Class: IAMSSOeOAuth::Service

Inherits:

Common::Client::Base

• Object
• Common::Client::Base
• IAMSSOeOAuth::Service

Defined in:

lib/iam_ssoe_oauth/service.rb

Overview

Class used to connect to IAM’s SSOe Oauth service which validates tokens and given a valid token returns a set of user traits. ://dvagov.sharepoint.com/sites/OITEPMOIA/playbooks/Pages/OAuth/OAuth.aspx

Examples:

create a new instance and call the introspect endpoint

token = 'ypXeAwQedpmAy5xFD2u5'
service = IAMSSOeOAuth::Service.new
response = service.post_introspect(token)

Constant Summary

CLIENT_ID =

Settings.iam_ssoe.client_id

TOKEN_TYPE_HINT =

'access_token'

INTROSPECT_PATH =

'/oauthe/sps/oauth/oauth20/introspect'

Instance Method Summary

• #post_introspect(token) ⇒ Object

  Validate a user’s auth token and returns either valid active response with a set of user traits or raise’s an unauthorized error if the response comes back as invalid.

Methods inherited from Common::Client::Base

configuration, #raise_backend_exception

Methods included from SentryLogging

#log_exception_to_sentry, #log_message_to_sentry, #non_nil_hash?, #normalize_level, #rails_logger

Instance Method Details

#post_introspect(token) ⇒ Object

Validate a user’s auth token and returns either valid active response with a set of user traits or raise’s an unauthorized error if the response comes back as invalid. ://dvagov.sharepoint.com/sites/OITEPMOIA/playbooks/Pages/OAuth/OAuth Example - Introspect.aspx

Returns:

• Hash active user traits

# File 'lib/iam_ssoe_oauth/service.rb', line 31

def post_introspect(token)
  response = perform(
    :post, INTROSPECT_PATH, encoded_params(token), { 'Content-Type' => 'application/x-www-form-urlencoded' }
  )
  raise Common::Exceptions::Unauthorized, detail: 'IAM user session is inactive' if inactive?(response)

  response.body
rescue Common::Client::Errors::ClientError => e
  remap_error(e)
end