Module: Riddl::Utils::OAuth2::Helper

Defined in:

lib/ruby/riddl/utils/oauth2-helper.rb

Defined Under Namespace

Modules: Tokens

Class Method Summary

• .access_payload(client_id, dur) ⇒ Object

  }}}.

• .decrypt_with_shared_secret(data, secret) ⇒ Object

  }}}.

• .encrypt_with_shared_secret(data, secret) ⇒ Object

  }}}.

• .generate_access_token(client_id, secret, dur) ⇒ Object

  }}}.

• .generate_optimistic_token(client_id, secret, adur, rdur) ⇒ Object

  }}}.

• .generate_refresh_token(client_id, secret, dur) ⇒ Object

  }}}.

• .header ⇒ Object

  }}}.

• .nonce ⇒ Object

  }}}.

• .refresh_payload(client_id, dur) ⇒ Object

  }}}.

• .sign(secret, what) ⇒ Object

  }}}.

Class Method Details

.access_payload(client_id, dur) ⇒ Object

}}}

# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 132

def self::access_payload(client_id, dur) #{{{
  {
    :iss => client_id,
    :sub => nonce,
    :aud => client_id,
    :exp => Time.now.to_i + dur
  }.to_json
end

.decrypt_with_shared_secret(data, secret) ⇒ Object

}}}

# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 174

def self::decrypt_with_shared_secret(data, secret) #{{{
  # extract initialization vector from encrypted data for further shenanigans
  iv, encr = data[0...16], data[16..-1]

  decipher = OpenSSL::Cipher::Cipher.new 'aes-256-cbc'
  decipher.decrypt

  decipher.key = Digest::SHA256.hexdigest(secret)[0...32]
  decipher.iv = iv

  decipher.update(encr) + decipher.final rescue nil
end

.encrypt_with_shared_secret(data, secret) ⇒ Object

}}}

# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 186

def self::encrypt_with_shared_secret(data, secret) #{{{
  cipher = OpenSSL::Cipher::Cipher.new 'aes-256-cbc'
  cipher.encrypt

  key = Digest::SHA256.hexdigest secret
  iv = cipher.random_iv
  cipher.key = key
  cipher.iv = iv

  Base64::urlsafe_encode64(iv + cipher.update(data) + cipher.final) rescue nil
end

.generate_access_token(client_id, secret, dur) ⇒ Object

}}}

# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 157

def self::generate_access_token(client_id, secret, dur)# {{{
  h = Base64::urlsafe_encode64 header
  p = Base64::urlsafe_encode64 access_payload(client_id,dur)
  s = sign(secret, "#{h}.#{p}")
  "#{h}.#{p}.#{s}"
end

.generate_optimistic_token(client_id, secret, adur, rdur) ⇒ Object

}}}

# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 168

def self::generate_optimistic_token(client_id, secret, adur, rdur) #{{{
  t = generate_access_token(client_id, secret, adur)
  r = generate_refresh_token(client_id, secret, rdur)
  [t, r]
end

.generate_refresh_token(client_id, secret, dur) ⇒ Object

}}}

# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 163

def self::generate_refresh_token(client_id, secret, dur) # {{{
  p = Base64::urlsafe_encode64 refresh_payload(client_id,dur)
  s = sign(secret, p)
  "#{p}.#{s}"
end

.header ⇒ Object

}}}

# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 125

def self::header #{{{
  {
    :alg => 'HS256',
    :typ => 'JWT'
  }.to_json
end

.nonce ⇒ Object

}}}

# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 149

def self::nonce #{{{
  SecureRandom::hex(32)
end

.refresh_payload(client_id, dur) ⇒ Object

}}}

# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 141

def self::refresh_payload(client_id, dur) #{{{
  {
    :iss => client_id,
    :sub => nonce,
    :exp => Time.now.to_i + dur
  }.to_json
end

.sign(secret, what) ⇒ Object

}}}

# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 153

def self::sign(secret, what) #{{{
  Base64::urlsafe_encode64 OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), secret, what)
end