Class: HTTPX::Plugins::OAuth::OAuthSession

Inherits:

Object

• Object
• HTTPX::Plugins::OAuth::OAuthSession

Defined in:

lib/httpx/plugins/oauth.rb

Overview

Implements the bulk of functionality and maintains the state associated with the management of the the lifecycle of an OAuth session.

Instance Attribute Summary

• #access_token ⇒ Object readonly

  Returns the value of attribute access_token.

• #refresh_token ⇒ Object readonly

  Returns the value of attribute refresh_token.

Instance Method Summary

• #fetch_access_token(http) ⇒ Object

  when not available, it uses the http object to request new access and refresh tokens.

• #initialize(issuer:, client_id:, client_secret:, access_token: nil, refresh_token: nil, scope: nil, audience: nil, token_endpoint: nil, grant_type: nil, token_endpoint_auth_method: nil) ⇒ OAuthSession constructor

  A new instance of OAuthSession.

• #merge(other) ⇒ Object

  TODO: remove this after deprecating the ‘:oauth_session` option.

• #reset! ⇒ Object
• #token_endpoint ⇒ Object

  returns the URL where to request access and refresh tokens from.

• #token_endpoint_auth_method ⇒ Object

  returns the oauth-documented authorization method to use when requesting a token.

Constructor Details

#initialize(issuer:, client_id:, client_secret:, access_token: nil, refresh_token: nil, scope: nil, audience: nil, token_endpoint: nil, grant_type: nil, token_endpoint_auth_method: nil) ⇒ OAuthSession

Returns a new instance of OAuthSession.

Raises:

• (Error)

# File 'lib/httpx/plugins/oauth.rb', line 38

def initialize(
  issuer:,
  client_id:,
  client_secret:,
  access_token: nil,
  refresh_token: nil,
  scope: nil,
  audience: nil,
  token_endpoint: nil,
  grant_type: nil,
  token_endpoint_auth_method: nil
)
  @issuer = URI(issuer)
  @client_id = client_id
  @client_secret = client_secret
  @token_endpoint = URI(token_endpoint) if token_endpoint
  @scope = case scope
           when String
             scope.split
           when Array
             scope
  end
  @audience = audience
  @access_token = access_token
  @refresh_token = refresh_token
  @token_endpoint_auth_method = String(token_endpoint_auth_method) if token_endpoint_auth_method
  @grant_type = grant_type || (@refresh_token ? "refresh_token" : "client_credentials")
  @access_token = access_token
  @refresh_token = refresh_token

  unless @token_endpoint_auth_method.nil? || SUPPORTED_AUTH_METHODS.include?(@token_endpoint_auth_method)
    raise Error, "#{@token_endpoint_auth_method} is not a supported auth method"
  end

  return if SUPPORTED_GRANT_TYPES.include?(@grant_type)

  raise Error, "#{@grant_type} is not a supported grant type"
end

Instance Attribute Details

#access_token ⇒ Object (readonly)

Returns the value of attribute access_token.

# File 'lib/httpx/plugins/oauth.rb', line 36

def access_token
  @access_token
end

#refresh_token ⇒ Object (readonly)

Returns the value of attribute refresh_token.

# File 'lib/httpx/plugins/oauth.rb', line 36

def refresh_token
  @refresh_token
end

Instance Method Details

#fetch_access_token(http) ⇒ Object

when not available, it uses the http object to request new access and refresh tokens.

# File 'lib/httpx/plugins/oauth.rb', line 92

def fetch_access_token(http)
  return access_token if access_token

  load(http)

  # always prefer refresh token grant if a refresh token is available
  grant_type = @refresh_token ? "refresh_token" : @grant_type

  headers = {} # : Hash[String ,String]
  form_post = {
    "grant_type" => @grant_type,
    "scope" => Array(@scope).join(" "),
    "audience" => @audience,
  }.compact

  # auth
  case token_endpoint_auth_method
  when "client_secret_post"
    form_post["client_id"] = @client_id
    form_post["client_secret"] = @client_secret
  when "client_secret_basic"
    headers["authorization"] = Authentication::Basic.new(@client_id, @client_secret).authenticate
  end

  case grant_type
  when "client_credentials"
    # do nothing
  when "refresh_token"
    raise Error, "cannot use the `\"refresh_token\"` grant type without a refresh token" unless refresh_token

    form_post["refresh_token"] = refresh_token
  end

  # POST /token
  token_request = http.build_request("POST", token_endpoint, headers: headers, form: form_post)

  token_request.headers.delete("authorization") unless token_endpoint_auth_method == "client_secret_basic"

  token_response = http.skip_auth_header { http.request(token_request) }

  begin
    token_response.raise_for_status
  rescue HTTPError => e
    @refresh_token = nil if e.response.status == 401 && (grant_type == "refresh_token")
    raise e
  end

  payload = token_response.json

  @refresh_token = payload["refresh_token"] || @refresh_token
  @access_token = payload["access_token"]
end

#merge(other) ⇒ Object

TODO: remove this after deprecating the ‘:oauth_session` option

# File 'lib/httpx/plugins/oauth.rb', line 146

def merge(other)
  obj = dup

  case other
  when OAuthSession
    other.instance_variables.each do |ivar|
      val = other.instance_variable_get(ivar)
      next unless val

      obj.instance_variable_set(ivar, val)
    end
  when Hash
    other.each do |k, v|
      obj.instance_variable_set(:"@#{k}", v) if obj.instance_variable_defined?(:"@#{k}")
    end
  end
  obj
end

#reset! ⇒ Object

# File 'lib/httpx/plugins/oauth.rb', line 87

def reset!
  @access_token = nil
end

#token_endpoint ⇒ Object

returns the URL where to request access and refresh tokens from.

# File 'lib/httpx/plugins/oauth.rb', line 78

def token_endpoint
  @token_endpoint || "#{@issuer}/token"
end

#token_endpoint_auth_method ⇒ Object

returns the oauth-documented authorization method to use when requesting a token.

# File 'lib/httpx/plugins/oauth.rb', line 83

def token_endpoint_auth_method
  @token_endpoint_auth_method || "client_secret_basic"
end