Class: OmniAuth::Strategies::PracticeFusion

Inherits:

OAuth2

• Object
• OAuth2
• OmniAuth::Strategies::PracticeFusion

Defined in:

lib/omniauth/strategies/practicefusion.rb

Instance Method Summary

• #authorize_params ⇒ Object

  add the ‘authCookie’ parameter to the outbound request the ‘state’ parameter becomes an encrypted JWT of the session.

• #callback_phase ⇒ Object

  override the callback_phase so we can validate the state token signature.

• #callback_url ⇒ Object

  override callback_url so we don’t include query parameters See github.com/intridea/omniauth-oauth2/issues/81 for more details.

• #raw_info ⇒ Object
• #session ⇒ Object

  instead of using the session store, just collect into a hash.

• #session=(obj) ⇒ Object

Instance Method Details

#authorize_params ⇒ Object

add the ‘authCookie’ parameter to the outbound request the ‘state’ parameter becomes an encrypted JWT of the session

# File 'lib/omniauth/strategies/practicefusion.rb', line 64

def authorize_params
  super.merge(session['omniauth.params'].slice('authCookie')).tap do |authz_params|
    # so omniauth decided (in their infinite wisdom) that instead of setting the
    # omniauth.origin parameter using their session method, they were gonna access
    # env['rack.session'] directly, so we need to pull that out into the session
    session['omniauth.origin'] = env['rack.session']['omniauth.origin']
    authz_params[:state] = JWT.encode(session, options.client_secret)
  end
end

#callback_phase ⇒ Object

override the callback_phase so we can validate the state token signature

# File 'lib/omniauth/strategies/practicefusion.rb', line 75

def callback_phase
  # If decode_state_parameter returns the correct state token, then
  #   request.params['state'] == session['omniauth.state']
  # which passes the CSRF check of omniauth-oauth2

  # If decode_state_parameter returns nil, then this is true:
  #   request.params['state'].to_s.empty?
  # which fails the CSRF check of omniauth-oauth2
  request.params['state'] = decode_state_parameter

  # omniauth sets the environment up _before_ the callback_phase
  # begins, but we need to set it up after we've decoded the session
  @env['omniauth.origin'] = session.delete('omniauth.origin')
  @env['omniauth.origin'] = nil if env['omniauth.origin'] == ''
  @env['omniauth.params'] = session.delete('omniauth.params')

  # And now back to our regularly scheduled program
  super
end

#callback_url ⇒ Object

override callback_url so we don’t include query parameters See github.com/intridea/omniauth-oauth2/issues/81 for more details

# File 'lib/omniauth/strategies/practicefusion.rb', line 54

def callback_url
  full_host + script_name + callback_path
end

#raw_info ⇒ Object

# File 'lib/omniauth/strategies/practicefusion.rb', line 58

def raw_info
  @raw_info ||= access_token.get('/ehr/v1/users/me').parsed
end

#session ⇒ Object

instead of using the session store, just collect into a hash

# File 'lib/omniauth/strategies/practicefusion.rb', line 96

def session
  @fake_session ||= {}
end

#session=(obj) ⇒ Object

# File 'lib/omniauth/strategies/practicefusion.rb', line 100

def session=(obj)
  @fake_session = obj
end