ibm_cloud_sdk_core 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9807ace911b05d47e8d13b72e7623c1ed2a68693cebec40f3d68f2f7d3e437ae
-  data.tar.gz: db29d041a1ab924b050e357ed6dfc64ed9f806a231fc82d4f48fc8342103adfe
+  metadata.gz: b18d557fd57fed55fa59dc6be40502ed3cd5cb5dd38927b1e0086191056412a1
+  data.tar.gz: 5d4a983f01f4d9eeaa10dc6970683048ef7b3a0996f9f6de43c1832f04618a4f
 SHA512:
-  metadata.gz: 7cd90962533f73d125c1ca06346fe4e49d775c43ef1a0b3cce2a974c389942b793301e98b4be532eaf3e566c2ef7f5737127c865736e322ac2a4f1fa2be92765
-  data.tar.gz: c271ba5ee551a6121af1f4c4a68b9c2a14ca91f5839cd15ed370b004836b1891fe75a67aed8caa9b4182c5c0bf7ff29024fcd105f6a5f3f688b34e7973dcf9e4
+  metadata.gz: 95eb85a507326b86317e5a3209e3086ce1e27f6a849d0d19148b83847da61d71227f12f66268f540b55d0c90c55e052739dc29eb8a86e331a9b783c43062e4ee
+  data.tar.gz: ca617c999050ed7e2dca0583e1d62ae018b898ec46feb021875c916433d390a351f1448fbb9d310baa57dc2dfda95ad889c205663ffe4619913a771305d46735

data/README.md

@@ -21,6 +21,19 @@ Inside of your Ruby program do:
 require "ibm_cloud_sdk_core"
 ```
 
+## Authentication Types
+There are several flavors of authentication supported in this package. To specify the intended authentication pattern to use, the user can pass in the parameter `authentication_type`. This parameter is optional, but it may become required in a future major release. The options for this parameter are `basic`, `iam`, and `icp4d`.
+
+ ### basic
+This indicates Basic Auth is to be used. Users will pass in a `username` and `password` and the SDK will generate a Basic Auth header to send with requests to the service.
+
+ ### iam
+This indicates that IAM token authentication is to be used. Users can pass in an `iam_apikey` or an `iam_access_token`. If an API key is used, the SDK will manage the token for the user. In either case, the SDK will generate a Bearer Auth header to send with requests to the service.
+
+ ### icp4d
+This indicates that the service is an instance of ICP4D, which has its own version of token authentication. Users can pass in a `username` and `password`, or an `icp4d_access_token`. If a username and password is given, the SDK will manage the token for the user.
+A `icp4d_url` is **required** for this type. In order to use an SDK-managed token with ICP4D authentication, this option **must** be passed in.
+
 ## Issues
 
 If you encounter an issue with this project, you are welcome to submit a [bug report](https://github.com/IBM/ruby-sdk-core/issues).

data/lib/ibm_cloud_sdk_core/base_service.rb

@@ -7,6 +7,7 @@ require("json")
 require_relative("./detailed_response.rb")
 require_relative("./api_exception.rb")
 require_relative("./iam_token_manager.rb")
+require_relative("./icp4d_token_manager.rb")
 require_relative("./version.rb")
 
 DEFAULT_CREDENTIALS_FILE_NAME = "ibm-credentials.env"
@@ -22,9 +23,12 @@ module IBMCloudSdkCore
     def initialize(vars)
       defaults = {
         vcap_services_name: nil,
+        use_vcap_services: true,
+        authentication_type: nil,
         username: nil,
         password: nil,
-        use_vcap_services: true,
+        icp4d_access_token: nil,
+        icp4d_url: nil,
         iam_apikey: nil,
         iam_access_token: nil,
         iam_url: nil,
@@ -34,22 +38,29 @@ module IBMCloudSdkCore
       }
       vars = defaults.merge(vars)
       @url = vars[:url]
-      @username = nil
-      @password = nil
-      @iam_apikey = nil
+      @username = vars[:username]
+      @password = vars[:password]
+      @icp_prefix = vars[:password]&.start_with?("icp-") || vars[:iam_apikey]&.start_with?("icp-") ? true : false
+      @icp4d_access_token = vars[:icp4d_access_token]
+      @icp4d_url = vars[:icp4d_url]
+      @iam_url = vars[:iam_url]
+      @iam_apikey = vars[:iam_apikey]
       @token_manager = nil
+      @authentication_type = vars[:authentication_type].downcase unless vars[:authentication_type].nil?
       @temp_headers = nil
-      @icp_prefix = vars[:password]&.start_with?("icp-") || vars[:iam_apikey]&.start_with?("icp-") ? true : false
       @disable_ssl_verification = false
       @display_name = vars[:display_name]
 
-      if (!vars[:iam_access_token].nil? || !vars[:iam_apikey].nil?) && !@icp_prefix
-        set_token_manager(iam_apikey: vars[:iam_apikey], iam_access_token: vars[:iam_access_token],
+      if @authentication_type == "iam" || ((!vars[:iam_access_token].nil? || !vars[:iam_apikey].nil?) && !@icp_prefix)
+        iam_token_manager(iam_apikey: vars[:iam_apikey], iam_access_token: vars[:iam_access_token],
                           iam_url: vars[:iam_url], iam_client_id: vars[:iam_client_id],
                           iam_client_secret: vars[:iam_client_secret])
       elsif !vars[:iam_apikey].nil? && @icp_prefix
         @username = "apikey"
         @password = vars[:iam_apikey]
+      elsif @authentication_type == "icp4d" || !vars[:icp4d_access_token].nil?
+        icp4d_token_manager(icp4d_access_token: vars[:icp4d_access_token], icp4d_url: vars[:icp4d_url],
+                            username: vars[:username], password: vars[:password])
       elsif !vars[:username].nil? && !vars[:password].nil?
         if vars[:username] == "apikey" && !@icp_prefix
           iam_apikey(iam_apikey: vars[:password])
@@ -73,6 +84,8 @@ module IBMCloudSdkCore
           @password = @vcap_service_credentials["password"] if @vcap_service_credentials.key?("password")
           @iam_apikey = @vcap_service_credentials["iam_apikey"] if @vcap_service_credentials.key?("iam_apikey")
           @iam_access_token = @vcap_service_credentials["iam_access_token"] if @vcap_service_credentials.key?("iam_access_token")
+          @icp4d_access_token = @vcap_service_credentials["icp4d_access_token"] if @vcap_service_credentials.key?("icp4d_access_token")
+          @icp4d_url = @vcap_service_credentials["icp4d_url"] if @vcap_service_credentials.key?("icp4d_url")
           @iam_url = @vcap_service_credentials["iam_url"] if @vcap_service_credentials.key?("iam_url")
           @icp_prefix = @password&.start_with?("icp-") || @iam_apikey&.start_with?("icp-") ? true : false
         end
@@ -82,6 +95,9 @@ module IBMCloudSdkCore
       raise ArgumentError.new('The password shouldn\'t start or end with curly brackets or quotes. Be sure to remove any {} and \" characters surrounding your password') if check_bad_first_or_last_char(@password)
       raise ArgumentError.new('The url shouldn\'t start or end with curly brackets or quotes. Be sure to remove any {} and \" characters surrounding your url') if check_bad_first_or_last_char(@url)
       raise ArgumentError.new('The apikey shouldn\'t start or end with curly brackets or quotes. Be sure to remove any {} and \" characters surrounding your apikey') if check_bad_first_or_last_char(@iam_apikey)
+      raise ArgumentError.new('The iam access token  shouldn\'t start or end with curly brackets or quotes. Be sure to remove any {} and \" characters surrounding your iam access token') if check_bad_first_or_last_char(@iam_access_token)
+      raise ArgumentError.new('The icp4d access token  shouldn\'t start or end with curly brackets or quotes. Be sure to remove any {} and \" characters surrounding your icp4d access token') if check_bad_first_or_last_char(@icp4d_access_token)
+      raise ArgumentError.new('The icp4d url shouldn\'t start or end with curly brackets or quotes. Be sure to remove any {} and \" characters surrounding your icp4d url') if check_bad_first_or_last_char(@icp4d_url)
 
       @conn = HTTP::Client.new(
         headers: {}
@@ -248,7 +264,7 @@ module IBMCloudSdkCore
       return str.start_with?("{", "\"") || str.end_with?("}", "\"") unless str.nil?
     end
 
-    def set_token_manager(iam_apikey: nil, iam_access_token: nil, iam_url: nil,
+    def iam_token_manager(iam_apikey: nil, iam_access_token: nil, iam_url: nil,
                           iam_client_id: nil, iam_client_secret: nil)
       @iam_apikey = iam_apikey
       @iam_access_token = iam_access_token
@@ -260,6 +276,16 @@ module IBMCloudSdkCore
                             iam_url: iam_url, iam_client_id: iam_client_id, iam_client_secret: iam_client_secret)
     end
 
+    def icp4d_token_manager(icp4d_access_token: nil, icp4d_url: nil, username: nil, password: nil)
+      if !@token_manager.nil?
+        @token_manager.access_token(icp4d_access_token)
+      else
+        raise ArgumentError.new("The icp4d_url is mandatory for ICP4D.") if icp4d_url.nil? && icp4d_access_token.nil?
+
+        @token_manager = ICP4DTokenManager.new(url: icp4d_url, access_token: icp4d_access_token, username: username, password: password)
+      end
+    end
+
     def add_timeout(timeout)
       if timeout.key?(:per_operation)
         raise TypeError("per_operation in timeout must be a Hash") unless timeout[:per_operation].instance_of?(Hash)

data/lib/ibm_cloud_sdk_core/iam_token_manager.rb

@@ -4,10 +4,11 @@ require("http")
 require("json")
 require("rbconfig")
 require_relative("./version.rb")
+require_relative("./jwt_token_manager")
 
 module IBMCloudSdkCore
   # Class to manage IAM Token Authentication
-  class IAMTokenManager
+  class IAMTokenManager < JWTTokenManager
     DEFAULT_IAM_URL = "https://iam.cloud.ibm.com/identity/token"
     CONTENT_TYPE = "application/x-www-form-urlencoded"
     ACCEPT = "application/json"
@@ -16,7 +17,6 @@ module IBMCloudSdkCore
     DEFAULT_CLIENT_SECRET = "bx"
     REQUEST_TOKEN_GRANT_TYPE = "urn:ibm:params:oauth:grant-type:apikey"
     REQUEST_TOKEN_RESPONSE_TYPE = "cloud_iam"
-    REFRESH_TOKEN_GRANT_TYPE = "refresh_token"
 
     attr_accessor :token_info, :user_access_token
     def initialize(iam_apikey: nil, iam_access_token: nil, iam_url: nil,
@@ -24,13 +24,8 @@ module IBMCloudSdkCore
       @iam_apikey = iam_apikey
       @user_access_token = iam_access_token
       @iam_url = iam_url.nil? ? DEFAULT_IAM_URL : iam_url
-      @token_info = {
-        "access_token" => nil,
-        "refresh_token" => nil,
-        "token_type" => nil,
-        "expires_in" => nil,
-        "expiration" => nil
-      }
+      super(url: iam_url, access_token: iam_access_token)
+
       # Both the client id and secret should be provided or neither should be provided.
       if !iam_client_id.nil? && !iam_client_secret.nil?
         @iam_client_id = iam_client_id
@@ -43,48 +38,6 @@ module IBMCloudSdkCore
       end
     end
 
-    def request(method:, url:, headers: nil, params: nil, data: nil)
-      response = nil
-      if headers.key?("Content-Type") && headers["Content-Type"] == CONTENT_TYPE
-        response = HTTP.basic_auth(user: @iam_client_id, pass: @iam_client_secret).request(
-          method,
-          url,
-          body: HTTP::URI.form_encode(data),
-          headers: headers,
-          params: params
-        )
-      end
-      return JSON.parse(response.body.to_s) if (200..299).cover?(response.code)
-
-      require_relative("./api_exception.rb")
-      raise ApiException.new(response: response)
-    end
-
-    # The source of the token is determined by the following logic:
-    #   1. If user provides their own managed access token, assume it is valid and send it
-    #   2. If this class is managing tokens and does not yet have one, make a request for one
-    #   3. If this class is managing tokens and the token has expired refresh it. In case the refresh token is expired, get a new one
-    # If this class is managing tokens and has a valid token stored, send it
-    def token
-      return @user_access_token unless @user_access_token.nil? || (@user_access_token.respond_to?(:empty?) && @user_access_token.empty?)
-
-      if @token_info.all? { |_k, v| v.nil? }
-        token_info = request_token
-        save_token_info(
-          token_info: token_info
-        )
-        return @token_info["access_token"]
-      elsif token_expired?
-        token_info = refresh_token_expired? ? request_token : refresh_token
-        save_token_info(
-          token_info: token_info
-        )
-        return @token_info["access_token"]
-      else
-        @token_info["access_token"]
-      end
-    end
-
     private
 
     # Request an IAM token using an API key
@@ -102,60 +55,11 @@ module IBMCloudSdkCore
         method: "POST",
         url: @iam_url,
         headers: headers,
-        data: data
-      )
-      response
-    end
-
-    # Refresh an IAM token using a refresh token
-    def refresh_token
-      headers = {
-        "Content-Type" => CONTENT_TYPE,
-        "accept" => ACCEPT
-      }
-      data = {
-        "grant_type" => REFRESH_TOKEN_GRANT_TYPE,
-        "refresh_token" => @token_info["refresh_token"]
-      }
-      response = request(
-        method: "POST",
-        url: @iam_url,
-        headers: headers,
-        data: data
+        data: HTTP::URI.form_encode(data),
+        username: @iam_client_id,
+        password: @iam_client_secret
       )
       response
     end
-
-    # Check if currently stored token is expired.
-    # Using a buffer to prevent the edge case of the
-    # token expiring before the request could be made.
-    # The buffer will be a fraction of the total TTL. Using 80%.
-    def token_expired?
-      return true if @token_info["expiration"].nil? || @token_info["expires_in"].nil?
-
-      fraction_of_ttl = 0.8
-      time_to_live = @token_info["expires_in"].nil? ? 0 : @token_info["expires_in"]
-      expire_time = @token_info["expiration"].nil? ? 0 : @token_info["expiration"]
-      refresh_time = expire_time - (time_to_live * (1.0 - fraction_of_ttl))
-      current_time = Time.now.to_i
-      refresh_time < current_time
-    end
-
-    # Used as a fail-safe to prevent the condition of a refresh token expiring,
-    # which could happen after around 30 days. This function will return true
-    # if it has been at least 7 days and 1 hour since the last token was set
-    def refresh_token_expired?
-      return true if @token_info["expiration"].nil?
-
-      seven_days = 7 * 24 * 3600
-      current_time = Time.now.to_i
-      new_token_time = @token_info["expiration"] + seven_days
-      new_token_time < current_time
-    end
-
-    # Save the response from the IAM service request to the object's state
-    def save_token_info(token_info:)
-      @token_info = token_info
-    end
   end
 end

data/lib/ibm_cloud_sdk_core/icp4d_token_manager.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require("http")
+require("json")
+require("rbconfig")
+require_relative("./version.rb")
+require_relative("./jwt_token_manager")
+
+module IBMCloudSdkCore
+  # Class to manage ICP4D Token Authentication
+  class ICP4DTokenManager < JWTTokenManager
+    def initialize(url: nil, username: nil, password: nil, access_token: nil)
+      raise ArgumentError.new("The url is mandatory for ICP4D.") if url.nil? && access_token.nil?
+
+      url += "/v1/preauth/validateAuth"
+      @username = username
+      @password = password
+      super(url: url, user_access_token: access_token)
+    end
+
+    def request_token
+      request(
+        method: "GET",
+        url: @url,
+        username: @username,
+        password: @password
+      )
+    end
+  end
+end

data/lib/ibm_cloud_sdk_core/jwt_token_manager.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+require("http")
+require("json")
+require("jwt")
+require("rbconfig")
+require_relative("./version.rb")
+
+TOKEN_NAME = "access_token"
+
+module IBMCloudSdkCore
+  # Class to manage JWT Token Authentication
+  class JWTTokenManager
+    def initialize(vars)
+      defaults = {
+        token_info: nil,
+        url: nil,
+        access_token: nil
+      }
+      vars = defaults.merge(vars)
+
+      @url = vars[:url]
+      @token_info = vars[:token_info]
+      @user_access_token = vars[:access_token]
+      @time_to_live = nil
+      @expire_time = nil
+      @disable_ssl_verification = false
+    end
+
+    def token
+      if !@user_access_token.nil?
+        @user_access_token
+      elsif @token_info.nil? || token_expired?
+        token_info = request_token
+        save_token_info(token_info: token_info)
+        @token_info[TOKEN_NAME]
+      elsif !@token_info.nil?
+        @token_info[TOKEN_NAME]
+      end
+    end
+
+    def access_token(access_token)
+      @user_access_token = access_token
+    end
+
+    private
+
+    # Check if currently stored token is expired.
+    # Using a buffer to prevent the edge case of the
+    # token expiring before the request could be made.
+    # The buffer will be a fraction of the total TTL. Using 80%.
+    def token_expired?
+      return true if @time_to_live.nil? || @expire_time.nil?
+
+      fraction_of_ttl = 0.8
+      refresh_time = @expire_time - (@time_to_live * (1.0 - fraction_of_ttl))
+      current_time = Time.now.to_i
+      refresh_time < current_time
+    end
+
+    def save_token_info(token_info: nil)
+      access_token = token_info[TOKEN_NAME]
+      decoded_response = JWT.decode access_token, nil, false, {}
+      exp = decoded_response[0]["exp"]
+      iat = decoded_response[0]["iat"]
+      @time_to_live = exp - iat
+      @expire_time = exp
+      @token_info = token_info
+    end
+
+    def request(method:, url:, headers: nil, params: nil, data: nil, username: nil, password: nil)
+      response = HTTP.basic_auth(user: username, pass: password).request(
+        method,
+        url,
+        body: data,
+        headers: headers,
+        params: params
+      )
+      return JSON.parse(response.body.to_s) if (200..299).cover?(response.code)
+
+      require_relative("./api_exception.rb")
+      raise ApiException.new(response: response)
+    end
+  end
+end

data/lib/ibm_cloud_sdk_core/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module IBMCloudSdkCore
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

data/test/unit/test_base_service.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require("json")
+require("jwt")
 require_relative("./../test_helper.rb")
 require("webmock/minitest")
 
@@ -209,8 +210,21 @@ class BaseServiceTest < Minitest::Test
       "created" => "2016-07-11T16:39:01.774Z",
       "updated" => "2015-12-07T18:53:59.153Z"
     }
+    access_token_layout = {
+      "username" => "dummy",
+      "role" => "Admin",
+      "permissions" => %w[administrator manage_catalog],
+      "sub" => "admin",
+      "iss" => "sss",
+      "aud" => "sss",
+      "uid" => "sss",
+      "iat" => 3600,
+      "exp" => Time.now.to_i
+    }
+
+    access_token = JWT.encode(access_token_layout, "secret", "HS256", "kid": "230498151c214b788dd97f22b85410a5")
     token_response = {
-      "access_token" => "oAeisG8yqPY7sFR_x66Z15",
+      "access_token" => access_token,
       "token_type" => "Bearer",
       "expires_in" => 3600,
       "expiration" => 1_524_167_011,
@@ -239,7 +253,7 @@ class BaseServiceTest < Minitest::Test
     stub_request(:get, "https://we.the.best/music")
       .with(
         headers: {
-          "Authorization" => "Bearer oAeisG8yqPY7sFR_x66Z15",
+          "Authorization" => "Bearer " + access_token,
           "Host" => "we.the.best"
         }
       ).to_return(status: 200, body: response.to_json, headers: headers)
@@ -252,14 +266,38 @@ class BaseServiceTest < Minitest::Test
     assert_equal(response, service_response.result)
   end
 
+  def test_for_icp4d
+    service = IBMCloudSdkCore::BaseService.new(
+      username: "hello",
+      password: "world",
+      icp4d_url: "service_url",
+      authentication_type: "icp4d"
+    )
+    refute_nil(service.token_manager)
+  end
+
   def test_dummy_request_username_apikey_cred_file
     response = {
       "text" => "I want financial advice today.",
       "created" => "2016-07-11T16:39:01.774Z",
       "updated" => "2015-12-07T18:53:59.153Z"
     }
+
+    access_token_layout = {
+      "username" => "dummy",
+      "role" => "Admin",
+      "permissions" => %w[administrator manage_catalog],
+      "sub" => "admin",
+      "iss" => "sss",
+      "aud" => "sss",
+      "uid" => "sss",
+      "iat" => 3600,
+      "exp" => Time.now.to_i
+    }
+
+    access_token = JWT.encode(access_token_layout, "secret", "HS256", "kid": "230498151c214b788dd97f22b85410a5")
     token_response = {
-      "access_token" => "oAeisG8yqPY7sFR_x66Z15",
+      "access_token" => access_token,
       "token_type" => "Bearer",
       "expires_in" => 3600,
       "expiration" => 1_524_167_011,
@@ -288,7 +326,7 @@ class BaseServiceTest < Minitest::Test
     stub_request(:get, "https://we.the.best/music")
       .with(
         headers: {
-          "Authorization" => "Bearer oAeisG8yqPY7sFR_x66Z15",
+          "Authorization" => "Bearer " + access_token,
           "Host" => "we.the.best"
         }
       ).to_return(status: 200, body: response.to_json, headers: headers)
@@ -301,4 +339,16 @@ class BaseServiceTest < Minitest::Test
     service_response = service.request(method: "GET", url: "/music", headers: {})
     assert_equal(response, service_response.result)
   end
+
+  def test_icp4d_access_token
+    service = IBMCloudSdkCore::BaseService.new(
+      authentication_type: "icp4d",
+      icp4d_url: "https://the.sixth.one",
+      icp4d_access_token: "token"
+    )
+    assert_equal(service.instance_variable_get(:@icp4d_access_token), "token")
+    service.send :icp4d_token_manager, icp4d_access_token: "new_token", icp4d_url: "the.url"
+    token_manager = service.instance_variable_get(:@token_manager)
+    assert_equal(token_manager.instance_variable_get(:@user_access_token), "new_token")
+  end
 end

data/test/unit/test_iam_token_manager.rb

@@ -36,7 +36,7 @@ class IAMTokenManagerTest < Minitest::Test
   end
 
   def test_request_token_fails
-    iam_url = "https://iam.bluemix.net/identity/token"
+    iam_url = "https://iam.cloud.ibm.com/identity/token"
     token_manager = IBMCloudSdkCore::IAMTokenManager.new(
       iam_apikey: "iam_apikey",
       iam_access_token: "iam_access_token",
@@ -46,14 +46,14 @@ class IAMTokenManagerTest < Minitest::Test
       "code" => "500",
       "error" => "Oh no"
     }
-    stub_request(:post, "https://iam.bluemix.net/identity/token")
+    stub_request(:post, "https://iam.cloud.ibm.com/identity/token")
       .with(
         body: { "apikey" => "iam_apikey", "grant_type" => "urn:ibm:params:oauth:grant-type:apikey", "response_type" => "cloud_iam" },
         headers: {
           "Accept" => "application/json",
           "Authorization" => "Basic Yng6Yng=",
           "Content-Type" => "application/x-www-form-urlencoded",
-          "Host" => "iam.bluemix.net"
+          "Host" => "iam.cloud.ibm.com"
         }
       ).to_return(status: 500, body: response.to_json, headers: {})
     assert_raises do
@@ -87,69 +87,19 @@ class IAMTokenManagerTest < Minitest::Test
     end
   end
 
-  def test_refresh_token
-    iam_url = "https://iam.cloud.ibm.com/identity/token"
-    response = {
-      "access_token" => "oAeisG8yqPY7sFR_x66Z15",
-      "token_type" => "Bearer",
-      "expires_in" => 3600,
-      "expiration" => 1_524_167_011,
-      "refresh_token" => "jy4gl91BQ"
-    }
-    token_manager = IBMCloudSdkCore::IAMTokenManager.new(
-      iam_apikey: "iam_apikey",
-      iam_access_token: "iam_access_token",
-      iam_url: iam_url
-    )
-    stub_request(:post, "https://iam.cloud.ibm.com/identity/token")
-      .with(
-        body: { "grant_type" => "refresh_token", "refresh_token" => "" },
-        headers: {
-          "Accept" => "application/json",
-          "Authorization" => "Basic Yng6Yng=",
-          "Content-Type" => "application/x-www-form-urlencoded",
-          "Host" => "iam.cloud.ibm.com"
-        }
-      ).to_return(status: 200, body: response.to_json, headers: {})
-    token_response = token_manager.send(:refresh_token)
-    assert_equal(response, token_response)
-  end
-
   def test_is_token_expired
     token_manager = IBMCloudSdkCore::IAMTokenManager.new(
       iam_apikey: "iam_apikey",
       iam_access_token: "iam_access_token",
       iam_url: "iam_url"
     )
-    token_manager.token_info = {
-      "access_token" => "oAeisG8yqPY7sFR_x66Z15",
-      "token_type" => "Bearer",
-      "expires_in" => 3600,
-      "expiration" => Time.now.to_i + 6000,
-      "refresh_token" => "jy4gl91BQ"
-    }
 
-    refute(token_manager.send(:token_expired?))
-    token_manager.token_info["expiration"] = Time.now.to_i - 3600
     assert(token_manager.send(:token_expired?))
-  end
-
-  def test_is_refresh_token_expired
-    token_manager = IBMCloudSdkCore::IAMTokenManager.new(
-      iam_apikey: "iam_apikey",
-      iam_access_token: "iam_access_token",
-      iam_url: "iam_url"
-    )
-    token_manager.token_info = {
-      "access_token" => "oAeisG8yqPY7sFR_x66Z15",
-      "token_type" => "Bearer",
-      "expires_in" => 3600,
-      "expiration" => Time.now.to_i,
-      "refresh_token" => "jy4gl91BQ"
-    }
-
-    refute(token_manager.send(:refresh_token_expired?))
-    token_manager.token_info["expiration"] = Time.now.to_i - (8 * 24 * 3600)
+    token_manager.instance_variable_set(:@time_to_live, 3600)
+    token_manager.instance_variable_set(:@expire_time, Time.now.to_i + 6000)
+    refute(token_manager.send(:token_expired?))
+    token_manager.instance_variable_set(:@time_to_live, 3600)
+    token_manager.instance_variable_set(:@expire_time, Time.now.to_i - 3600)
     assert(token_manager.send(:token_expired?))
   end
 
@@ -164,33 +114,31 @@ class IAMTokenManagerTest < Minitest::Test
     token = token_manager.token
     assert_equal(token_manager.user_access_token, token)
 
+    access_token_layout = {
+      "username" => "dummy",
+      "role" => "Admin",
+      "permissions" => %w[administrator manage_catalog],
+      "sub" => "admin",
+      "iss" => "sss",
+      "aud" => "sss",
+      "uid" => "sss",
+      "iat" => 3600,
+      "exp" => Time.now.to_i
+    }
+
+    access_token = JWT.encode(access_token_layout, "secret", "HS256", "kid": "230498151c214b788dd97f22b85410a5")
+
     response = {
-      "access_token" => "hellohello",
+      "access_token" => access_token,
       "token_type" => "Bearer",
       "expires_in" => 3600,
       "expiration" => 1_524_167_011,
       "refresh_token" => "jy4gl91BQ"
     }
-    stub_request(:post, "https://iam.cloud.ibm.com/identity/token")
-      .with(
-        body: { "apikey" => "iam_apikey", "grant_type" => "urn:ibm:params:oauth:grant-type:apikey", "response_type" => "cloud_iam" },
-        headers: {
-          "Accept" => "application/json",
-          "Authorization" => "Basic Yng6Yng=",
-          "Content-Type" => "application/x-www-form-urlencoded",
-          "Host" => "iam.cloud.ibm.com"
-        }
-      ).to_return(status: 200, body: response.to_json, headers: {})
-    token_manager.user_access_token = ""
-    token = token_manager.token
-    assert_equal("hellohello", token)
-
-    token_manager.token_info["expiration"] = Time.now.to_i - (20 * 24 * 3600)
-    token = token_manager.token
-    assert_equal("hellohello", token)
 
     stub_request(:post, "https://iam.cloud.ibm.com/identity/token")
       .with(
+        body: { "apikey" => "iam_apikey", "grant_type" => "urn:ibm:params:oauth:grant-type:apikey", "response_type" => "cloud_iam" },
         headers: {
           "Accept" => "application/json",
           "Authorization" => "Basic Yng6Yng=",
@@ -198,19 +146,8 @@ class IAMTokenManagerTest < Minitest::Test
           "Host" => "iam.cloud.ibm.com"
         }
       ).to_return(status: 200, body: response.to_json, headers: {})
-    token_manager.token_info["expiration"] = Time.now.to_i - 4000
     token = token_manager.token
-    assert_equal("hellohello", token)
-
-    token_manager.token_info = {
-      "access_token" => "dummy",
-      "token_type" => "Bearer",
-      "expires_in" => 3600,
-      "expiration" => Time.now.to_i + 3600,
-      "refresh_token" => "jy4gl91BQ"
-    }
-    token = token_manager.token
-    assert_equal("dummy", token)
+    assert_equal(token_manager.user_access_token, token)
   end
 
   def test_client_id_only

data/test/unit/test_icp4d_token_manager.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require_relative("./../test_helper.rb")
+require("webmock/minitest")
+
+WebMock.disable_net_connect!(allow_localhost: true)
+
+# Unit tests for the ICP4D Token Manager
+class ICP4DTokenManagerTest < Minitest::Test
+  def test_request_token
+    response = {
+      "access_token" => "oAeisG8yqPY7sFR_x66Z15",
+      "token_type" => "Bearer",
+      "expires_in" => 3600,
+      "expiration" => 1_524_167_011,
+      "refresh_token" => "jy4gl91BQ"
+    }
+
+    token_manager = IBMCloudSdkCore::ICP4DTokenManager.new(
+      url: "https://the.sixth.one",
+      username: "you",
+      password: "me"
+    )
+    stub_request(:get, "https://the.sixth.one/v1/preauth/validateAuth")
+      .with(
+        headers: {
+          "Authorization" => "Basic eW91Om1l",
+          "Host" => "the.sixth.one"
+        }
+      ).to_return(status: 200, body: response.to_json, headers: {})
+    token_response = token_manager.send(:request_token)
+    assert_equal(response, token_response)
+    token_manager.access_token("token")
+    assert_equal(token_manager.instance_variable_get(:@user_access_token), "token")
+  end
+
+  def test_request_token_fails
+    token_manager = IBMCloudSdkCore::ICP4DTokenManager.new(
+      url: "https://the.sixth.one",
+      username: "you",
+      password: "me"
+    )
+    response = {
+      "code" => "500",
+      "error" => "Oh no"
+    }
+    stub_request(:get, "https://the.sixth.one/v1/preauth/validateAuth")
+      .with(
+        headers: {
+          "Authorization" => "Basic eW91Om1l",
+          "Host" => "the.sixth.one"
+        }
+      ).to_return(status: 500, body: response.to_json, headers: {})
+    begin
+      token_manager.send(:request_token)
+    rescue IBMCloudSdkCore::ApiException => e
+      assert(e.to_s.instance_of?(String))
+    end
+  end
+end

data/test/unit/test_jwt_token_manager.rb

@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+
+require_relative("./../test_helper.rb")
+require("jwt")
+require("webmock/minitest")
+
+WebMock.disable_net_connect!(allow_localhost: true)
+
+# Unit tests for the JWT Token Manager
+class JWTTokenManagerTest < Minitest::Test
+  def test_request_token
+    response = {
+      "access_token" => "oAeisG8yqPY7sFR_x66Z15",
+      "token_type" => "Bearer",
+      "expires_in" => 3600,
+      "expiration" => 1_524_167_011,
+      "refresh_token" => "jy4gl91BQ"
+    }
+
+    token_manager = IBMCloudSdkCore::JWTTokenManager.new(
+      icp4d_url: "https://the.sixth.one",
+      username: "you",
+      password: "me"
+    )
+    stub_request(:get, "https://the.sixth.one")
+      .with(
+        headers: {
+          "Authorization" => "Basic Og==",
+          "Host" => "the.sixth.one"
+        }
+      ).to_return(status: 200, body: response.to_json, headers: {})
+    token_response = token_manager.send(:request, method: "get", url: "https://the.sixth.one")
+    assert_equal(response, token_response)
+    token_manager.access_token("token")
+    assert_equal(token_manager.instance_variable_get(:@user_access_token), "token")
+  end
+
+  def test_request_token_fails
+    token_manager = IBMCloudSdkCore::JWTTokenManager.new(
+      icp4d_url: "https://the.sixth.one",
+      username: "you",
+      password: "me"
+    )
+    response = {
+      "code" => "500",
+      "error" => "Oh no"
+    }
+    stub_request(:get, "https://the.sixth.one/")
+      .with(
+        headers: {
+          "Authorization" => "Basic Og==",
+          "Host" => "the.sixth.one"
+        }
+      ).to_return(status: 500, body: response.to_json, headers: {})
+    begin
+      token_manager.send(:request, method: "get", url: "https://the.sixth.one")
+    rescue IBMCloudSdkCore::ApiException => e
+      assert(e.to_s.instance_of?(String))
+    end
+  end
+
+  def test_request_token_exists
+    token_manager = IBMCloudSdkCore::JWTTokenManager.new(
+      icp4d_url: "https://the.sixth.one",
+      username: "you",
+      password: "me",
+      access_token: "token"
+    )
+    token_response = token_manager.send(:token)
+    assert_equal("token", token_response)
+  end
+
+  def test_request_token_not_expired
+    access_token_layout = {
+      "username" => "dummy",
+      "role" => "Admin",
+      "permissions" => %w[administrator manage_catalog],
+      "sub" => "admin",
+      "iss" => "sss",
+      "aud" => "sss",
+      "uid" => "sss",
+      "iat" => Time.now.to_i,
+      "exp" => Time.now.to_i + (6 * 3600)
+    }
+    access_token = JWT.encode(access_token_layout, "secret", "HS256", "kid": "230498151c214b788dd97f22b85410a5")
+
+    token = {
+      "access_token" => access_token,
+      "token_type" => "Bearer",
+      "expires_in" => 3600,
+      "expiration" => Time.now.to_i + (6 * 3600),
+      "refresh_token" => "jy4gl91BQ"
+    }
+
+    token_manager = IBMCloudSdkCore::JWTTokenManager.new(
+      icp4d_url: "https://the.sixth.one",
+      username: "you",
+      password: "me"
+    )
+    token_manager.send(:save_token_info, token_info: token)
+    token_response = token_manager.send(:token)
+    assert_equal(access_token, token_response)
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ibm_cloud_sdk_core
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Mamoon Raja
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-05-07 00:00:00.000000000 Z
+date: 2019-06-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby
@@ -38,6 +38,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 4.1.0
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -218,6 +232,8 @@ files:
 - lib/ibm_cloud_sdk_core/base_service.rb
 - lib/ibm_cloud_sdk_core/detailed_response.rb
 - lib/ibm_cloud_sdk_core/iam_token_manager.rb
+- lib/ibm_cloud_sdk_core/icp4d_token_manager.rb
+- lib/ibm_cloud_sdk_core/jwt_token_manager.rb
 - lib/ibm_cloud_sdk_core/version.rb
 - rakefile
 - test/test_helper.rb
@@ -225,6 +241,8 @@ files:
 - test/unit/test_configure_http_proxy.rb
 - test/unit/test_detailed_response.rb
 - test/unit/test_iam_token_manager.rb
+- test/unit/test_icp4d_token_manager.rb
+- test/unit/test_jwt_token_manager.rb
 homepage: https://www.github.com/IBM
 licenses:
 - Apache-2.0