Class: OmniAuth::Strategies::Okta

Inherits:

OAuth2

Object
OAuth2
OmniAuth::Strategies::Okta

show all

Defined in:: lib/omniauth/strategies/okta.rb

Constant Summary collapse

DEFAULT_SCOPE =

%{openid profile email}.freeze

Instance Method Summary collapse

#authorization_server_audience ⇒ String

Specifies the audience for the authorization server.
#authorization_server_path ⇒ String

Returns the qualified URL for the authorization server.
#callback_url ⇒ Object
#client_options ⇒ Object
#id_token ⇒ Object
#raw_info ⇒ Object
#validated_token(token) ⇒ Object

Instance Method Details

#authorization_server_audience ⇒ `String`

Specifies the audience for the authorization server

By default, this is ‘default’. If using a custom authorization server, this will need to be set

Returns:

(String)



92
93
94

# File 'lib/omniauth/strategies/okta.rb', line 92

def authorization_server_audience
  client_options.fetch(:audience, 'default')
end

#authorization_server_path ⇒ `String`

Returns the qualified URL for the authorization server

This is necessary in the case where there is a custom authorization server.

Okta provides a default, by default.

Returns:

(String)

# File 'lib/omniauth/strategies/okta.rb', line 79

def authorization_server_path
  site                 = client_options.fetch(:site)
  authorization_server = client_options.fetch(:authorization_server, 'default')

  "#{site}/oauth2/#{authorization_server}"
end

#callback_url ⇒ `Object`



62
63
64

# File 'lib/omniauth/strategies/okta.rb', line 62

def callback_url
  options[:redirect_uri] || (full_host + callback_path)
end

#client_options ⇒ `Object`



52
53
54

# File 'lib/omniauth/strategies/okta.rb', line 52

def client_options
  options.fetch(:client_options)
end

#id_token ⇒ `Object`

# File 'lib/omniauth/strategies/okta.rb', line 66

def id_token
  return if access_token.nil?

  access_token['id_token']
end

#raw_info ⇒ `Object`

# File 'lib/omniauth/strategies/okta.rb', line 56

def raw_info
  @_raw_info ||= access_token.get(client_options.fetch(:user_info_url)).parsed || {}
rescue ::Errno::ETIMEDOUT
  raise ::Timeout::Error
end

#validated_token(token) ⇒ `Object`

# File 'lib/omniauth/strategies/okta.rb', line 96

def validated_token(token)
  JWT.decode(token,
             nil,
             false,
             verify_iss:        true,
             verify_aud:        true,
             iss:               authorization_server_path,
             aud:               authorization_server_audience,
             verify_sub:        true,
             verify_expiration: true,
             verify_not_before: true,
             verify_iat:        true,
             verify_jti:        false,
             leeway:            options[:jwt_leeway]
  ).first
end

Class: OmniAuth::Strategies::Okta

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#authorization_server_audience ⇒ String

#authorization_server_path ⇒ String

#callback_url ⇒ Object

#client_options ⇒ Object

#id_token ⇒ Object

#raw_info ⇒ Object