keycloak_oauth 0.1.5 → 0.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8c4e4bd1db90c3f3a2b6b16c41d339d50210d01052d1de2473a6c7dd99736e2f
-  data.tar.gz: 43cd08c9c3a233a307e1b87f8b8e842e0949d1c8cfe29a6f48ba4741d22dd6f2
+  metadata.gz: d5372c486b89d09a51766f5ae6420c926f23d26d3f83ed30a9cd8b62c0c100a9
+  data.tar.gz: fcc3d36bbcdcd9d3fda6d51ebfb74e227cbb1f3eb234dfabd98531362c0be8e2
 SHA512:
-  metadata.gz: 8a3f24340b2967be6a3e0a3a7db140f74bf8a3b68ff73e933c1fa48b7975d18bf266c3b3663033270c3fd7ea6ab28dec88ae8b4806b218fe030dd4b9efb45a13
-  data.tar.gz: 508d3abe88044f5adcfdbbe47f08be2a7328d26d8a33acfbe31f8aa42213c54ec8042881a929401493d9ecc88ad6ac0549e150515deeed2c3004d751573f19fe
+  metadata.gz: ea374a1c1d6fa04d4473cc645be6af6bfe0d9bb3468924a238cae97ee990c339bbd16d99c8c0173c736b48f0cb5d3c8758cae059dd3d12713f872d6a12ca2dfd
+  data.tar.gz: 95eb399aac689d154fb942521da92a557a0b5fc7f035c7798fb48b3c2e3e1c1a44a2548724cfcb5c96d689d8e6b491f75ca028fb6ad3e356174ae76a8b8562da

data/README.md

@@ -88,6 +88,22 @@ def map_authenticatable(_request)
 end
 ```
 
+**Logging out**
+In order to log out, you can use the following API call:
+`KeycloakOauth.connection.logout(session: session)`
+
+Note that you need to pass in the session, as the gem needs to remove the Keycloak tokens from there.
+
+e.g.
+```ruby
+class SessionsController < ApplicationController
+  def destroy
+    KeycloakOauth.connection.logout(session: session)
+    redirect_to new_session_path
+  end
+end
+```
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/app/services/keycloak_oauth/authorizable_service.rb

@@ -0,0 +1,24 @@
+require 'net/http'
+
+module KeycloakOauth
+  class AuthorizableError < StandardError; end
+
+  class AuthorizableService
+    HTTP_SUCCESS_CODES = [Net::HTTPOK, Net::HTTPNoContent]
+    DEFAULT_CONTENT_TYPE = 'application/x-www-form-urlencoded'.freeze
+    AUTHORIZATION_HEADER = 'Authorization'.freeze
+
+    private
+
+    def parsed_response(http_response)
+      response = http_response.body.present? ? JSON.parse(http_response.body) : http_response.body
+
+      return response if HTTP_SUCCESS_CODES.include?(http_response.code_type)
+
+      # TODO: For now, we assume that the access token is always valid.
+      # We do not yet handle the case where a refresh token is passed in and
+      # used if the access token has expired.
+      raise KeycloakOauth::AuthorizableError.new(response)
+    end
+  end
+end

data/app/services/keycloak_oauth/logout_service.rb

@@ -0,0 +1,44 @@
+require 'net/http'
+
+module KeycloakOauth
+  class LogoutService < KeycloakOauth::AuthorizableService
+    def initialize(session)
+      @session = session
+    end
+
+    def logout
+      parsed_response(post_logout)
+    end
+
+    private
+
+    attr_accessor :session
+
+    def post_logout
+      uri = URI.parse(KeycloakOauth.connection.logout_endpoint)
+      Net::HTTP.start(uri.host, uri.port) do |http|
+        request = Net::HTTP::Post.new(uri)
+        request.set_content_type(DEFAULT_CONTENT_TYPE)
+        request.set_form_data(logout_request_params)
+        request[AUTHORIZATION_HEADER] = "Bearer #{access_token}"
+        http.request(request)
+      end
+    end
+
+    def logout_request_params
+      {
+        client_id: KeycloakOauth.connection.client_id,
+        client_secret: KeycloakOauth.connection.client_secret,
+        refresh_token: refresh_token
+      }
+    end
+
+    def access_token
+      session[:access_token]
+    end
+
+    def refresh_token
+      session[:refresh_token]
+    end
+  end
+end

data/app/services/keycloak_oauth/user_info_retrieval_service.rb

@@ -1,45 +1,30 @@
 require 'net/http'
 
 module KeycloakOauth
-  class UserInfoRetrievalError < StandardError; end
-
-  class UserInfoRetrievalService
-    AUTHORIZATION_HEADER = 'Authorization'.freeze
-    CONTENT_TYPE = 'application/x-www-form-urlencoded'.freeze
-
+  class UserInfoRetrievalService < KeycloakOauth::AuthorizableService
     attr_reader :user_information
 
-    def initialize(access_token:)
+    def initialize(access_token:, refresh_token:)
       @access_token = access_token
+      @refresh_token = refresh_token
     end
 
     def retrieve
-      @user_information = parsed_user_information(get_user)
+      @user_information = parsed_response(get_user)
     end
 
     private
 
-    attr_accessor :access_token
+    attr_accessor :access_token, :refresh_token
 
     def get_user
       uri = URI.parse(KeycloakOauth.connection.user_info_endpoint)
       Net::HTTP.start(uri.host, uri.port, :use_ssl => uri.scheme == 'https') do |http|
         request = Net::HTTP::Get.new(uri)
-        request.set_content_type(CONTENT_TYPE)
+        request.set_content_type(DEFAULT_CONTENT_TYPE)
         request[AUTHORIZATION_HEADER] = "Bearer #{access_token}"
         http.request(request)
       end
     end
-
-    def parsed_user_information(http_response)
-      response_hash = JSON.parse(http_response.body)
-
-      return response_hash if http_response.code_type == Net::HTTPOK
-
-      # TODO: For now, we assume that the access token is always valid.
-      # We do not yet handle the case where a refresh token is passed in and
-      # used if the access token has expired.
-      raise KeycloakOauth::UserInfoRetrievalError.new(response_hash)
-    end
   end
 end

data/lib/keycloak_oauth/connection.rb

@@ -14,10 +14,18 @@ module KeycloakOauth
       @callback_module = callback_module
     end
 
-    def get_user_information(access_token:)
-      service = KeycloakOauth::UserInfoRetrievalService.new(access_token: access_token)
+    def get_user_information(access_token:, refresh_token:)
+      service = KeycloakOauth::UserInfoRetrievalService.new(
+        access_token: access_token,
+        refresh_token: refresh_token
+      )
       service.retrieve
       service.user_information
     end
+
+    def logout(session:)
+      service = KeycloakOauth::LogoutService.new(session)
+      service.logout
+    end
   end
 end

data/lib/keycloak_oauth/endpoints.rb

@@ -16,5 +16,9 @@ module KeycloakOauth
     def user_info_endpoint
       "#{auth_url}/realms/#{realm}/protocol/openid-connect/userinfo"
     end
+
+    def logout_endpoint
+      "#{auth_url}/realms/#{realm}/protocol/openid-connect/logout"
+    end
   end
 end

data/lib/keycloak_oauth/version.rb

@@ -1,3 +1,3 @@
 module KeycloakOauth
-  VERSION = "0.1.5"
+  VERSION = "0.1.6"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: keycloak_oauth
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.6
 platform: ruby
 authors:
 - simplificator
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-11-03 00:00:00.000000000 Z
+date: 2020-11-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -58,7 +58,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+description:
 email:
 - dev@simplificator.com
 executables: []
@@ -69,6 +69,8 @@ files:
 - Rakefile
 - app/controllers/keycloak_oauth/callbacks_controller.rb
 - app/services/keycloak_oauth/authentication_service.rb
+- app/services/keycloak_oauth/authorizable_service.rb
+- app/services/keycloak_oauth/logout_service.rb
 - app/services/keycloak_oauth/user_info_retrieval_service.rb
 - config/routes.rb
 - lib/keycloak_oauth.rb
@@ -84,7 +86,7 @@ metadata:
   homepage_uri: https://rubygems.org/gems/keycloak_oauth
   source_code_uri: https://github.com/simplificator/keycloak_oauth
   changelog_uri: https://github.com/simplificator/keycloak_oauth
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -99,8 +101,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.0.8
+signing_key:
 specification_version: 4
 summary: Implementing OAuth with Keycloak in Ruby
 test_files: []