Module: Keycloak::Client
- Defined in:
- lib/keycloak.rb
Class Attribute Summary collapse
-
.auth_server_url ⇒ Object
Returns the value of attribute auth_server_url.
-
.client_id ⇒ Object
readonly
Returns the value of attribute client_id.
-
.configuration ⇒ Object
readonly
Returns the value of attribute configuration.
-
.public_key ⇒ Object
readonly
Returns the value of attribute public_key.
-
.realm ⇒ Object
Returns the value of attribute realm.
-
.secret ⇒ Object
readonly
Returns the value of attribute secret.
Class Method Summary collapse
- .decoded_access_token(access_token = '') ⇒ Object
- .decoded_refresh_token(refresh_token = '') ⇒ Object
- .external_attributes ⇒ Object
- .get_attribute(attributeName, access_token = '') ⇒ Object
- .get_token(user, password, client_id = '', secret = '') ⇒ Object
- .get_token_by_client_credentials(client_id = '', secret = '') ⇒ Object
- .get_token_by_code(code, redirect_uri, client_id = '', secret = '', client_session_state = '', client_session_host = '') ⇒ Object
- .get_token_by_exchange(issuer, issuer_token, client_id = '', secret = '', token_endpoint = '') ⇒ Object
- .get_token_by_refresh_token(refresh_token = '', client_id = '', secret = '') ⇒ Object
- .get_token_introspection(token = '', client_id = '', secret = '', introspection_endpoint = '') ⇒ Object
- .get_userinfo(access_token = '', userinfo_endpoint = '') ⇒ Object
- .get_userinfo_issuer(access_token = '', userinfo_endpoint = '') ⇒ Object
- .has_role?(user_role, access_token = '', client_id = '', secret = '', introspection_endpoint = '') ⇒ Boolean
- .logout(redirect_uri = '', refresh_token = '', client_id = '', secret = '', end_session_endpoint = '') ⇒ Object
- .token ⇒ Object
- .url_login_redirect(redirect_uri, response_type = 'code', client_id = '', authorization_endpoint = '', scope: []) ⇒ Object
- .url_user_account ⇒ Object
- .user_signed_in?(access_token = '', client_id = '', secret = '', introspection_endpoint = '') ⇒ Boolean
Class Attribute Details
.auth_server_url ⇒ Object
Returns the value of attribute auth_server_url.
73 74 75 |
# File 'lib/keycloak.rb', line 73 def auth_server_url @auth_server_url end |
.client_id ⇒ Object (readonly)
Returns the value of attribute client_id.
74 75 76 |
# File 'lib/keycloak.rb', line 74 def client_id @client_id end |
.configuration ⇒ Object (readonly)
Returns the value of attribute configuration.
74 75 76 |
# File 'lib/keycloak.rb', line 74 def configuration @configuration end |
.public_key ⇒ Object (readonly)
Returns the value of attribute public_key.
74 75 76 |
# File 'lib/keycloak.rb', line 74 def public_key @public_key end |
.realm ⇒ Object
Returns the value of attribute realm.
73 74 75 |
# File 'lib/keycloak.rb', line 73 def realm @realm end |
.secret ⇒ Object (readonly)
Returns the value of attribute secret.
74 75 76 |
# File 'lib/keycloak.rb', line 74 def secret @secret end |
Class Method Details
.decoded_access_token(access_token = '') ⇒ Object
354 355 356 357 |
# File 'lib/keycloak.rb', line 354 def self.decoded_access_token(access_token = '') access_token = self.token["access_token"] if access_token.empty? JWT.decode access_token, @public_key, false, { :algorithm => 'RS256' } end |
.decoded_refresh_token(refresh_token = '') ⇒ Object
359 360 361 362 |
# File 'lib/keycloak.rb', line 359 def self.decoded_refresh_token(refresh_token = '') refresh_token = self.token["access_token"] if refresh_token.empty? JWT.decode refresh_token, @public_key, false, { :algorithm => 'RS256' } end |
.external_attributes ⇒ Object
346 347 348 349 350 351 352 |
# File 'lib/keycloak.rb', line 346 def self.external_attributes if !Keycloak.proc_external_attributes.nil? Keycloak.proc_external_attributes.call else raise Keycloak::ProcExternalAttributesNotDefined end end |
.get_attribute(attributeName, access_token = '') ⇒ Object
331 332 333 334 335 336 |
# File 'lib/keycloak.rb', line 331 def self.get_attribute(attributeName, access_token = '') verify_setup attr = decoded_access_token(access_token)[0] attr[attributeName] end |
.get_token(user, password, client_id = '', secret = '') ⇒ Object
77 78 79 80 81 82 83 84 85 86 87 88 89 90 |
# File 'lib/keycloak.rb', line 77 def self.get_token(user, password, client_id = '', secret = '') setup_module client_id = @client_id if isempty?(client_id) secret = @secret if isempty?(secret) payload = { 'client_id' => client_id, 'client_secret' => secret, 'username' => user, 'password' => password, 'grant_type' => 'password'} mount_request_token(payload) end |
.get_token_by_client_credentials(client_id = '', secret = '') ⇒ Object
170 171 172 173 174 175 176 177 178 179 180 181 |
# File 'lib/keycloak.rb', line 170 def self.get_token_by_client_credentials(client_id = '', secret = '') setup_module client_id = @client_id if isempty?(client_id) secret = @secret if isempty?(secret) payload = { 'client_id' => client_id, 'client_secret' => secret, 'grant_type' => 'client_credentials' } mount_request_token(payload) end |
.get_token_by_code(code, redirect_uri, client_id = '', secret = '', client_session_state = '', client_session_host = '') ⇒ Object
92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 |
# File 'lib/keycloak.rb', line 92 def self.get_token_by_code(code, redirect_uri, client_id = '', secret = '', client_session_state = '', client_session_host = '') verify_setup client_id = @client_id if isempty?(client_id) secret = @secret if isempty?(secret) payload = { 'client_id' => client_id, 'client_secret' => secret, 'code' => code, 'grant_type' => 'authorization_code', 'redirect_uri' => redirect_uri, 'client_session_state' => client_session_state, 'client_session_host' => client_session_host} mount_request_token(payload) end |
.get_token_by_exchange(issuer, issuer_token, client_id = '', secret = '', token_endpoint = '') ⇒ Object
109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 |
# File 'lib/keycloak.rb', line 109 def self.get_token_by_exchange(issuer, issuer_token, client_id = '', secret = '', token_endpoint = '') setup_module client_id = @client_id if isempty?(client_id) secret = @secret if isempty?(secret) token_endpoint = @configuration['token_endpoint'] if isempty?(token_endpoint) payload = { 'client_id' => client_id, 'client_secret' => secret, 'audience' => client_id, 'grant_type' => 'urn:ietf:params:oauth:grant-type:token-exchange', 'subject_token_type' => 'urn:ietf:params:oauth:token-type:access_token', 'subject_issuer' => issuer, 'subject_token' => issuer_token} header = { 'Content-Type' => 'application/x-www-form-urlencoded' } _request = -> do RestClient.post(token_endpoint, payload, header){|response, request, result| # case response.code # when 200 # response.body # else # response.return! # end response.body } end exec_request _request end |
.get_token_by_refresh_token(refresh_token = '', client_id = '', secret = '') ⇒ Object
155 156 157 158 159 160 161 162 163 164 165 166 167 168 |
# File 'lib/keycloak.rb', line 155 def self.get_token_by_refresh_token(refresh_token = '', client_id = '', secret = '') verify_setup client_id = @client_id if isempty?(client_id) secret = @secret if isempty?(secret) refresh_token = token['refresh_token'] if refresh_token.empty? payload = { 'client_id' => client_id, 'client_secret' => secret, 'refresh_token' => refresh_token, 'grant_type' => 'refresh_token' } mount_request_token(payload) end |
.get_token_introspection(token = '', client_id = '', secret = '', introspection_endpoint = '') ⇒ Object
183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 |
# File 'lib/keycloak.rb', line 183 def self.get_token_introspection(token = '', client_id = '', secret = '', introspection_endpoint = '') verify_setup client_id = @client_id if isempty?(client_id) secret = @secret if isempty?(secret) token = self.token['access_token'] if isempty?(token) introspection_endpoint = @configuration['introspection_endpoint'] if isempty?(introspection_endpoint) payload = { 'token' => token } = Base64.strict_encode64("#{client_id}:#{secret}") = "Basic #{}" header = { 'Content-Type' => 'application/x-www-form-urlencoded', 'authorization' => } _request = -> do RestClient.post(introspection_endpoint, payload, header){|response, request, result| case response.code when 200..399 response.body else response.return! end } end exec_request _request end |
.get_userinfo(access_token = '', userinfo_endpoint = '') ⇒ Object
264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 |
# File 'lib/keycloak.rb', line 264 def self.get_userinfo(access_token = '', userinfo_endpoint = '') verify_setup access_token = self.token['access_token'] if access_token.empty? userinfo_endpoint = @configuration['userinfo_endpoint'] if isempty?(userinfo_endpoint) payload = { 'access_token' => access_token } header = { 'Content-Type' => 'application/x-www-form-urlencoded' } _request = -> do RestClient.post(userinfo_endpoint, payload, header){ |response, request, result| case response.code when 200 response.body else response.return! end } end exec_request _request end |
.get_userinfo_issuer(access_token = '', userinfo_endpoint = '') ⇒ Object
138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 |
# File 'lib/keycloak.rb', line 138 def self.get_userinfo_issuer(access_token = '', userinfo_endpoint = '') verify_setup userinfo_endpoint = @configuration['userinfo_endpoint'] if isempty?(userinfo_endpoint) access_token = self.token["access_token"] if access_token.empty? payload = { 'access_token' => access_token } header = { 'Content-Type' => 'application/x-www-form-urlencoded' } _request = -> do RestClient.post(userinfo_endpoint, payload, header){ |response, request, result| response.body } end exec_request _request end |
.has_role?(user_role, access_token = '', client_id = '', secret = '', introspection_endpoint = '') ⇒ Boolean
294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 |
# File 'lib/keycloak.rb', line 294 def self.has_role?(user_role, access_token = '', client_id = '', secret = '', introspection_endpoint = '') verify_setup client_id = @client_id if isempty?(client_id) secret = @secret if isempty?(secret) introspection_endpoint = @configuration['introspection_endpoint'] if isempty?(introspection_endpoint) if !Keycloak.validate_token_when_call_has_role || user_signed_in?(access_token, client_id, secret, introspection_endpoint) dt = decoded_access_token(access_token)[0] dt = dt['resource_access'][client_id] unless dt.nil? dt['roles'].each do |role| return true if role.to_s == user_role.to_s end end end false end |
.logout(redirect_uri = '', refresh_token = '', client_id = '', secret = '', end_session_endpoint = '') ⇒ Object
225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 |
# File 'lib/keycloak.rb', line 225 def self.logout(redirect_uri = '', refresh_token = '', client_id = '', secret = '', end_session_endpoint = '') verify_setup if self.token || !refresh_token.empty? refresh_token = self.token['refresh_token'] if refresh_token.empty? client_id = @client_id if isempty?(client_id) secret = @secret if isempty?(secret) end_session_endpoint = @configuration['end_session_endpoint'] if isempty?(end_session_endpoint) payload = { 'client_id' => client_id, 'client_secret' => secret, 'refresh_token' => refresh_token } header = { 'Content-Type' => 'application/x-www-form-urlencoded' } final_url = if redirect_uri.empty? end_session_endpoint else "#{end_session_endpoint}?#{URI.encode_www_form(redirect_uri: redirect_uri)}" end _request = -> do RestClient.post(final_url, payload, header){ |response, request, result| case response.code when 200..399 true else response.return! end } end exec_request _request else true end end |
.token ⇒ Object
338 339 340 341 342 343 344 |
# File 'lib/keycloak.rb', line 338 def self.token if !Keycloak..nil? JSON Keycloak..call else raise Keycloak::ProcCookieTokenNotDefined end end |
.url_login_redirect(redirect_uri, response_type = 'code', client_id = '', authorization_endpoint = '', scope: []) ⇒ Object
213 214 215 216 217 218 219 220 221 222 223 |
# File 'lib/keycloak.rb', line 213 def self.url_login_redirect(redirect_uri, response_type = 'code', client_id = '', = '', scope: []) verify_setup client_id = @client_id if isempty?(client_id) = @configuration['authorization_endpoint'] if isempty?() params = { response_type: response_type, client_id: client_id, redirect_uri: redirect_uri } params[:scope] = scope.join(',') if scope.any? encoded_uri = URI.encode_www_form(params) "#{}?#{encoded_uri}" end |
.url_user_account ⇒ Object
288 289 290 291 292 |
# File 'lib/keycloak.rb', line 288 def self.url_user_account verify_setup "#{@auth_server_url}/realms/#{@realm}/account" end |
.user_signed_in?(access_token = '', client_id = '', secret = '', introspection_endpoint = '') ⇒ Boolean
313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 |
# File 'lib/keycloak.rb', line 313 def self.user_signed_in?(access_token = '', client_id = '', secret = '', introspection_endpoint = '') verify_setup client_id = @client_id if isempty?(client_id) secret = @secret if isempty?(secret) introspection_endpoint = @configuration['introspection_endpoint'] if isempty?(introspection_endpoint) begin JSON(get_token_introspection(access_token, client_id, secret, introspection_endpoint))['active'] === true rescue => e if e.class < Keycloak::KeycloakException raise else false end end end |