Class: IAMSSOeOAuth::Service

Inherits:

Common::Client::Base

• Object
• Common::Client::Base
• IAMSSOeOAuth::Service

Defined in:

lib/iam_ssoe_oauth/service.rb

Overview

Class used to connect to IAM’s SSOe Oauth service which validates tokens and given a valid token returns a set of user traits. ://dvagov.sharepoint.com/sites/OITEPMOIA/playbooks/Pages/OAuth/OAuth.aspx

Examples:

create a new instance and call the introspect endpoint

token = 'ypXeAwQedpmAy5xFD2u5'
service = IAMSSOeOAuth::Service.new
response = service.post_introspect(token)

Constant Summary

CLIENT_ID =

Settings.iam_ssoe.client_id

TOKEN_TYPE_HINT =

'access_token'

INTROSPECT_PATH =

'/oauthe/sps/oauth/oauth20/introspect'

Instance Method Summary

• #encoded_params(token) ⇒ Object private
• #inactive?(response) ⇒ Boolean private
• #post_introspect(token) ⇒ Object

  Validate a user’s auth token and returns either valid active response with a set of user traits or raise’s an unauthorized error if the response comes back as invalid.

• #remap_error(e) ⇒ Object private

Methods inherited from Common::Client::Base

#config, configuration, #connection, #delete, #get, #perform, #post, #put, #raise_backend_exception, #raise_not_authenticated, #request, #sanitize_headers!, #service_name

Methods included from SentryLogging

#log_exception_to_sentry, #log_message_to_sentry, #non_nil_hash?, #normalize_level, #rails_logger, #set_sentry_metadata

Instance Method Details

#encoded_params(token) ⇒ Object (private)

# File 'lib/iam_ssoe_oauth/service.rb', line 44

def encoded_params(token)
  URI.encode_www_form(
    {
      client_id: CLIENT_ID,
      token:,
      token_type_hint: TOKEN_TYPE_HINT
    }
  )
end

#inactive?(response) ⇒ Boolean (private)

Returns:

• (Boolean)

# File 'lib/iam_ssoe_oauth/service.rb', line 54

def inactive?(response)
  !response.body[:active]
end

#post_introspect(token) ⇒ Object

Validate a user’s auth token and returns either valid active response with a set of user traits or raise’s an unauthorized error if the response comes back as invalid. ://dvagov.sharepoint.com/sites/OITEPMOIA/playbooks/Pages/OAuth/OAuth Example - Introspect.aspx

Returns:

• Hash active user traits

# File 'lib/iam_ssoe_oauth/service.rb', line 31

def post_introspect(token)
  response = perform(
    :post, INTROSPECT_PATH, encoded_params(token), { 'Content-Type' => 'application/x-www-form-urlencoded' }
  )
  raise Common::Exceptions::Unauthorized, detail: 'IAM user session is inactive' if inactive?(response)

  response.body
rescue Common::Client::Errors::ClientError => e
  remap_error(e)
end

#remap_error(e) ⇒ Object (private)

# File 'lib/iam_ssoe_oauth/service.rb', line 58

def remap_error(e)
  case e.status
  when 400
    raise Common::Exceptions::BackendServiceException.new('IAM_SSOE_400', detail: e.body)
  when 500
    raise Common::Exceptions::BackendServiceException, 'IAM_SSOE_502'
  else
    raise e
  end
end