Class: OAuth2::Strategy::Assertion

Inherits:
Base
  • Object
show all
Defined in:
lib/oauth2/strategy/assertion.rb

Overview

The Client Assertion Strategy

Sample usage:

client = OAuth2::Client.new(client_id, client_secret,
                            :site => 'http://localhost:8080')

params = {:hmac_secret => "some secret",
          # or :private_key => "private key string",
          :iss => "http://localhost:3001",
          :prn => "[email protected]",
          :exp => Time.now.utc.to_i + 3600}

access = client.assertion.get_token(params)
access.token                 # actual access_token string
access.get("/api/stuff")     # making api calls with access token in header

Instance Method Summary collapse

Methods inherited from Base

#client_params, #initialize

Constructor Details

This class inherits a constructor from OAuth2::Strategy::Base

Instance Method Details

#authorize_urlObject

Not used for this strategy

Raises:

  • (NotImplementedError)


28
29
30
# File 'lib/oauth2/strategy/assertion.rb', line 28

def authorize_url
  raise NotImplementedError, "The authorization endpoint is not used in this strategy"
end

#build_assertion(params) ⇒ Object



60
61
62
63
64
65
66
67
68
69
70
71
# File 'lib/oauth2/strategy/assertion.rb', line 60

def build_assertion(params)
  claims = {:iss => params[:iss],
            :aud => params[:aud],
            :prn => params[:prn],
            :exp => params[:exp]
           }
  if params[:hmac_secret]
    jwt_assertion = JWT.encode(claims, params[:hmac_secret], "HS256")
  elsif params[:private_key]
    jwt_assertion = JWT.encode(claims, params[:private_key], "RS256")
  end
end

#build_request(params) ⇒ Object



51
52
53
54
55
56
57
58
# File 'lib/oauth2/strategy/assertion.rb', line 51

def build_request(params)
  assertion = build_assertion(params)
  {:grant_type     => "assertion", 
   :assertion_type => "urn:ietf:params:oauth:grant-type:jwt-bearer",
   :assertion      => assertion,
   :scope          => params[:scope]
  }.merge(client_params)
end

#get_token(params = {}, opts = {}) ⇒ Object

Retrieve an access token given the specified client.

pass either :hmac_secret or :private_key, but not both.

params :hmac_secret, secret string.
params :private_key, private key string.

params :iss, issuer
params :aud, audience, optional
params :prn, principal, current user
params :exp, expired at, in seconds, like Time.now.utc.to_i + 3600

Parameters:

  • params (Hash) (defaults to: {})

    assertion params

  • opts (Hash) (defaults to: {})

    options



46
47
48
49
# File 'lib/oauth2/strategy/assertion.rb', line 46

def get_token(params={}, opts={})
  hash = build_request(params)
  @client.get_token(hash, opts.merge('refresh_token' => nil))
end