Class: KeycloakRails::User

Inherits:

Object

• Object
• KeycloakRails::User

Defined in:

lib/keycloak_rails/user.rb

Overview

User lvl access to sso server established session_token after auth with username and password min perms

Instance Method Summary

• #access_token ⇒ Object

  private.

• #active_user_sub ⇒ Object
• #decode(token) ⇒ Object
• #decode_active_user_sub ⇒ Object

  gets user sub by decoding the session_cookie.

• #decoded_access_token ⇒ Object
• #decoded_refresh_token ⇒ Object
• #end_session(redirect_uri) ⇒ Object
• #fetch_active_user_sub ⇒ Object

  gets user sub by making an api call to auth server.

• #fetch_current_user_info ⇒ Object
• #fetch_tokens(email:, password:, otp_password: nil) ⇒ Object
• #fetch_tokens_by_handshake(code:, redirect_uri:) ⇒ Object
• #initialize ⇒ User constructor

  A new instance of User.

Constructor Details

#initialize ⇒ User

Returns a new instance of User.

# File 'lib/keycloak_rails/user.rb', line 7

def initialize
  @curl = KeycloakRails::Curl.new
end

Instance Method Details

#access_token ⇒ Object

private

# File 'lib/keycloak_rails/user.rb', line 75

def access_token
  KeycloakRails.current_session_cookie
end

#active_user_sub ⇒ Object

# File 'lib/keycloak_rails/user.rb', line 64

def active_user_sub
  return unless access_token

  case KeycloakRails.decode_token_strategy
  when :local then decode_active_user_sub
  when :cloud then fetch_active_user_sub
  end
end

#decode(token) ⇒ Object

# File 'lib/keycloak_rails/user.rb', line 87

def decode(token)
  JWT.decode token, KeycloakRails.public_key, false, { algorithm: KeycloakRails.signature_algo }
end

#decode_active_user_sub ⇒ Object

gets user sub by decoding the session_cookie

# File 'lib/keycloak_rails/user.rb', line 60

def decode_active_user_sub
  decoded_access_token.first['sub']
end

#decoded_access_token ⇒ Object

# File 'lib/keycloak_rails/user.rb', line 79

def decoded_access_token
  decode(access_token)
end

#decoded_refresh_token ⇒ Object

# File 'lib/keycloak_rails/user.rb', line 83

def decoded_refresh_token
  decode(refresh_token)
end

#end_session(redirect_uri) ⇒ Object

Raises:

• (StandardError)

# File 'lib/keycloak_rails/user.rb', line 42

def end_session(redirect_uri)
  request = @curl.post(path: KeycloakRails.openid_config['end_session_endpoint'],
                       headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
                       body: { 'client_id': KeycloakRails.client_id,
                               'client_secret': KeycloakRails.secret,
                               'refresh_token': KeycloakRails.current_refresh_cookie,
                               'post_logout_redirect_uri': redirect_uri })
  raise StandardError, request[:response] unless request[:status] == :ok

  request[:response]
end

#fetch_active_user_sub ⇒ Object

gets user sub by making an api call to auth server

# File 'lib/keycloak_rails/user.rb', line 55

def fetch_active_user_sub
  fetch_current_user_info['sub']
end

#fetch_current_user_info ⇒ Object

Raises:

• (StandardError)

# File 'lib/keycloak_rails/user.rb', line 33

def fetch_current_user_info
  request = @curl.post(path: KeycloakRails.openid_config['userinfo_endpoint'],
                       headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
                       body: { access_token: access_token })
  raise StandardError, request[:response] unless request[:status] == :ok

  request[:response]
end

#fetch_tokens(email:, password:, otp_password: nil) ⇒ Object

Raises:

• (StandardError)

# File 'lib/keycloak_rails/user.rb', line 11

def fetch_tokens(email:, password:, otp_password: nil)
  request = @curl.post(path: KeycloakRails.openid_config['token_endpoint'],
                       headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
                       body: { 'grant_type': 'password', 'client_id': KeycloakRails.client_id,
                               'client_secret': KeycloakRails.secret, 'username': email,
                               'password': password }.merge((otp_password ? { 'totp': otp_password } : {})))
  raise StandardError, request[:response] unless request[:status] == :ok

  request[:response]
end

#fetch_tokens_by_handshake(code:, redirect_uri:) ⇒ Object

Raises:

• (StandardError)

# File 'lib/keycloak_rails/user.rb', line 22

def fetch_tokens_by_handshake(code:, redirect_uri:)
  request = @curl.post(path: KeycloakRails.openid_config['token_endpoint'],
                       headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
                       body: { 'grant_type': 'authorization_code', 'client_id': KeycloakRails.client_id,
                               'client_secret': KeycloakRails.secret, code: code,
                               "redirect_uri": redirect_uri })
  raise StandardError, request[:response] unless request[:status] == :ok

  request[:response]
end