Class: OCI::Auth::FederationClient
- Inherits:
-
Object
- Object
- OCI::Auth::FederationClient
- Defined in:
- lib/oci/auth/federation_client.rb
Overview
A client which can be used to retrieve a token from Auth Service. It needs the following supplied to it:
* The endpoint for Auth Service
* Our tenancy OCID
* A session key supplier so that we can send its public key as part of the token request. The private key in the session key supplier should be used to sign all requests made with the token
* The certificate (via leaf_certificate_supplier) which will be used to sign the requests to Auth Service.
Optionally, intermediate certificates (if present) can be supplied as part of the request to Auth Service.
The client has knowledge of its last requested token and can re-request the token if it is expired (otherwise it will vend the last requested token if it is not expired).
Instance Attribute Summary collapse
-
#session_key_supplier ⇒ OCI::Auth::SessionKeySupplier
readonly
A supplier which vends a private and public key for signing token requests to Auth Service.
Instance Method Summary collapse
-
#initialize(federation_endpoint, tenancy_id, session_key_supplier, leaf_certificate_supplier, intermediate_certificate_suppliers: [], cert_bundle_path: nil) ⇒ FederationClient
constructor
Creates a new FederationClient.
-
#security_token ⇒ String
Retrieves the security token held by the client.
-
#security_token! ⇒ String
Retrieves a security token, but always asks Auth Service for a new token, regardless of whether or not the previously requested token is still valid.
Constructor Details
#initialize(federation_endpoint, tenancy_id, session_key_supplier, leaf_certificate_supplier, intermediate_certificate_suppliers: [], cert_bundle_path: nil) ⇒ FederationClient
Creates a new FederationClient
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
# File 'lib/oci/auth/federation_client.rb', line 39 def initialize(federation_endpoint, tenancy_id, session_key_supplier, leaf_certificate_supplier, intermediate_certificate_suppliers: [], cert_bundle_path: nil) @federation_endpoint = federation_endpoint uri = URI(@federation_endpoint) @federation_http_client = Net::HTTP.new(uri.hostname, uri.port) @federation_http_client.use_ssl = (uri.scheme == 'https') @federation_http_client.ca_file = cert_bundle_path if cert_bundle_path @tenancy_id = tenancy_id @session_key_supplier = session_key_supplier @leaf_certificate_supplier = leaf_certificate_supplier @intermediate_certificate_suppliers = intermediate_certificate_suppliers @refresh_lock = Mutex.new @security_token = nil end |
Instance Attribute Details
#session_key_supplier ⇒ OCI::Auth::SessionKeySupplier (readonly)
A supplier which vends a private and public key for signing token requests to Auth Service. The public key will be sent as part of the token request and the private key should be used to sign all requests made with the token vended by this client
27 28 29 |
# File 'lib/oci/auth/federation_client.rb', line 27 def session_key_supplier @session_key_supplier end |
Instance Method Details
#security_token ⇒ String
Retrieves the security token held by the client. If the previously retrieved token is still valid, it is vended rather than making another request
67 68 69 70 71 |
# File 'lib/oci/auth/federation_client.rb', line 67 def security_token return @security_token.security_token if @security_token && @security_token.token_valid? refresh_security_token_inner end |
#security_token! ⇒ String
Retrieves a security token, but always asks Auth Service for a new token, regardless of whether or not the previously requested token is still valid
60 61 62 |
# File 'lib/oci/auth/federation_client.rb', line 60 def security_token! refresh_security_token_inner end |