keycloak_oauth 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 36235d5a3f0e96e1b1ddac55c9825545ee11244ec785fff42c30029ee1ba33eb
-  data.tar.gz: 7778aeab5443dcaa32dd301e2fe45a0b4c099e0ea9cd6fe289b6d2de8f1dc113
+  metadata.gz: 45b0a220afa0ca575a22ed7fd5cf958dc4d7ad2450a116f3bdf7e5e3546d6eac
+  data.tar.gz: eeb8fcb58d29e1cf18d4cf3fadddbf184029576b97bb9194e4218f4889636f05
 SHA512:
-  metadata.gz: 4284790fc0cf71a7dd853d7e45f2b894500ff485b1e502857801ce5b453abb5658db95f078bb4c32b132a3f075e7ca7460b42093583a9eeba688cb3ebf1f6cf7
-  data.tar.gz: 8d81ce99e61b047f6c1cd426d73e700b8c27dd9361ae5639994932e5b3c2ed06ba844fea3c5bf69ac1ca92a0206c19154fbe0a42e34a72bae9e07f65acba3b60
+  metadata.gz: 58a27c6c046d783c0f83db3a8857d06aab9402e85d00a6d880eb0ad637d2b5f8a4e4c4e4df03065f03097bfda98439f735b8257d10c52046be85d0c210aeef3e
+  data.tar.gz: dc6cc4e9a90c8f78a09e3b2b90d19ca7973aea125678170ba2be0902d490eba1ff17cbcfcce9a22e78f9b85324f3bce77f5bb878a722dfc8113cf72b01505581

data/README.md

@@ -65,6 +65,19 @@ KeycloakOauth.configure do |config|
 end
 ```
 
+**User mapping**
+The host app is responsible for mapping a Keycloak session with a Rails user session. This can be achieved
+by implementing the `map_authenticatable` method in the module configured above (e.g. `KeycloakOauthCallbacks` in our example).
+You can get the user information by making a call to `KeycloakOauth.connection.get_user_information` to which you pass in the access token.
+See here an example of retrieving the user information and saving the email address in the Rails session:
+
+```ruby
+def map_authenticatable(_request)
+  service = KeycloakOauth.connection.get_user_information(access_token: session[:access_token])
+  session[:user_email_address] = service.user_information['email']
+end
+```
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/app/controllers/keycloak_oauth/callbacks_controller.rb

@@ -10,6 +10,7 @@ module KeycloakOauth
         session: session
       )
       authentication_service.authenticate
+      map_authenticatable_if_implemented(session)
 
       redirect_to self.class.method_defined?(:after_sign_in_path) ? after_sign_in_path(request) : '/'
     end
@@ -19,5 +20,13 @@ module KeycloakOauth
     def authentication_params
       params.permit(:code)
     end
+
+    def map_authenticatable_if_implemented(request)
+      if self.class.method_defined?(:map_authenticatable)
+        map_authenticatable(request)
+      else
+        raise NotImplementedError.new('User mapping must be handled by the host app. See README for more information.')
+      end
+    end
   end
 end

data/app/services/keycloak_oauth/user_info_retrieval_service.rb

@@ -0,0 +1,45 @@
+require 'net/http'
+
+module KeycloakOauth
+  class UserInfoRetrievalError < StandardError; end
+
+  class UserInfoRetrievalService
+    AUTHORIZATION_HEADER = 'Authorization'.freeze
+    CONTENT_TYPE = 'application/x-www-form-urlencoded'.freeze
+
+    attr_reader :user_information
+
+    def initialize(access_token:)
+      @access_token = access_token
+    end
+
+    def retrieve
+      @user_information = parsed_user_information(get_user)
+    end
+
+    private
+
+    attr_accessor :access_token
+
+    def get_user
+      uri = URI.parse(KeycloakOauth.connection.user_info_endpoint)
+      Net::HTTP.start(uri.host, uri.port) do |http|
+        request = Net::HTTP::Get.new(uri)
+        request.set_content_type(CONTENT_TYPE)
+        request[AUTHORIZATION_HEADER] = "Bearer #{access_token}"
+        http.request(request)
+      end
+    end
+
+    def parsed_user_information(http_response)
+      response_hash = JSON.parse(http_response.body)
+
+      return response_hash if http_response.code_type == Net::HTTPOK
+
+      # TODO: For now, we assume that the access token is always valid.
+      # We do not yet handle the case where a refresh token is passed in and
+      # used if the access token has expired.
+      raise KeycloakOauth::UserInfoRetrievalError.new(response_hash)
+    end
+  end
+end

data/lib/keycloak_oauth/connection.rb

@@ -1,8 +1,10 @@
+require 'keycloak_oauth/endpoints'
+
 module KeycloakOauth
   class Connection
-    attr_reader :auth_url, :realm, :client_id, :client_secret, :callback_module
+    include KeycloakOauth::Endpoints
 
-    DEFAULT_RESPONSE_TYPE = 'code'.freeze
+    attr_reader :auth_url, :realm, :client_id, :client_secret, :callback_module
 
     def initialize(auth_url:, realm:, client_id:, client_secret:, callback_module: nil)
       @auth_url = auth_url
@@ -12,13 +14,10 @@ module KeycloakOauth
       @callback_module = callback_module
     end
 
-    def authorization_endpoint(options: {})
-      endpoint = "#{auth_url}/realms/#{realm}/protocol/openid-connect/auth?client_id=#{client_id}"
-      endpoint += "&response_type=#{options[:response_type] || DEFAULT_RESPONSE_TYPE}"
-    end
-
-    def authentication_endpoint
-      "#{auth_url}/realms/#{realm}/protocol/openid-connect/token"
+    def get_user_information(access_token:)
+      service = KeycloakOauth::UserInfoRetrievalService.new(access_token: access_token)
+      service.retrieve
+      service.user_information
     end
   end
 end

data/lib/keycloak_oauth/endpoints.rb

@@ -0,0 +1,18 @@
+module KeycloakOauth
+  module Endpoints
+    DEFAULT_RESPONSE_TYPE = 'code'.freeze
+
+    def authorization_endpoint(options: {})
+      endpoint = "#{auth_url}/realms/#{realm}/protocol/openid-connect/auth?client_id=#{client_id}"
+      endpoint += "&response_type=#{options[:response_type] || DEFAULT_RESPONSE_TYPE}"
+    end
+
+    def authentication_endpoint
+      "#{auth_url}/realms/#{realm}/protocol/openid-connect/token"
+    end
+
+    def user_info_endpoint
+      "#{auth_url}/realms/#{realm}/protocol/openid-connect/userinfo"
+    end
+  end
+end

data/lib/keycloak_oauth/version.rb

@@ -1,3 +1,3 @@
 module KeycloakOauth
-  VERSION = "0.1.2"
+  VERSION = "0.1.3"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: keycloak_oauth
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - simplificator
@@ -19,7 +19,7 @@ dependencies:
         version: 6.0.3
     - - ">="
       - !ruby/object:Gem::Version
-        version: 6.0.3.3
+        version: 6.0.3.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: 6.0.3
     - - ">="
       - !ruby/object:Gem::Version
-        version: 6.0.3.3
+        version: 6.0.3.2
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
@@ -70,10 +70,12 @@ files:
 - app/controllers/keycloak_oauth/application_controller.rb
 - app/controllers/keycloak_oauth/callbacks_controller.rb
 - app/services/keycloak_oauth/authentication_service.rb
+- app/services/keycloak_oauth/user_info_retrieval_service.rb
 - config/routes.rb
 - lib/keycloak_oauth.rb
 - lib/keycloak_oauth/configuration.rb
 - lib/keycloak_oauth/connection.rb
+- lib/keycloak_oauth/endpoints.rb
 - lib/keycloak_oauth/engine.rb
 - lib/keycloak_oauth/version.rb
 homepage: https://rubygems.org/gems/keycloak_oauth