Module: Riddl::Utils::OAuth2::Helper

Defined in:
lib/ruby/riddl/utils/oauth2-helper.rb

Defined Under Namespace

Classes: Tokens

Class Method Summary collapse

Class Method Details

.decrypt_with_shared_secret(data, secret) ⇒ Object

}}}



110
111
112
113
114
115
116
117
118
119
120
121
 
# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 110

def self::decrypt_with_shared_secret(data, secret) #{{{
  # extract initialization vector from encrypted data for further shenanigans
  iv, encr = data[0...16], data[16..-1]

  decipher = OpenSSL::Cipher::Cipher.new 'aes-256-cbc'
  decipher.decrypt

  decipher.key = Digest::SHA256.hexdigest secret
  decipher.iv = iv

  decipher.update(encr) + decipher.final rescue nil
end

.encrypt_with_shared_secret(data, secret) ⇒ Object

}}}



122
123
124
125
126
127
128
129
130
131
132
 
# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 122

def self::encrypt_with_shared_secret(data, secret) #{{{
  cipher = OpenSSL::Cipher::Cipher.new 'aes-256-cbc'
  cipher.encrypt

  key = Digest::SHA256.hexdigest secret
  iv = cipher.random_iv
  cipher.key = key
  cipher.iv = iv

   Base64::urlsafe_encode64(iv + cipher.update(data) + cipher.final) rescue nil
end

.generate_optimistic_token(client_id, secret) ⇒ Object

}}}



104
105
106
107
108
 
# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 104

def self::generate_optimistic_token(client_id, secret) #{{{
  t = make_access_token(client_id, secret)
  r = make_refresh_token(client_id, secret)
  [t, r]
end

.headerObject

}}}



66
67
68
69
70
71
 
# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 66

def self::header #{{{
  {
    :alg => 'HS256',
    :typ => 'JWT'
  }.to_json
end

.make_access_token(client_id, secret) ⇒ Object

}}}



90
91
92
93
94
95
 
# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 90

def self::make_access_token(client_id, secret)# {{{
  h = Base64::urlsafe_encode64 header
  p = Base64::urlsafe_encode64 payload(client_id)
  s = sign(secret, "#{h}.#{p}")
  "#{h}.#{p}.#{s}"
end

.make_refresh_token(client_id, secret) ⇒ Object

}}}



96
97
98
99
100
101
102
103
 
# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 96

def self::make_refresh_token(client_id, secret) # {{{
  token = Base64::urlsafe_encode64({
    :iss => client_id,
    :sub => nonce,
    :exp => Time.now.to_i + 7.884e6
  }.to_json)
  "#{token}.#{sign(secret,token)}"
end

.nonceObject

}}}



73
74
75
 
# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 73

def self::nonce
  SecureRandom::hex(32)
end

.payload(client_id) ⇒ Object

{{{



77
78
79
80
81
82
83
84
 
# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 77

def self::payload(client_id) #{{{
  {
    :iss => client_id,
    :sub => nonce,
    :aud => client_id,
    :exp => Time.now.to_i + 3600
  }.to_json
end

.sign(secret, what) ⇒ Object

}}}



86
87
88
 
# File 'lib/ruby/riddl/utils/oauth2-helper.rb', line 86

def self::sign(secret, what) #{{{
  Base64::urlsafe_encode64 OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), secret, what)
end