Class: OmniAuth::Strategies::OIDC
- Inherits:
-
Object
- Object
- OmniAuth::Strategies::OIDC
- Includes:
- OmniAuth::Strategy
- Defined in:
- lib/omniauth/strategies/oidc.rb
Defined Under Namespace
Classes: CallbackError
Instance Method Summary collapse
- #access_token ⇒ Object
- #authorize_uri ⇒ Object
- #callback_phase ⇒ Object
- #client ⇒ Object
- #config ⇒ Object
- #decode_id_token(id_token) ⇒ Object
- #discover! ⇒ Object
- #generate_nonce ⇒ Object
- #generate_state ⇒ Object
- #request_phase ⇒ Object
- #session ⇒ Object
- #stored_nonce ⇒ Object
- #stored_state ⇒ Object
- #user_info ⇒ Object
Instance Method Details
#access_token ⇒ Object
129 130 131 132 133 134 135 136 137 138 139 140 |
# File 'lib/omniauth/strategies/oidc.rb', line 129 def access_token @access_token ||= client.access_token!( scope: .scope, client_auth_method: .client_auth_method ).tap do |access_token| decode_id_token(access_token.id_token).verify!( issuer: .issuer, client_id: ..identifier, nonce: stored_nonce ) end end |
#authorize_uri ⇒ Object
113 114 115 116 117 118 119 120 121 122 123 |
# File 'lib/omniauth/strategies/oidc.rb', line 113 def client.redirect_uri = ..redirect_uri client.({ response_type: .response_type, response_mode: .response_mode, scope: .scope, state: generate_state, nonce: generate_nonce, prompt: .prompt }) end |
#callback_phase ⇒ Object
76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
# File 'lib/omniauth/strategies/oidc.rb', line 76 def callback_phase error = request.params['error_reason'] || request.params['error'] if error raise CallbackError.new(request.params['error'], request.params['error_description'] || request.params['error_reason'], request.params['error_uri']) elsif request.params['state'].to_s.empty? || request.params['state'] != stored_state return Rack::Response.new(['401 Unauthorized'], 401).finish else .issuer = issuer if .issuer.blank? discover! if .discovery client. = request.params[.response_type.to_s] client.redirect_uri = ..redirect_uri access_token super end rescue CallbackError => e fail!(:invalid_credentials, e) rescue ::Timeout::Error, ::Errno::ETIMEDOUT => e fail!(:timeout, e) rescue ::SocketError => e fail!(:failed_to_connect, e) end |
#client ⇒ Object
98 99 100 |
# File 'lib/omniauth/strategies/oidc.rb', line 98 def client @client ||= OpenIDConnect::Client.new(.) end |
#config ⇒ Object
102 103 104 |
# File 'lib/omniauth/strategies/oidc.rb', line 102 def config @config ||= OpenIDConnect::Discovery::Provider::Config.discover!(.issuer) end |
#decode_id_token(id_token) ⇒ Object
142 143 144 |
# File 'lib/omniauth/strategies/oidc.rb', line 142 def decode_id_token(id_token) OpenIDConnect::ResponseObject::IdToken.decode(id_token, config.jwks) end |
#discover! ⇒ Object
106 107 108 109 110 111 |
# File 'lib/omniauth/strategies/oidc.rb', line 106 def discover! .. = config. ..token_endpoint = config.token_endpoint ..userinfo_endpoint = config.userinfo_endpoint ..jwks_uri = config.jwks_uri end |
#generate_nonce ⇒ Object
146 147 148 |
# File 'lib/omniauth/strategies/oidc.rb', line 146 def generate_nonce session['omniauth.nonce'] = SecureRandom.hex[16] end |
#generate_state ⇒ Object
154 155 156 |
# File 'lib/omniauth/strategies/oidc.rb', line 154 def generate_state session['omniauth.state'] = SecureRandom.hex[16] end |
#request_phase ⇒ Object
70 71 72 73 74 |
# File 'lib/omniauth/strategies/oidc.rb', line 70 def request_phase .issuer = issuer if .issuer.blank? discover! if .discovery redirect end |
#session ⇒ Object
162 163 164 |
# File 'lib/omniauth/strategies/oidc.rb', line 162 def session @env.nil? ? {} : super end |
#stored_nonce ⇒ Object
150 151 152 |
# File 'lib/omniauth/strategies/oidc.rb', line 150 def stored_nonce session.delete('omniauth.nonce') end |
#stored_state ⇒ Object
158 159 160 |
# File 'lib/omniauth/strategies/oidc.rb', line 158 def stored_state session.delete('omniauth.state') end |
#user_info ⇒ Object
125 126 127 |
# File 'lib/omniauth/strategies/oidc.rb', line 125 def user_info @user_info ||= access_token.userinfo! end |