Class: Masks::OpenID::Token

Inherits:
Object
  • Object
show all
Defined in:
app/models/masks/openid/token.rb

Overview

Implementation of the Token Endpoint in OIDC.

Technically speaking, this conforms to the rack interface so it can be used directly for managing requests for access tokens.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeToken

Returns a new instance of Token.



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'app/models/masks/openid/token.rb', line 14

def initialize
  @app =
    Rack::OAuth2::Server::Token.new do |req, res|
      client =
        Masks
          .configuration
          .model(:openid_client)
          .find_by(key: req.client_id) || req.invalid_client!
      client.secret == req.client_secret || req.invalid_client!
      client.grant_types.include?(req.grant_type.to_s) ||
        req.unsupported_grant_type!

      case req.grant_type
      when :client_credentials
        res.access_token = client.access_tokens.create!.to_bearer_token
      when :authorization_code
        authorization =
          client.authorizations.valid.where(code: req.code).first
        unless authorization&.valid_redirect_uri?(req.redirect_uri)
          req.invalid_grant!
        end
        access_token = authorization.access_token
        res.access_token = access_token.to_bearer_token

        if access_token.scope?("openid")
          res.id_token =
            access_token
              .actor
              .openid_id_tokens
              .create!(
                openid_client: access_token.openid_client,
                nonce: authorization.nonce
              )
              .to_jwt
        end
      else
        req.unsupported_grant_type!
      end
    end
end

Instance Attribute Details

#appObject

Returns the value of attribute app.



10
11
12
 
# File 'app/models/masks/openid/token.rb', line 10

def app
  @app
end