Class: Api::OpenidConnect::TokenEndpoint

Inherits:
Object
  • Object
show all
Defined in:
lib/api/openid_connect/token_endpoint.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeTokenEndpoint

Returns a new instance of TokenEndpoint.


11
12
13
14
15
16
17
18
19
20
# File 'lib/api/openid_connect/token_endpoint.rb', line 11

def initialize
  @app = Rack::OAuth2::Server::Token.new do |req, res|
    o_auth_app = retrieve_client(req)
    if app_valid?(o_auth_app, req)
      handle_flows(req, res)
    else
      req.invalid_client!
    end
  end
end

Instance Attribute Details

#appObject

Returns the value of attribute app


8
9
10
# File 'lib/api/openid_connect/token_endpoint.rb', line 8

def app
  @app
end

Instance Method Details

#app_valid?(o_auth_app, req) ⇒ Boolean

Returns:

  • (Boolean)

55
56
57
# File 'lib/api/openid_connect/token_endpoint.rb', line 55

def app_valid?(o_auth_app, req)
  o_auth_app.try(:client_secret) == req.client_secret
end

#handle_flows(req, res) ⇒ Object


22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# File 'lib/api/openid_connect/token_endpoint.rb', line 22

def handle_flows(req, res)
  case req.grant_type
  when :refresh_token
    handle_refresh_flow(req, res)
  when :authorization_code
    auth = Api::OpenidConnect::Authorization.with_redirect_uri(req.redirect_uri).use_code(req.code)
    req.invalid_grant! if auth.blank?
    res.access_token = auth.create_access_token
    res.access_token.refresh_token = auth.refresh_token
    if auth.accessible? "openid"
      id_token = auth.create_id_token
      res.id_token = id_token.to_jwt(access_token: res.access_token)
    end
  else
    req.unsupported_grant_type!
  end
end

#handle_refresh_flow(req, res) ⇒ Object


40
41
42
43
44
45
46
47
48
49
# File 'lib/api/openid_connect/token_endpoint.rb', line 40

def handle_refresh_flow(req, res)
  # Handle as if scope request was omitted even if provided.
  # See https://tools.ietf.org/html/rfc6749#section-6 for handling
  auth = Api::OpenidConnect::Authorization.find_by_refresh_token req.client_id, req.refresh_token
  if auth
    res.access_token = auth.create_access_token
  else
    req.invalid_grant!
  end
end

#retrieve_client(req) ⇒ Object


51
52
53
# File 'lib/api/openid_connect/token_endpoint.rb', line 51

def retrieve_client(req)
  Api::OpenidConnect::OAuthApplication.find_by client_id: req.client_id
end