Module: OmniauthOpenidFederation

Defined in:: lib/omniauth_openid_federation.rb,
lib/omniauth_openid_federation.rb,
lib/omniauth_openid_federation/jws.rb,
lib/omniauth_openid_federation/cache.rb,
lib/omniauth_openid_federation/utils.rb,
lib/omniauth_openid_federation/engine.rb,
lib/omniauth_openid_federation/errors.rb,
lib/omniauth_openid_federation/logger.rb,
lib/omniauth_openid_federation/railtie.rb,
lib/omniauth_openid_federation/version.rb,
lib/omniauth_openid_federation/constants.rb,
lib/omniauth_openid_federation/jwks/cache.rb,
lib/omniauth_openid_federation/jwks/fetch.rb,
lib/omniauth_openid_federation/validators.rb,
lib/omniauth_openid_federation/http_client.rb,
lib/omniauth_openid_federation/jwks/decode.rb,
lib/omniauth_openid_federation/jwks/rotate.rb,
lib/omniauth_openid_federation/rate_limiter.rb,
lib/omniauth_openid_federation/tasks_helper.rb,
lib/omniauth_openid_federation/time_helpers.rb,
lib/omniauth_openid_federation/cache_adapter.rb,
lib/omniauth_openid_federation/configuration.rb,
lib/omniauth_openid_federation/jwks/selector.rb,
lib/omniauth_openid_federation/key_extractor.rb,
lib/omniauth_openid_federation/rack_endpoint.rb,
lib/omniauth_openid_federation/string_helpers.rb,
lib/omniauth_openid_federation/instrumentation.rb,
lib/omniauth_openid_federation/jwks/normalizer.rb,
lib/omniauth_openid_federation/endpoint_resolver.rb,
lib/omniauth_openid_federation/federation_endpoint.rb,
lib/omniauth_openid_federation/federation/signed_jwks.rb,
lib/omniauth_openid_federation/entity_statement_reader.rb,
lib/omniauth_openid_federation/federation/entity_statement.rb,
lib/omniauth_openid_federation/federation/trust_chain_resolver.rb,
app/controllers/omniauth_openid_federation/federation_controller.rb,
lib/omniauth_openid_federation/federation/metadata_policy_merger.rb,
lib/omniauth_openid_federation/federation/entity_statement_helper.rb,
lib/omniauth_openid_federation/federation/entity_statement_parser.rb,
lib/omniauth_openid_federation/federation/entity_statement_builder.rb,
lib/omniauth_openid_federation/federation/entity_statement_fetcher.rb,
lib/omniauth_openid_federation/federation/entity_statement_validator.rb

Overview

Entity Statement Validator for OpenID Federation 1.0 Implements all required validation steps from OpenID Federation 1.0 Section 3.2.1. Entity Statements MUST be validated in the following manner per the specification.

Examples:

Validate an entity statement

validator = EntityStatementValidator.new(
  jwt_string: entity_statement_jwt,
  issuer_entity_configuration: issuer_config  # Optional, for Subordinate Statement validation
)
validator.validate!

Defined Under Namespace

Modules: Cache, Constants, Federation, Instrumentation, Jwks, RateLimiter, StringHelpers, TasksHelper, TimeHelpers, Utils, Validators Classes: CacheAdapter, Configuration, ConfigurationError, DecryptionError, EncryptionError, EndpointResolver, Engine, EntityStatementReader, Error, FederationController, FederationEndpoint, FetchError, HttpClient, Jws, KeyExtractor, KeyRelatedError, KeyRelatedValidationError, Logger, NetworkError, RackEndpoint, Railtie, SecurityError, SignatureError, ValidationError

Constant Summary collapse

VERSION =

"1.3.2".freeze

Class Method Summary collapse

.config ⇒ Configuration

Get the global configuration.
.configure {|config| ... } ⇒ Object

Configure the gem.
.rotate_jwks(jwks_uri, entity_statement_path: nil) ⇒ Hash

Rotate JWKS cache for a provider This is useful for background jobs to proactively refresh keys.

Class Method Details

.config ⇒ `Configuration`

Get the global configuration

Returns:

(Configuration) —

The configuration instance



24
25
26

# File 'lib/omniauth_openid_federation.rb', line 24

def self.config
  Configuration.config
end

.configure {|config| ... } ⇒ `Object`

Configure the gem

Examples:

OmniauthOpenidFederation.configure do |config|
  config.verify_ssl = false # Only for development
  config.cache_ttl = 3600
end

Yields:

(config) —

Yields the configuration object

# File 'lib/omniauth_openid_federation.rb', line 16

def self.configure
  yield(Configuration.config) if block_given?
  Configuration.config
end

.rotate_jwks(jwks_uri, entity_statement_path: nil) ⇒ `Hash`

Rotate JWKS cache for a provider This is useful for background jobs to proactively refresh keys

Examples:

# Rotate JWKS for a provider
OmniauthOpenidFederation.rotate_jwks(
  "https://provider.example.com/.well-known/jwks.json",
  entity_statement_path: "config/provider-entity-statement.jwt"
)

Parameters:

jwks_uri (String) —

The JWKS URI to refresh
entity_statement_path (String, nil) (defaults to: nil) —

Path to entity statement file (optional)

Returns:

(Hash) —

The refreshed JWKS hash

Raises:

(FetchError) —

If fetching fails
(ValidationError) —

If validation fails



81
82
83

# File 'lib/omniauth_openid_federation.rb', line 81

def self.rotate_jwks(jwks_uri, entity_statement_path: nil)
  Jwks::Rotate.run(jwks_uri, entity_statement_path: entity_statement_path)
end

Module: OmniauthOpenidFederation

Overview

Examples:

Validate an entity statement

Defined Under Namespace

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.config ⇒ Configuration

.configure {|config| ... } ⇒ Object

Examples:

.rotate_jwks(jwks_uri, entity_statement_path: nil) ⇒ Hash

Examples:

.config ⇒ `Configuration`

.configure {|config| ... } ⇒ `Object`

.rotate_jwks(jwks_uri, entity_statement_path: nil) ⇒ `Hash`