh_token
tokens.id_token
end
def expire_token
token_store.delete(token_store_key)
end
private
def get_cognito_tokens
refresh_cognito_token || cognito_srp_client.authenticate
end
def refresh_cognito_token
return unless refresh_token = token_store.load(token_store_key(:refresh))
begin
cognito_srp_client.refresh_tokens(refresh_token)
rescue Aws::CognitoIdentityProvider::Errors::NotAuthorizedException
nil
end
end
def cognito_srp_client
@cognito_srp_client ||=
Aws::CognitoSrp.new(
username: @settings.username!,
password: @settings.password!,
pool_id: @settings.cognito_pool_id || COGNITO_POOL_ID,
client_id: @settings.cognito_client_id || COGNITO_CLIENT_ID,
aws_client: build_aws_client
)
end
def build_aws_client
options = { region: @settings.aws_region || AWS_REGION }
options[:http_proxy] = @settings.proxy if @settings.proxy?
Aws::CognitoIdentityProvider::Client.new(options)
end
def token_store_key(token_type = :id)
"#{TOKEN_STORE_PREFIX}:#{token_type}:#{@settings.username!}"
end
def token_store_option
@settings.token_store || FmRest.token_store
end
end
end
end