Class: Himari::AuthorizationCode

Inherits:

Struct

• Object
• Struct
• Himari::AuthorizationCode

Defined in:

lib/himari/authorization_code.rb

Class Method Summary

• .make(**kwargs) ⇒ Object

Instance Method Summary

• #as_json ⇒ Object
• #as_log ⇒ Object
• #code_dgst_for_log ⇒ Object
• #expiry ⇒ Object
• #lifetime ⇒ Object
• #pkce? ⇒ Boolean
• #pkce_known_method? ⇒ Boolean
• #pkce_valid_challenge? ⇒ Boolean
• #pkce_valid_request? ⇒ Boolean
• #valid_redirect_uri?(given_uri) ⇒ Boolean

Class Method Details

.make(**kwargs) ⇒ Object

# File 'lib/himari/authorization_code.rb', line 19

def self.make(**kwargs)
  new(
    code: SecureRandom.urlsafe_base64(32),
    created_at: Time.now.to_i,
    **kwargs,
  )
end

Instance Method Details

#as_json ⇒ Object

# File 'lib/himari/authorization_code.rb', line 93

def as_json
  {
    code: code,
    client_id: client_id,
    claims: claims,
    openid: openid,
    redirect_uri: redirect_uri,
    nonce: nonce,
    code_challenge: code_challenge,
    code_challenge_method: code_challenge_method,
    created_at: created_at.to_i,
    lifetime: lifetime.as_json,
    expiry: expiry.to_i,
  }
end

#as_log ⇒ Object

# File 'lib/himari/authorization_code.rb', line 77

def as_log
  {
    code_dgst: code_dgst_for_log,
    client_id: client_id,
    claims: claims,
    nonce: nonce,
    openid: openid,
    created_at: created_at.to_i,
    lifetime: lifetime.as_log,
    expiry: expiry.to_i,
    pkce: pkce?,
    pkce_method: code_challenge_method,
    pkce_valid_chal: pkce_valid_challenge?,
  }
end

#code_dgst_for_log ⇒ Object

# File 'lib/himari/authorization_code.rb', line 73

def code_dgst_for_log
  @code_dgst_for_log ||= code ? Digest::SHA256.hexdigest(code) : nil
end

#expiry ⇒ Object

# File 'lib/himari/authorization_code.rb', line 42

def expiry
  self._expiry_raw || (self.expiry = created_at + (lifetime&.code || 900))
end

#lifetime ⇒ Object

# File 'lib/himari/authorization_code.rb', line 29

def lifetime
  case _lifetime_raw
  when Hash
    self.lifetime = LifetimeValue.new(**_lifetime_raw)
  when Integer #compat
    self.lifetime = LifetimeValue.from_integer(_lifetime_raw)
  else
    _lifetime_raw
  end
end

#pkce? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/himari/authorization_code.rb', line 50

def pkce?
  !!(code_challenge && code_challenge_method)
end

#pkce_known_method? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/himari/authorization_code.rb', line 54

def pkce_known_method?
  # https://datatracker.ietf.org/doc/html/rfc7636#section-4.2
  %w(S256 plain).include?(code_challenge_method.to_s)
end

#pkce_valid_challenge? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/himari/authorization_code.rb', line 59

def pkce_valid_challenge?
  # https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
  case code_challenge_method.to_s
  when 'plain'
    (43..128).cover?(code_challenge.size)
  when 'S256'
    (43..45).cover?(code_challenge.size)
  end
end

#pkce_valid_request? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/himari/authorization_code.rb', line 69

def pkce_valid_request?
  pkce? && pkce_known_method? && pkce_valid_challenge?
end

#valid_redirect_uri?(given_uri) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/himari/authorization_code.rb', line 46

def valid_redirect_uri?(given_uri)
  redirect_uri == given_uri
end