oxd-ruby 0.1.9 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitignore +1 -0
- data/CHANGELOG.md +16 -0
- data/README.md +3 -241
- data/lib/generators/oxd/templates/oxd_config.rb +5 -5
- data/lib/oxd-ruby.rb +3 -1
- data/lib/oxd/client_oxd_commands.rb +96 -109
- data/lib/oxd/config.rb +17 -15
- data/lib/oxd/errors.rb +33 -0
- data/lib/oxd/oxd_connector.rb +51 -49
- data/lib/oxd/uma_commands.rb +72 -35
- data/lib/oxd/version.rb +2 -1
- data/oxd-ruby.gemspec +2 -2
- metadata +8 -72
- data/demosite/.gitignore +0 -17
- data/demosite/Gemfile +0 -50
- data/demosite/Gemfile.lock +0 -197
- data/demosite/README.md +0 -172
- data/demosite/Rakefile +0 -6
- data/demosite/app/assets/images/.keep +0 -0
- data/demosite/app/assets/javascripts/application.js +0 -17
- data/demosite/app/assets/javascripts/bootstrap.js.coffee +0 -3
- data/demosite/app/assets/stylesheets/application.css +0 -16
- data/demosite/app/assets/stylesheets/bootstrap_and_overrides.css +0 -7
- data/demosite/app/controllers/application_controller.rb +0 -46
- data/demosite/app/controllers/concerns/.keep +0 -0
- data/demosite/app/controllers/home_controller.rb +0 -79
- data/demosite/app/controllers/uma_controller.rb +0 -40
- data/demosite/app/helpers/application_helper.rb +0 -2
- data/demosite/app/mailers/.keep +0 -0
- data/demosite/app/models/.keep +0 -0
- data/demosite/app/models/concerns/.keep +0 -0
- data/demosite/app/views/home/index.html.erb +0 -210
- data/demosite/app/views/layouts/application.html.erb +0 -14
- data/demosite/app/views/uma/index.html.erb +0 -123
- data/demosite/bin/bundle +0 -3
- data/demosite/bin/rails +0 -9
- data/demosite/bin/rake +0 -9
- data/demosite/bin/setup +0 -29
- data/demosite/bin/spring +0 -15
- data/demosite/config.ru +0 -4
- data/demosite/config/application.rb +0 -26
- data/demosite/config/boot.rb +0 -3
- data/demosite/config/database.yml +0 -25
- data/demosite/config/environment.rb +0 -5
- data/demosite/config/environments/development.rb +0 -41
- data/demosite/config/environments/production.rb +0 -79
- data/demosite/config/environments/test.rb +0 -42
- data/demosite/config/initializers/assets.rb +0 -11
- data/demosite/config/initializers/backtrace_silencers.rb +0 -7
- data/demosite/config/initializers/cookies_serializer.rb +0 -3
- data/demosite/config/initializers/filter_parameter_logging.rb +0 -4
- data/demosite/config/initializers/inflections.rb +0 -16
- data/demosite/config/initializers/mime_types.rb +0 -4
- data/demosite/config/initializers/oxd_config.rb +0 -25
- data/demosite/config/initializers/session_store.rb +0 -3
- data/demosite/config/initializers/wrap_parameters.rb +0 -14
- data/demosite/config/locales/en.bootstrap.yml +0 -23
- data/demosite/config/locales/en.yml +0 -23
- data/demosite/config/routes.rb +0 -76
- data/demosite/config/secrets.yml +0 -22
- data/demosite/db/seeds.rb +0 -7
- data/demosite/lib/assets/.keep +0 -0
- data/demosite/lib/tasks/.keep +0 -0
- data/demosite/log/.keep +0 -0
- data/demosite/public/404.html +0 -67
- data/demosite/public/422.html +0 -67
- data/demosite/public/500.html +0 -66
- data/demosite/public/favicon.ico +0 -0
- data/demosite/public/robots.txt +0 -5
- data/demosite/test/controllers/.keep +0 -0
- data/demosite/test/fixtures/.keep +0 -0
- data/demosite/test/helpers/.keep +0 -0
- data/demosite/test/integration/.keep +0 -0
- data/demosite/test/mailers/.keep +0 -0
- data/demosite/test/models/.keep +0 -0
- data/demosite/test/test_helper.rb +0 -10
- data/demosite/vendor/assets/javascripts/.keep +0 -0
- data/demosite/vendor/assets/stylesheets/.keep +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 44810d1d51584267d4eb543925ea5659b1288398d3d639ec87c0b315e618c3a6
|
4
|
+
data.tar.gz: 685bee8e40f0e64f5d3eb85148515ece3106bb5995ec730f121de439b8ac92b6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 63450ead6ca0d9c7c26e86fc8771f215ee3c8247f8fe0701eae65fb7e5fe7ab235740b0b8753e4912e69bb6ae244ab1526049ad49da2be06395eaa219551fe76
|
7
|
+
data.tar.gz: 8c5f0c1bf3f28d459a28cfa06d4315a366bd1a180c5a6ba7262e61bb746ebe46f40d602b872f55cd46edf4741c78b5c54f2ee545de34a6ea9c734d2c3ebec340
|
data/.gitignore
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,22 @@
|
|
1
1
|
# Change Log
|
2
2
|
All notable changes to this project will be documented in this file.
|
3
3
|
|
4
|
+
## [1.0.2] - 2018-03-05
|
5
|
+
### Added
|
6
|
+
- support for "client_credentials" `grant_type`
|
7
|
+
- new `update_site` command
|
8
|
+
- new `remove_site` command
|
9
|
+
- new `introspect_access_token` command
|
10
|
+
- new `introspect_rpt` command
|
11
|
+
- `client_frontchannel_logout_uris` and `claims_redirect_uri` parameters in `setup_client` and `register_site` commands
|
12
|
+
- `op_discovery_path` parameter in `get_client_token` command
|
13
|
+
|
14
|
+
### Removed
|
15
|
+
- `update_site_registration` command
|
16
|
+
- `client_logout_uris` and `oxd_rp_programming_language` parameters from `setup_client` command
|
17
|
+
- `oxd_id`, `authorization_redirect_uri`, `post_logout_redirect_uri`, `application_type`, `response_types`, `grant_types`, `acr_values`, `client_name`, `client_jwks_uri`, `client_token_endpoint_auth_method`, `client_request_uris`, `client_sector_identifier_uri`, `contacts`, `ui_locales`, `claims_locales`, `client_logout_uris` and `oxd_rp_programming_language` parameters from `get_client_token` command
|
18
|
+
- `client_logout_uris` parameter from `register_site` command
|
19
|
+
|
4
20
|
## [0.1.9] - 2017-10-17
|
5
21
|
### Added
|
6
22
|
- support for oxd-to-https
|
data/README.md
CHANGED
@@ -1,243 +1,5 @@
|
|
1
|
-
#
|
2
|
-
[![Gem Version](https://badge.fury.io/rb/oxd-ruby.png)](https://badge.fury.io/rb/oxd-ruby)
|
1
|
+
# oxd-Ruby
|
3
2
|
|
4
|
-
Ruby
|
3
|
+
oxd-Ruby is a client library for Gluu's OpenID Connect and UMA client software, [oxd](https://gluu.org/docs/oxd/3.1.2/).
|
5
4
|
|
6
|
-
|
7
|
-
|
8
|
-
## Using the Library in your website
|
9
|
-
|
10
|
-
> You are now on the `master` branch. If you want to use `oxd-ruby` for production use, switch to the branch of the matching version as the `oxd-server` you are installing.
|
11
|
-
|
12
|
-
[oxD RP](https://gluu.org/docs/oxd/3.1.1) has complete information about the Code Authorization flow and the various details about oxD RP configuration. This document provides only documentation about the oxd-ruby library.
|
13
|
-
|
14
|
-
### Prerequisites
|
15
|
-
|
16
|
-
* A valid OpenID Connect Provider (OP), like the Gluu Server or Google.
|
17
|
-
* An active installation of the oxd-server running on the same server as the client application.
|
18
|
-
* An active installation of the oxd-https-extension if oxd-https-extension connection is used. In this case, client applications can be on different servers but will be able to access oxd-https-extension.
|
19
|
-
|
20
|
-
|
21
|
-
### Installation
|
22
|
-
|
23
|
-
To install gem, add this line to your application's Gemfile:
|
24
|
-
|
25
|
-
```ruby
|
26
|
-
gem 'oxd-ruby', '~> 0.1.9'
|
27
|
-
```
|
28
|
-
|
29
|
-
Run bundle command to install it:
|
30
|
-
|
31
|
-
```bash
|
32
|
-
$ bundle install
|
33
|
-
```
|
34
|
-
#### Important Links
|
35
|
-
|
36
|
-
- See the [API docs](https://gluu.org/docs/oxd/3.1.1/libraries/ruby/) for in-depth information about the various functions and their parameters.
|
37
|
-
- See the code of a [sample Ruby on Rails app](https://github.com/GluuFederation/oxd-ruby/tree/master/demosite) built using oxd-ruby.
|
38
|
-
|
39
|
-
### Configuring
|
40
|
-
|
41
|
-
After you installed oxd-ruby, you need to run the generator command to generate the configuration file:
|
42
|
-
|
43
|
-
```bash
|
44
|
-
$ rails generate oxd:config
|
45
|
-
```
|
46
|
-
|
47
|
-
The generator will install `oxd_config.rb` initializer file in `config/initializers` directory which conatins all the global configuration options for oxd-ruby plguin. The generated configuration file looks like this:
|
48
|
-
|
49
|
-
```ruby
|
50
|
-
config.oxd_host_ip = '127.0.0.1'
|
51
|
-
config.oxd_host_port = 8099
|
52
|
-
config.op_host = "https://your.openid.provider.com"
|
53
|
-
config.client_id = "<client_id of OpenId provider>"
|
54
|
-
config.client_secret = "<client_secret of OpenId provider>"
|
55
|
-
config.client_name = "Gluu Oxd Sample Client"
|
56
|
-
config.authorization_redirect_uri = "https://domain.example.com/callback"
|
57
|
-
config.logout_redirect_uri = "https://domain.example.com/callback2"
|
58
|
-
config.post_logout_redirect_uri = "https://domain.example.com/logout"
|
59
|
-
config.scope = ["openid","profile", "email", "uma_protection","uma_authorization"]
|
60
|
-
config.grant_types = []
|
61
|
-
config.application_type = "web"
|
62
|
-
config.response_types = ["code"]
|
63
|
-
config.acr_values = ["basic"]
|
64
|
-
config.client_jwks_uri = ""
|
65
|
-
config.client_token_endpoint_auth_method = ""
|
66
|
-
config.client_request_uris = []
|
67
|
-
config.contacts = ["example-email@gmail.com"]
|
68
|
-
config.client_logout_uris = ['https://domain.example.com/logout']
|
69
|
-
config.oxd_host = "https://127.0.0.1:8443" set if you are using oxd-https extension
|
70
|
-
config.connection_type = "local" if you are using oxd-server without oxd-https extension otherwise "web"
|
71
|
-
config.dynamic_registration = true if the op_host supports dynamic registration otherwise 'false'
|
72
|
-
```
|
73
|
-
The following configuration must be set in config file before the gem can be used:
|
74
|
-
|
75
|
-
- config.oxd_host_ip
|
76
|
-
- config.oxd_host_port
|
77
|
-
- config.op_host
|
78
|
-
- config.authorization_redirect_uri
|
79
|
-
- config.client_id
|
80
|
-
- config.client_secret
|
81
|
-
- config.connection_type
|
82
|
-
- config.oxd_host
|
83
|
-
|
84
|
-
**Note :** client_id and client_secret must be set if your OpenID provider does not support dynamic registration, otherwise can be left blank.
|
85
|
-
|
86
|
-
## Usage
|
87
|
-
|
88
|
-
Add following snippet to your `application_controller.rb` file:
|
89
|
-
|
90
|
-
```ruby
|
91
|
-
require 'oxd-ruby'
|
92
|
-
|
93
|
-
before_filter :set_oxd_commands_instance
|
94
|
-
protected
|
95
|
-
def set_oxd_commands_instance
|
96
|
-
@oxd_command = Oxd::ClientOxdCommands.new
|
97
|
-
@uma_command = Oxd::UMACommands.new
|
98
|
-
@oxdConfig = @oxd_command.oxdConfig
|
99
|
-
end
|
100
|
-
```
|
101
|
-
|
102
|
-
The `ClientOxdCommands` class of the library provides all the methods required for the website to communicate with the oxD RP through sockets. The `oxdConfig` method returns Oxd Configuration object.
|
103
|
-
The `UMACommands` class provides commands for UMA Resource Server(UMA RS) and UMA Requesting Party(UMA RP) protocol.
|
104
|
-
|
105
|
-
### Setup Client
|
106
|
-
|
107
|
-
In order to use an OpenID Connect Provider (OP) for login, you need to setup your client application at the OP. During setup oxd will dynamically register the OpenID Connect client and save its configuration. Upon successful setup a unique identifier will be issued by the oxd server by assigning a specific oxd id. Along with oxd Id oxd server will also return client Id and client secret. This client Id and client secret can be used for `get_client_token` method. The Setup Client method is a one time task to configure a client in the oxd server and OP.
|
108
|
-
|
109
|
-
**Note:** If your OpenID Connect Provider does not support dynamic registration (like Google), you will need to obtain a ClientID and Client Secret which can be set in `oxd_config.rb` initializer file.
|
110
|
-
|
111
|
-
```ruby
|
112
|
-
@oxd_command.setup_client
|
113
|
-
```
|
114
|
-
|
115
|
-
### Get Client Token
|
116
|
-
|
117
|
-
The `get_client_token` method is used to get a token which is sent as `protection_access_token` for other methods when the `protect_commands_with_access_token` is enabled in oxd-server.
|
118
|
-
|
119
|
-
> `get_client_token` command must be invoked to use following methods when the `protect_commands_with_access_token` is enabled in oxd-server.
|
120
|
-
|
121
|
-
```ruby
|
122
|
-
@oxd_command.get_client_token
|
123
|
-
```
|
124
|
-
|
125
|
-
### Website Registration
|
126
|
-
|
127
|
-
In order to use an OpenID Connect Provider (OP) for login, you need to register your client application at the OP. During registration oxd will dynamically register the OpenID Connect client and save its configuration. Upon successful registration a unique identifier will be issued by the oxd server. The Register Site method is a one time task to configure a client in the oxd server and OP.
|
128
|
-
|
129
|
-
**Note:** If your OpenID Connect Provider does not support dynamic registration (like Google), you will need to obtain a ClientID and Client Secret which can be set in `oxd_config.rb` initializer file.
|
130
|
-
|
131
|
-
```ruby
|
132
|
-
@oxd_command.register_site
|
133
|
-
```
|
134
|
-
|
135
|
-
### Get Authorization URL
|
136
|
-
|
137
|
-
The `get_authorization_url` method returns the OpenID Connect Provider authentication URL to which the client application must redirect the user to authorize the release of personal data. The response URL includes state value, which can be used to obtain tokens required for authentication. This state value is used
|
138
|
-
to maintain state between the request and the callback.
|
139
|
-
|
140
|
-
```ruby
|
141
|
-
authorization_url = @oxd_command.get_authorization_url
|
142
|
-
```
|
143
|
-
Using the above url the website can redirect the user for authentication at the OpenId Provider.
|
144
|
-
|
145
|
-
### Get access token
|
146
|
-
|
147
|
-
Upon successful login, the login result will return code and state. `get_tokens_by_code` uses code and state to retrieve token which can be used to access user claims.
|
148
|
-
|
149
|
-
```ruby
|
150
|
-
code = params[:code]
|
151
|
-
state = params[:state]
|
152
|
-
access_token = @oxd_command.get_tokens_by_code( code,state )
|
153
|
-
```
|
154
|
-
The values for code and state are parsed from the callback url query parameters.
|
155
|
-
|
156
|
-
### Get Access Token by Refresh Token
|
157
|
-
|
158
|
-
The `get_access_token_by_refresh_token` method is used to get a fresh access token and refresh token by using the refresh token which is obtained from `get_tokens_by_code` method.
|
159
|
-
|
160
|
-
```ruby
|
161
|
-
access_token = @oxd_command.get_access_token_by_refresh_token
|
162
|
-
```
|
163
|
-
|
164
|
-
### Get user claims
|
165
|
-
|
166
|
-
Once the user has been authenticated by the OpenID Connect Provider, the `get_user_info` method returns Claims (Like First Name, Last Name, emailId, etc.) about the authenticated end user. Claims (user information fields) made availble by the OpenId Provider can be fetched using the access token obtained above.
|
167
|
-
|
168
|
-
```ruby
|
169
|
-
user = @oxd_command.get_user_info(access_token)
|
170
|
-
```
|
171
|
-
|
172
|
-
### Using the claims
|
173
|
-
|
174
|
-
Once the user data is obtained, the various claims supported by the OpenId Provider can be used as required.
|
175
|
-
|
176
|
-
```ruby
|
177
|
-
<% user.each do |field,value| %>
|
178
|
-
<%= "#{field} : #{value}" %>
|
179
|
-
<% end %>
|
180
|
-
```
|
181
|
-
The availability of various claims are completely dependent on the OpenId Provider.
|
182
|
-
|
183
|
-
### Logging out
|
184
|
-
|
185
|
-
Once the required work is done the user can be logged out of the system. `get_logout_uri` method returns the OpenID Connect Provider logout url.
|
186
|
-
|
187
|
-
```ruby
|
188
|
-
logout_uri = @oxd_command.get_logout_uri(state, session_state)
|
189
|
-
```
|
190
|
-
You can then redirect the user to obtained url to perform logout.
|
191
|
-
|
192
|
-
## Using UMA commands
|
193
|
-
|
194
|
-
### UMA Protect resources
|
195
|
-
|
196
|
-
`uma_rs_protect` method is used for protecting resource with UMA Resource server. Resource server need to construct the command which will protect the resource. The command will contain api path, http methods (POST,GET, PUT) and scopes. Scopes can be mapped with authorization policy (uma_rpt_policies). If no authorization policy mapped, `uma_rs_check_access` method will always return access as granted.
|
197
|
-
|
198
|
-
To protect resources with UMA Resource server, you need to add resources to library using `uma_add_resource(path, *conditions)` method. Then you can call following method to register resources for protection with UMA RS.
|
199
|
-
|
200
|
-
```ruby
|
201
|
-
@uma_command.uma_add_resource(path, *conditions)
|
202
|
-
@uma_command.uma_rs_protect
|
203
|
-
```
|
204
|
-
|
205
|
-
### UMA Check access for a particular resource
|
206
|
-
To check wether you have access to a particular resource on UMA Resource Sevrer or not, use following method:
|
207
|
-
|
208
|
-
```ruby
|
209
|
-
@uma_command.uma_rs_check_access(path, http_method)
|
210
|
-
```
|
211
|
-
|
212
|
-
### Get Requesting Party Token(RPT)
|
213
|
-
To gain access to protected resources at the UMA resource server, you must first obtain RPT.
|
214
|
-
|
215
|
-
**Method parameters:**
|
216
|
-
|
217
|
-
- claim_token: (Optional)
|
218
|
-
- claim_token_format: (Optional)
|
219
|
-
- pct: (Optional)
|
220
|
-
- rpt: (Optional)
|
221
|
-
- scope: (Optional)
|
222
|
-
- state: (Optional) state that is returned from uma_rp_get_claims_gathering_url method
|
223
|
-
|
224
|
-
```ruby
|
225
|
-
@uma_command.uma_rp_get_rpt
|
226
|
-
```
|
227
|
-
|
228
|
-
### UMA RP - Get Claims-Gathering URL
|
229
|
-
|
230
|
-
**Method parameters:**
|
231
|
-
|
232
|
-
- claims_redirect_uri: (Required)
|
233
|
-
|
234
|
-
```ruby
|
235
|
-
@uma_command.uma_rp_get_claims_gathering_url
|
236
|
-
```
|
237
|
-
|
238
|
-
## Logs
|
239
|
-
You can find `oxd-ruby.log` file in `rails_app_root/log` folder. It contains all the logs about oxd-server connections, commands/data sent to server, recieved response and all the errors and exceptions raised.
|
240
|
-
|
241
|
-
## Demo Site
|
242
|
-
|
243
|
-
The **demosite** folder contains a demo Ruby on Rails application which uses the `oxd-ruby` library to demonstrate the usage of the library. The deployment instrctions for the demo site can be found inside the demosite's README file.
|
5
|
+
For complete instructions on how to use oxd-ruby, please see the [oxd-ruby docs](https://gluu.org/docs/oxd/3.1.2/libraries/languages/ruby).
|
@@ -5,12 +5,13 @@ Oxd.configure do |config|
|
|
5
5
|
config.op_host = "https://your.openid.provider.com"
|
6
6
|
config.client_id = ""
|
7
7
|
config.client_secret = ""
|
8
|
-
config.client_name = "Gluu
|
8
|
+
config.client_name = "Gluu oxd Sample Client"
|
9
|
+
config.op_discovery_path = ""
|
9
10
|
config.authorization_redirect_uri = "https://domain.example.com/callback"
|
10
|
-
config.logout_redirect_uri = "https://domain.example.com/callback2"
|
11
11
|
config.post_logout_redirect_uri = "https://domain.example.com/logout"
|
12
|
+
config.claims_redirect_uri = ["https://domain.example.com/claims"]
|
12
13
|
config.scope = ["openid","profile", "email", "uma_protection","uma_authorization"]
|
13
|
-
config.grant_types = []
|
14
|
+
config.grant_types = ["authorization_code","client_credenitals"]
|
14
15
|
config.application_type = "web"
|
15
16
|
config.response_types = ["code"]
|
16
17
|
config.acr_values = ["basic"]
|
@@ -18,8 +19,7 @@ Oxd.configure do |config|
|
|
18
19
|
config.client_token_endpoint_auth_method = ""
|
19
20
|
config.client_request_uris = []
|
20
21
|
config.contacts = ["example-email@gmail.com"]
|
21
|
-
config.
|
22
|
-
config.oxd_host = ""
|
22
|
+
config.client_frontchannel_logout_uris = ['https://domain.example.com/logout']
|
23
23
|
config.connection_type = "local"
|
24
24
|
config.dynamic_registration = true
|
25
25
|
end
|
data/lib/oxd-ruby.rb
CHANGED
@@ -1,12 +1,14 @@
|
|
1
1
|
# load oxd components
|
2
|
+
require 'oxd/version'
|
2
3
|
require 'oxd/config'
|
4
|
+
require 'oxd/errors'
|
3
5
|
require 'oxd/oxd_connector'
|
4
6
|
require 'oxd/client_oxd_commands'
|
5
7
|
require 'oxd/uma_commands'
|
6
8
|
|
7
9
|
# @author Inderpal Singh
|
8
10
|
# Oxd Module namespace
|
9
|
-
# oxd_version 3.1.
|
11
|
+
# oxd_version 3.1.2
|
10
12
|
module Oxd
|
11
13
|
|
12
14
|
end
|
@@ -1,12 +1,12 @@
|
|
1
1
|
# @author Inderpal Singh
|
2
|
-
# @note supports oxd-version 3.1.
|
2
|
+
# @note supports oxd-version 3.1.2
|
3
3
|
module Oxd
|
4
4
|
|
5
5
|
require 'json'
|
6
6
|
|
7
|
-
# This class carries out the commands to talk with the
|
8
|
-
# The
|
9
|
-
# to the
|
7
|
+
# This class carries out the commands to talk with the oxd server.
|
8
|
+
# The oxd request commands are provided as class methods that can be called to send the command
|
9
|
+
# to the oxd server via socket and the reponse is returned as a dict by the called method.
|
10
10
|
class ClientOxdCommands < OxdConnector
|
11
11
|
|
12
12
|
# class constructor
|
@@ -15,116 +15,69 @@ module Oxd
|
|
15
15
|
end
|
16
16
|
|
17
17
|
# @return [String] oxd_id of the registered website
|
18
|
-
# method to setup the client and generate a Client ID, Client Secret for the site
|
19
|
-
# works with oxd-to-https and oxd-server
|
18
|
+
# method to setup the client and generate a Client ID, Client Secret for the site
|
20
19
|
def setup_client
|
21
20
|
@command = 'setup_client'
|
22
|
-
@params =
|
23
|
-
"authorization_redirect_uri" => @configuration.authorization_redirect_uri,
|
24
|
-
"op_host" => @configuration.op_host,
|
25
|
-
"post_logout_redirect_uri" => @configuration.post_logout_redirect_uri,
|
26
|
-
"application_type" => @configuration.application_type,
|
27
|
-
"response_types"=> @configuration.response_types,
|
28
|
-
"grant_types" => @configuration.grant_types,
|
29
|
-
"scope" => @configuration.scope,
|
30
|
-
"acr_values" => @configuration.acr_values,
|
31
|
-
"client_jwks_uri" => @configuration.client_jwks_uri,
|
32
|
-
"client_name" => @configuration.client_name,
|
33
|
-
"client_token_endpoint_auth_method" => @configuration.client_token_endpoint_auth_method,
|
34
|
-
"client_request_uris" => @configuration.client_request_uris,
|
35
|
-
"client_logout_uris"=> @configuration.client_logout_uris,
|
36
|
-
"client_sector_identifier_uri" => @configuration.client_sector_identifier_uri,
|
37
|
-
"contacts" => @configuration.contacts,
|
38
|
-
"ui_locales" => @configuration.ui_locales,
|
39
|
-
"claims_locales" => @configuration.claims_locales,
|
40
|
-
"client_id" => @configuration.client_id,
|
41
|
-
"client_secret" => @configuration.client_secret,
|
42
|
-
"oxd_rp_programming_language" => 'ruby',
|
43
|
-
"protection_access_token" => @configuration.protection_access_token
|
44
|
-
}
|
21
|
+
@params = client_params.merge(register_params)
|
45
22
|
request('setup-client')
|
46
23
|
@configuration.client_id = getResponseData['client_id']
|
47
24
|
@configuration.client_secret = getResponseData['client_secret']
|
48
25
|
@configuration.oxd_id = getResponseData['oxd_id']
|
49
|
-
|
50
26
|
end
|
51
27
|
|
52
28
|
# @return [String] oxd_id of the registered website
|
53
|
-
# method to register the website and generate a unique ID for that website
|
54
|
-
# works with oxd-to-https and oxd-server
|
29
|
+
# method to register the website and generate a unique ID for that website
|
55
30
|
def register_site
|
56
|
-
|
31
|
+
# Check if client is already registered
|
32
|
+
# @return registered oxd_id
|
33
|
+
if(!@configuration.oxd_id.empty?)
|
57
34
|
return @configuration.oxd_id
|
58
35
|
else
|
59
36
|
@command = 'register_site'
|
60
|
-
@params =
|
61
|
-
|
62
|
-
"op_host" => @configuration.op_host,
|
63
|
-
"post_logout_redirect_uri" => @configuration.post_logout_redirect_uri,
|
64
|
-
"application_type" => @configuration.application_type,
|
65
|
-
"response_types"=> @configuration.response_types,
|
66
|
-
"grant_types" => @configuration.grant_types,
|
67
|
-
"scope" => @configuration.scope,
|
68
|
-
"acr_values" => @configuration.acr_values,
|
69
|
-
"client_jwks_uri" => @configuration.client_jwks_uri,
|
70
|
-
"client_token_endpoint_auth_method" => @configuration.client_token_endpoint_auth_method,
|
71
|
-
"client_request_uris" => @configuration.client_request_uris,
|
72
|
-
"client_logout_uris"=> @configuration.client_logout_uris,
|
73
|
-
"contacts" => @configuration.contacts,
|
74
|
-
"client_id" => @configuration.client_id,
|
75
|
-
"client_secret" => @configuration.client_secret,
|
76
|
-
"client_name" => @configuration.client_name,
|
77
|
-
"client_sector_identifier_uri" => @configuration.client_sector_identifier_uri,
|
78
|
-
"ui_locales" => @configuration.ui_locales,
|
79
|
-
"claims_locales" => @configuration.claims_locales,
|
80
|
-
"protection_access_token" => @configuration.protection_access_token
|
81
|
-
}
|
37
|
+
@params = client_params.merge(register_params)
|
38
|
+
@params = @params.merge({"protection_access_token" => @configuration.protection_access_token})
|
82
39
|
request('register-site')
|
83
|
-
logger(
|
40
|
+
logger("oxd Id from register_site : "+getResponseData['oxd_id'])
|
84
41
|
@configuration.oxd_id = getResponseData['oxd_id']
|
85
42
|
end
|
86
43
|
end
|
87
44
|
|
45
|
+
# @param op_discovery_path [STRING] OPTIONAL, op discovery path provided by OP
|
88
46
|
# @return [STRING] access_token
|
89
47
|
# method to generate the protection access token
|
90
48
|
# obtained access token is passed as protection_access_token to all further calls to oxd-https-extension
|
91
|
-
def get_client_token
|
49
|
+
def get_client_token(op_discovery_path = nil)
|
92
50
|
@command = 'get_client_token'
|
93
51
|
@params = {
|
94
|
-
"oxd_id" => @configuration.oxd_id,
|
95
|
-
"authorization_redirect_uri" => @configuration.authorization_redirect_uri,
|
96
52
|
"op_host" => @configuration.op_host,
|
97
|
-
"post_logout_redirect_uri" => @configuration.post_logout_redirect_uri,
|
98
|
-
"application_type" => @configuration.application_type,
|
99
|
-
"response_types"=> @configuration.response_types,
|
100
|
-
"grant_types" => @configuration.grant_types,
|
101
53
|
"scope" => @configuration.scope,
|
102
|
-
"acr_values" => @configuration.acr_values,
|
103
|
-
"client_name" => @configuration.client_name,
|
104
|
-
"client_jwks_uri" => @configuration.client_jwks_uri,
|
105
|
-
"client_token_endpoint_auth_method" => @configuration.client_token_endpoint_auth_method,
|
106
|
-
"client_request_uris" => @configuration.client_request_uris,
|
107
|
-
"client_sector_identifier_uri" => @configuration.client_sector_identifier_uri,
|
108
|
-
"contacts" => @configuration.contacts,
|
109
|
-
"ui_locales" => @configuration.ui_locales,
|
110
|
-
"claims_locales" => @configuration.claims_locales,
|
111
54
|
"client_id" => @configuration.client_id,
|
112
55
|
"client_secret" => @configuration.client_secret,
|
113
|
-
"
|
114
|
-
"oxd_rp_programming_language" => 'ruby'
|
56
|
+
"op_discovery_path" => (op_discovery_path.blank?)? @configuration.op_discovery_path : op_discovery_path,
|
115
57
|
}
|
116
58
|
request('get-client-token')
|
117
59
|
@configuration.protection_access_token = getResponseData['access_token']
|
118
60
|
end
|
119
61
|
|
62
|
+
# @return [OBJECT] @response_data
|
63
|
+
# method to gain information about an access token
|
64
|
+
def introspect_access_token
|
65
|
+
@command = 'introspect_access_token'
|
66
|
+
@params = {
|
67
|
+
"oxd_id" => @configuration.oxd_id,
|
68
|
+
"access_token" => @configuration.protection_access_token
|
69
|
+
}
|
70
|
+
request('introspect-access-token')
|
71
|
+
getResponseData
|
72
|
+
end
|
73
|
+
|
120
74
|
# @param scope [Array] OPTIONAL, scopes required, takes the scopes registered with register_site by defualt
|
121
75
|
# @param acr_values [Array] OPTIONAL, list of acr values in the order of priority
|
122
76
|
# @param custom_params [Hash] OPTIONAL, custom parameters
|
123
77
|
# @return [String] authorization_url
|
124
|
-
# method to get authorization url that the user must be redirected to for authorization and authentication
|
125
|
-
|
126
|
-
|
127
|
-
logger(:log_msg => "@configuration object params #{@configuration.inspect}", :error => "")
|
78
|
+
# method to get authorization url that the user must be redirected to for authorization and authentication
|
79
|
+
def get_authorization_url(scope: [], acr_values: [], custom_params: {})
|
80
|
+
logger("@configuration object params #{@configuration.inspect}")
|
128
81
|
|
129
82
|
@command = 'get_authorization_url'
|
130
83
|
@params = {
|
@@ -135,19 +88,18 @@ module Oxd
|
|
135
88
|
"custom_parameters" => custom_params,
|
136
89
|
"protection_access_token" => @configuration.protection_access_token
|
137
90
|
}
|
138
|
-
logger(
|
91
|
+
logger("get_authorization_url params #{@params.inspect}")
|
139
92
|
request('get-authorization-url')
|
140
93
|
getResponseData['authorization_url']
|
141
94
|
end
|
142
95
|
|
143
96
|
# @param code [String] code obtained from the authorization url callback
|
144
97
|
# @param state [String] state obtained from the authorization url callback
|
145
|
-
# @return [
|
146
|
-
# method to retrieve access token. It is called after the user authorizes by visiting the authorization url.
|
147
|
-
# works with oxd-to-https and oxd-server
|
98
|
+
# @return [String] access_token
|
99
|
+
# method to retrieve access token. It is called after the user authorizes by visiting the authorization url.
|
148
100
|
def get_tokens_by_code( code, state )
|
149
101
|
if (code.empty?)
|
150
|
-
|
102
|
+
trigger_error("Empty/Wrong value in place of code.")
|
151
103
|
end
|
152
104
|
@command = 'get_tokens_by_code'
|
153
105
|
@params = {
|
@@ -165,7 +117,7 @@ module Oxd
|
|
165
117
|
# @param scope [Array] OPTIONAL, scopes required, takes the scopes registered with register_site by defualt
|
166
118
|
# @return [String] access_token
|
167
119
|
# method to retrieve access token. It is called after getting the refresh_token by using the code and state.
|
168
|
-
|
120
|
+
|
169
121
|
def get_access_token_by_refresh_token(scope = nil)
|
170
122
|
@command = 'get_access_token_by_refresh_token'
|
171
123
|
@params = {
|
@@ -180,11 +132,10 @@ module Oxd
|
|
180
132
|
|
181
133
|
# @param access_token [String] access token recieved from the get_tokens_by_code command
|
182
134
|
# @return [String] user data claims that are returned by the OP
|
183
|
-
# get the information about the user using the access token obtained from the OP
|
184
|
-
# works with oxd-to-https and oxd-server
|
135
|
+
# get the information about the user using the access token obtained from the OP
|
185
136
|
def get_user_info(access_token)
|
186
137
|
if access_token.empty?
|
187
|
-
|
138
|
+
trigger_error("Empty access code sent for get_user_info")
|
188
139
|
end
|
189
140
|
@command = 'get_user_info'
|
190
141
|
@params = {
|
@@ -199,8 +150,7 @@ module Oxd
|
|
199
150
|
# @param state [String] OPTIONAL, website state obtained from the authorization url callback
|
200
151
|
# @param session_state [String] OPTIONAL, session state obtained from the authorization url callback
|
201
152
|
# @return [String] uri
|
202
|
-
# method to retrieve logout url from OP. User must be redirected to this url to perform logout
|
203
|
-
# works with oxd-to-https and oxd-server
|
153
|
+
# method to retrieve logout url from OP. User must be redirected to this url to perform logout
|
204
154
|
def get_logout_uri( state = nil, session_state = nil)
|
205
155
|
@command = 'get_logout_uri'
|
206
156
|
@params = {
|
@@ -216,43 +166,80 @@ module Oxd
|
|
216
166
|
end
|
217
167
|
|
218
168
|
# @return [Boolean] status - if site registration was updated successfully or not
|
219
|
-
# method to update the website's information
|
220
|
-
# This should be called after changing the values in the oxd_config file.
|
221
|
-
|
222
|
-
|
223
|
-
|
169
|
+
# method to update the website's information for oxd server.
|
170
|
+
# This should be called after changing the values in the oxd_config file.
|
171
|
+
def update_site
|
172
|
+
@command = 'update_site'
|
173
|
+
@params = client_params.merge(
|
174
|
+
{
|
175
|
+
"oxd_id" => @configuration.oxd_id,
|
176
|
+
"client_secret_expires_at" => 3080736637943,
|
177
|
+
"oxd_rp_programming_language" => "ruby",
|
178
|
+
"protection_access_token" => @configuration.protection_access_token
|
179
|
+
}
|
180
|
+
)
|
181
|
+
request('update-site')
|
182
|
+
if @response_object['status'] == "ok"
|
183
|
+
@configuration.oxd_id = getResponseData['oxd_id']
|
184
|
+
return true
|
185
|
+
else
|
186
|
+
return false
|
187
|
+
end
|
188
|
+
end
|
189
|
+
|
190
|
+
# @return [String] oxd_id - if site data was cleaned successfully
|
191
|
+
# method to clean up the website's information from oxd server.
|
192
|
+
def remove_site
|
193
|
+
@command = 'remove_site'
|
224
194
|
@params = {
|
225
195
|
"oxd_id" => @configuration.oxd_id,
|
196
|
+
"protection_access_token" => @configuration.protection_access_token
|
197
|
+
}
|
198
|
+
request('remove-site')
|
199
|
+
if @response_object['status'] == "ok"
|
200
|
+
@configuration.oxd_id = getResponseData['oxd_id']
|
201
|
+
end
|
202
|
+
end
|
203
|
+
|
204
|
+
# @return [HASH] client_params
|
205
|
+
# common params to use with client setup commands
|
206
|
+
# ie. setup_client, register_site and update_site
|
207
|
+
def client_params
|
208
|
+
client_params = {
|
226
209
|
"authorization_redirect_uri" => @configuration.authorization_redirect_uri,
|
227
210
|
"post_logout_redirect_uri" => @configuration.post_logout_redirect_uri,
|
228
|
-
"client_logout_uris"=> @configuration.client_logout_uris,
|
229
211
|
"response_types"=> @configuration.response_types,
|
230
212
|
"grant_types" => @configuration.grant_types,
|
231
213
|
"scope" => @configuration.scope,
|
232
214
|
"acr_values" => @configuration.acr_values,
|
233
|
-
"client_name" => @configuration.client_name,
|
234
|
-
"client_secret_expires_at" => 3080736637943,
|
235
215
|
"client_jwks_uri" => @configuration.client_jwks_uri,
|
216
|
+
"client_name" => @configuration.client_name,
|
236
217
|
"client_token_endpoint_auth_method" => @configuration.client_token_endpoint_auth_method,
|
237
218
|
"client_request_uris" => @configuration.client_request_uris,
|
219
|
+
"client_frontchannel_logout_uris" => @configuration.client_frontchannel_logout_uris,
|
238
220
|
"client_sector_identifier_uri" => @configuration.client_sector_identifier_uri,
|
239
221
|
"contacts" => @configuration.contacts,
|
240
222
|
"ui_locales" => @configuration.ui_locales,
|
241
|
-
"claims_locales" => @configuration.claims_locales
|
242
|
-
|
243
|
-
|
244
|
-
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
249
|
-
|
250
|
-
|
223
|
+
"claims_locales" => @configuration.claims_locales
|
224
|
+
}
|
225
|
+
end
|
226
|
+
|
227
|
+
# @return [HASH] register_params
|
228
|
+
# common params to use with register_site and setup_client commands
|
229
|
+
def register_params
|
230
|
+
register_params = {
|
231
|
+
"op_host" => @configuration.op_host,
|
232
|
+
"application_type" => @configuration.application_type,
|
233
|
+
"claims_redirect_uri" => @configuration.claims_redirect_uri,
|
234
|
+
"client_id" => @configuration.client_id,
|
235
|
+
"client_secret" => @configuration.client_secret,
|
236
|
+
"oxd_rp_programming_language" => "ruby"
|
237
|
+
}
|
251
238
|
end
|
252
239
|
|
253
|
-
# @return
|
240
|
+
# @return oxd Configuraton object
|
254
241
|
def oxdConfig
|
255
242
|
return @configuration
|
256
243
|
end
|
257
244
|
end
|
258
|
-
end
|
245
|
+
end
|