rack-oauth2-revibe 1.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.document +5 -0
- data/.gitignore +22 -0
- data/.rspec +2 -0
- data/.travis.yml +3 -0
- data/Gemfile +7 -0
- data/LICENSE +20 -0
- data/README.rdoc +78 -0
- data/Rakefile +25 -0
- data/VERSION +1 -0
- data/lib/rack/oauth2.rb +67 -0
- data/lib/rack/oauth2/access_token.rb +36 -0
- data/lib/rack/oauth2/access_token/authenticator.rb +24 -0
- data/lib/rack/oauth2/access_token/bearer.rb +11 -0
- data/lib/rack/oauth2/access_token/legacy.rb +23 -0
- data/lib/rack/oauth2/access_token/mac.rb +103 -0
- data/lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb +17 -0
- data/lib/rack/oauth2/access_token/mac/signature.rb +34 -0
- data/lib/rack/oauth2/access_token/mac/verifier.rb +44 -0
- data/lib/rack/oauth2/client.rb +139 -0
- data/lib/rack/oauth2/client/error.rb +14 -0
- data/lib/rack/oauth2/client/grant.rb +30 -0
- data/lib/rack/oauth2/client/grant/authorization_code.rb +12 -0
- data/lib/rack/oauth2/client/grant/client_credentials.rb +10 -0
- data/lib/rack/oauth2/client/grant/facebook_token.rb +12 -0
- data/lib/rack/oauth2/client/grant/password.rb +11 -0
- data/lib/rack/oauth2/client/grant/refresh_token.rb +11 -0
- data/lib/rack/oauth2/debugger.rb +3 -0
- data/lib/rack/oauth2/debugger/request_filter.rb +30 -0
- data/lib/rack/oauth2/server.rb +4 -0
- data/lib/rack/oauth2/server/abstract.rb +4 -0
- data/lib/rack/oauth2/server/abstract/error.rb +69 -0
- data/lib/rack/oauth2/server/abstract/handler.rb +20 -0
- data/lib/rack/oauth2/server/abstract/request.rb +29 -0
- data/lib/rack/oauth2/server/abstract/response.rb +15 -0
- data/lib/rack/oauth2/server/authorize.rb +117 -0
- data/lib/rack/oauth2/server/authorize/code.rb +39 -0
- data/lib/rack/oauth2/server/authorize/error.rb +71 -0
- data/lib/rack/oauth2/server/authorize/extension.rb +12 -0
- data/lib/rack/oauth2/server/authorize/extension/code_and_token.rb +39 -0
- data/lib/rack/oauth2/server/authorize/token.rb +43 -0
- data/lib/rack/oauth2/server/resource.rb +55 -0
- data/lib/rack/oauth2/server/resource/bearer.rb +47 -0
- data/lib/rack/oauth2/server/resource/bearer/error.rb +24 -0
- data/lib/rack/oauth2/server/resource/error.rb +81 -0
- data/lib/rack/oauth2/server/resource/mac.rb +36 -0
- data/lib/rack/oauth2/server/resource/mac/error.rb +24 -0
- data/lib/rack/oauth2/server/token.rb +87 -0
- data/lib/rack/oauth2/server/token/authorization_code.rb +28 -0
- data/lib/rack/oauth2/server/token/client_credentials.rb +23 -0
- data/lib/rack/oauth2/server/token/error.rb +54 -0
- data/lib/rack/oauth2/server/token/extension.rb +12 -0
- data/lib/rack/oauth2/server/token/extension/jwt.rb +37 -0
- data/lib/rack/oauth2/server/token/facebook_token.rb +27 -0
- data/lib/rack/oauth2/server/token/password.rb +27 -0
- data/lib/rack/oauth2/server/token/refresh_token.rb +26 -0
- data/lib/rack/oauth2/util.rb +58 -0
- data/rack-oauth2.gemspec +30 -0
- data/spec/helpers/time.rb +19 -0
- data/spec/helpers/webmock_helper.rb +41 -0
- data/spec/mock_response/blank +0 -0
- data/spec/mock_response/errors/invalid_request.json +4 -0
- data/spec/mock_response/resources/fake.txt +1 -0
- data/spec/mock_response/tokens/_Bearer.json +6 -0
- data/spec/mock_response/tokens/bearer.json +6 -0
- data/spec/mock_response/tokens/legacy.json +5 -0
- data/spec/mock_response/tokens/legacy.txt +1 -0
- data/spec/mock_response/tokens/legacy_without_expires_in.txt +1 -0
- data/spec/mock_response/tokens/mac.json +8 -0
- data/spec/mock_response/tokens/unknown.json +6 -0
- data/spec/rack/oauth2/access_token/authenticator_spec.rb +43 -0
- data/spec/rack/oauth2/access_token/bearer_spec.rb +18 -0
- data/spec/rack/oauth2/access_token/legacy_spec.rb +23 -0
- data/spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb +28 -0
- data/spec/rack/oauth2/access_token/mac/signature_spec.rb +59 -0
- data/spec/rack/oauth2/access_token/mac/verifier_spec.rb +25 -0
- data/spec/rack/oauth2/access_token/mac_spec.rb +141 -0
- data/spec/rack/oauth2/access_token_spec.rb +69 -0
- data/spec/rack/oauth2/client/error_spec.rb +18 -0
- data/spec/rack/oauth2/client/grant/authorization_code_spec.rb +37 -0
- data/spec/rack/oauth2/client/grant/client_credentials_spec.rb +7 -0
- data/spec/rack/oauth2/client/grant/password_spec.rb +33 -0
- data/spec/rack/oauth2/client/grant/refresh_token_spec.rb +21 -0
- data/spec/rack/oauth2/client_spec.rb +287 -0
- data/spec/rack/oauth2/debugger/request_filter_spec.rb +33 -0
- data/spec/rack/oauth2/oauth2_spec.rb +74 -0
- data/spec/rack/oauth2/server/abstract/error_spec.rb +59 -0
- data/spec/rack/oauth2/server/authorize/code_spec.rb +57 -0
- data/spec/rack/oauth2/server/authorize/error_spec.rb +103 -0
- data/spec/rack/oauth2/server/authorize/extensions/code_and_token_spec.rb +60 -0
- data/spec/rack/oauth2/server/authorize/token_spec.rb +73 -0
- data/spec/rack/oauth2/server/authorize_spec.rb +214 -0
- data/spec/rack/oauth2/server/resource/bearer/error_spec.rb +52 -0
- data/spec/rack/oauth2/server/resource/bearer_spec.rb +123 -0
- data/spec/rack/oauth2/server/resource/error_spec.rb +147 -0
- data/spec/rack/oauth2/server/resource/mac/error_spec.rb +52 -0
- data/spec/rack/oauth2/server/resource/mac_spec.rb +119 -0
- data/spec/rack/oauth2/server/resource_spec.rb +23 -0
- data/spec/rack/oauth2/server/token/authorization_code_spec.rb +43 -0
- data/spec/rack/oauth2/server/token/client_credentials_spec.rb +23 -0
- data/spec/rack/oauth2/server/token/error_spec.rb +77 -0
- data/spec/rack/oauth2/server/token/password_spec.rb +37 -0
- data/spec/rack/oauth2/server/token/refresh_token_spec.rb +34 -0
- data/spec/rack/oauth2/server/token_spec.rb +134 -0
- data/spec/rack/oauth2/util_spec.rb +97 -0
- data/spec/spec_helper.rb +14 -0
- metadata +326 -0
@@ -0,0 +1,47 @@
|
|
1
|
+
module Rack
|
2
|
+
module OAuth2
|
3
|
+
module Server
|
4
|
+
class Resource
|
5
|
+
class Bearer < Resource
|
6
|
+
def call(env)
|
7
|
+
self.request = Request.new(env)
|
8
|
+
super
|
9
|
+
end
|
10
|
+
|
11
|
+
private
|
12
|
+
|
13
|
+
class Request < Resource::Request
|
14
|
+
def setup!
|
15
|
+
tokens = [access_token_in_header, access_token_in_payload].compact
|
16
|
+
@access_token = case Array(tokens).size
|
17
|
+
when 1
|
18
|
+
tokens.first
|
19
|
+
else
|
20
|
+
invalid_request!('Both Authorization header and payload includes access token.')
|
21
|
+
end
|
22
|
+
self
|
23
|
+
end
|
24
|
+
|
25
|
+
def oauth2?
|
26
|
+
(access_token_in_header || access_token_in_payload).present?
|
27
|
+
end
|
28
|
+
|
29
|
+
def access_token_in_header
|
30
|
+
if @auth_header.provided? && !@auth_header.parts.first.nil? && @auth_header.scheme.to_s == 'bearer'
|
31
|
+
@auth_header.params
|
32
|
+
else
|
33
|
+
nil
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
def access_token_in_payload
|
38
|
+
params['access_token']
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
require 'rack/oauth2/server/resource/bearer/error'
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module Rack
|
2
|
+
module OAuth2
|
3
|
+
module Server
|
4
|
+
class Resource
|
5
|
+
class Bearer
|
6
|
+
class Unauthorized < Resource::Unauthorized
|
7
|
+
def scheme
|
8
|
+
:Bearer
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
module ErrorMethods
|
13
|
+
include Resource::ErrorMethods
|
14
|
+
def unauthorized!(error = nil, description = nil, options = {})
|
15
|
+
raise Unauthorized.new(error, description, options)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
Request.send :include, ErrorMethods
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,81 @@
|
|
1
|
+
module Rack
|
2
|
+
module OAuth2
|
3
|
+
module Server
|
4
|
+
class Resource
|
5
|
+
class BadRequest < Abstract::BadRequest
|
6
|
+
end
|
7
|
+
|
8
|
+
class Unauthorized < Abstract::Unauthorized
|
9
|
+
def scheme
|
10
|
+
raise 'Define me!'
|
11
|
+
end
|
12
|
+
|
13
|
+
def finish
|
14
|
+
super do |response|
|
15
|
+
self.realm ||= DEFAULT_REALM
|
16
|
+
header = response.header['WWW-Authenticate'] = "#{scheme} realm=\"#{realm}\""
|
17
|
+
if ErrorMethods::DEFAULT_DESCRIPTION.keys.include?(error)
|
18
|
+
header << ", error=\"#{error}\""
|
19
|
+
header << ", error_description=\"#{description}\"" if description.present?
|
20
|
+
header << ", error_uri=\"#{uri}\"" if uri.present?
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
class Forbidden < Abstract::Forbidden
|
27
|
+
attr_accessor :scope
|
28
|
+
|
29
|
+
def initialize(error = :forbidden, description = nil, options = {})
|
30
|
+
super
|
31
|
+
@scope = options[:scope]
|
32
|
+
end
|
33
|
+
|
34
|
+
def protocol_params
|
35
|
+
super.merge(:scope => Array(scope).join(' '))
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
module ErrorMethods
|
40
|
+
DEFAULT_DESCRIPTION = {
|
41
|
+
:invalid_request => "The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats the same parameter, uses more than one method for including an access token, or is otherwise malformed.",
|
42
|
+
:invalid_token => "The access token provided is expired, revoked, malformed or invalid for other reasons.",
|
43
|
+
:insufficient_scope => "The request requires higher privileges than provided by the access token."
|
44
|
+
}
|
45
|
+
|
46
|
+
def self.included(klass)
|
47
|
+
DEFAULT_DESCRIPTION.each do |error, default_description|
|
48
|
+
error_method = case error
|
49
|
+
when :invalid_request
|
50
|
+
:bad_request!
|
51
|
+
when :insufficient_scope
|
52
|
+
:forbidden!
|
53
|
+
else
|
54
|
+
:unauthorized!
|
55
|
+
end
|
56
|
+
klass.class_eval <<-ERROR
|
57
|
+
def #{error}!(description = "#{default_description}", options = {})
|
58
|
+
#{error_method} :#{error}, description, options
|
59
|
+
end
|
60
|
+
ERROR
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
def bad_request!(error, description = nil, options = {})
|
65
|
+
raise BadRequest.new(error, description, options)
|
66
|
+
end
|
67
|
+
|
68
|
+
def unauthorized!(error = nil, description = nil, options = {})
|
69
|
+
raise 'Define me!'
|
70
|
+
end
|
71
|
+
|
72
|
+
def forbidden!(error, description = nil, options = {})
|
73
|
+
raise Forbidden.new(error, description, options)
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
Request.send :include, ErrorMethods
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
module Rack
|
2
|
+
module OAuth2
|
3
|
+
module Server
|
4
|
+
class Resource
|
5
|
+
class MAC < Resource
|
6
|
+
def call(env)
|
7
|
+
self.request = Request.new(env)
|
8
|
+
super
|
9
|
+
end
|
10
|
+
|
11
|
+
private
|
12
|
+
|
13
|
+
class Request < Resource::Request
|
14
|
+
attr_reader :nonce, :ts, :ext, :signature
|
15
|
+
|
16
|
+
def setup!
|
17
|
+
auth_params = Rack::Auth::Digest::Params.parse(@auth_header.params).with_indifferent_access
|
18
|
+
@access_token = auth_params[:id]
|
19
|
+
@nonce = auth_params[:nonce]
|
20
|
+
@ts = auth_params[:ts]
|
21
|
+
@ext = auth_params[:ext]
|
22
|
+
@signature = auth_params[:mac]
|
23
|
+
self
|
24
|
+
end
|
25
|
+
|
26
|
+
def oauth2?
|
27
|
+
@auth_header.provided? && @auth_header.scheme.to_s == 'mac'
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
require 'rack/oauth2/server/resource/mac/error'
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module Rack
|
2
|
+
module OAuth2
|
3
|
+
module Server
|
4
|
+
class Resource
|
5
|
+
class MAC
|
6
|
+
class Unauthorized < Resource::Unauthorized
|
7
|
+
def scheme
|
8
|
+
:MAC
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
module ErrorMethods
|
13
|
+
include Resource::ErrorMethods
|
14
|
+
def unauthorized!(error = nil, description = nil, options = {})
|
15
|
+
raise Unauthorized.new(error, description, options)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
Request.send :include, ErrorMethods
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,87 @@
|
|
1
|
+
require 'rack/auth/basic'
|
2
|
+
|
3
|
+
module Rack
|
4
|
+
module OAuth2
|
5
|
+
module Server
|
6
|
+
class Token < Abstract::Handler
|
7
|
+
def call(env)
|
8
|
+
request = Request.new(env)
|
9
|
+
grant_type_for(request).new(&@authenticator).call(env).finish
|
10
|
+
rescue Rack::OAuth2::Server::Abstract::Error => e
|
11
|
+
e.finish
|
12
|
+
end
|
13
|
+
|
14
|
+
private
|
15
|
+
|
16
|
+
def grant_type_for(request)
|
17
|
+
case request.grant_type
|
18
|
+
when 'authorization_code'
|
19
|
+
AuthorizationCode
|
20
|
+
when 'password'
|
21
|
+
Password
|
22
|
+
when 'facebook_token'
|
23
|
+
FacebookToken
|
24
|
+
when 'client_credentials'
|
25
|
+
ClientCredentials
|
26
|
+
when 'refresh_token'
|
27
|
+
RefreshToken
|
28
|
+
when ''
|
29
|
+
request.attr_missing!
|
30
|
+
else
|
31
|
+
extensions.detect do |extension|
|
32
|
+
extension.grant_type_for? request.grant_type
|
33
|
+
end || request.unsupported_grant_type!
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
def extensions
|
38
|
+
Extension.constants.sort.collect do |key|
|
39
|
+
Extension.const_get key
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
class Request < Abstract::Request
|
44
|
+
attr_required :grant_type
|
45
|
+
attr_optional :client_secret
|
46
|
+
|
47
|
+
def initialize(env)
|
48
|
+
auth = Rack::Auth::Basic::Request.new(env)
|
49
|
+
if auth.provided? && auth.basic?
|
50
|
+
@client_id, @client_secret = auth.credentials
|
51
|
+
super
|
52
|
+
else
|
53
|
+
super
|
54
|
+
@client_secret = params['client_secret']
|
55
|
+
end
|
56
|
+
@grant_type = params['grant_type'].to_s
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
class Response < Abstract::Response
|
61
|
+
attr_required :access_token
|
62
|
+
|
63
|
+
def protocol_params
|
64
|
+
access_token.token_response
|
65
|
+
end
|
66
|
+
|
67
|
+
def finish
|
68
|
+
attr_missing!
|
69
|
+
write MultiJson.dump(Util.compact_hash(protocol_params))
|
70
|
+
header['Content-Type'] = 'application/json'
|
71
|
+
header['Cache-Control'] = 'no-store'
|
72
|
+
header['Pragma'] = 'no-cache'
|
73
|
+
super
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
require 'rack/oauth2/server/token/authorization_code'
|
82
|
+
require 'rack/oauth2/server/token/password'
|
83
|
+
require 'rack/oauth2/server/token/facebook_token'
|
84
|
+
require 'rack/oauth2/server/token/client_credentials'
|
85
|
+
require 'rack/oauth2/server/token/refresh_token'
|
86
|
+
require 'rack/oauth2/server/token/extension'
|
87
|
+
require 'rack/oauth2/server/token/error'
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module Rack
|
2
|
+
module OAuth2
|
3
|
+
module Server
|
4
|
+
class Token
|
5
|
+
class AuthorizationCode < Abstract::Handler
|
6
|
+
def call(env)
|
7
|
+
@request = Request.new(env)
|
8
|
+
@response = Response.new(request)
|
9
|
+
super
|
10
|
+
end
|
11
|
+
|
12
|
+
class Request < Token::Request
|
13
|
+
attr_required :code
|
14
|
+
attr_optional :redirect_uri
|
15
|
+
|
16
|
+
def initialize(env)
|
17
|
+
super
|
18
|
+
@grant_type = :authorization_code
|
19
|
+
@code = params['code']
|
20
|
+
@redirect_uri = params['redirect_uri']
|
21
|
+
attr_missing!
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module Rack
|
2
|
+
module OAuth2
|
3
|
+
module Server
|
4
|
+
class Token
|
5
|
+
class ClientCredentials < Abstract::Handler
|
6
|
+
def call(env)
|
7
|
+
@request = Request.new(env)
|
8
|
+
@response = Response.new(request)
|
9
|
+
super
|
10
|
+
end
|
11
|
+
|
12
|
+
class Request < Token::Request
|
13
|
+
def initialize(env)
|
14
|
+
super
|
15
|
+
@grant_type = :client_credentials
|
16
|
+
attr_missing!
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,54 @@
|
|
1
|
+
module Rack
|
2
|
+
module OAuth2
|
3
|
+
module Server
|
4
|
+
class Token
|
5
|
+
class BadRequest < Abstract::BadRequest
|
6
|
+
end
|
7
|
+
|
8
|
+
class Unauthorized < Abstract::Unauthorized
|
9
|
+
def finish
|
10
|
+
super do |response|
|
11
|
+
response.header['WWW-Authenticate'] = 'Basic realm="OAuth2 Token Endpoint"'
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
module ErrorMethods
|
17
|
+
DEFAULT_DESCRIPTION = {
|
18
|
+
:invalid_request => "The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.",
|
19
|
+
:invalid_client => "The client identifier provided is invalid, the client failed to authenticate, the client did not include its credentials, provided multiple client credentials, or used unsupported credentials type.",
|
20
|
+
:invalid_grant => "The provided access grant is invalid, expired, or revoked (e.g. invalid assertion, expired authorization token, bad end-user password credentials, or mismatching authorization code and redirection URI).",
|
21
|
+
:unauthorized_client => "The authenticated client is not authorized to use the access grant type provided.",
|
22
|
+
:unsupported_grant_type => "The access grant included - its type or another attribute - is not supported by the authorization server.",
|
23
|
+
:invalid_scope => "The requested scope is invalid, unknown, malformed, or exceeds the previously granted scope."
|
24
|
+
}
|
25
|
+
|
26
|
+
def self.included(klass)
|
27
|
+
DEFAULT_DESCRIPTION.each do |error, default_description|
|
28
|
+
error_method = if error == :invalid_client
|
29
|
+
:unauthorized!
|
30
|
+
else
|
31
|
+
:bad_request!
|
32
|
+
end
|
33
|
+
klass.class_eval <<-ERROR
|
34
|
+
def #{error}!(description = "#{default_description}", options = {})
|
35
|
+
#{error_method} :#{error}, description, options
|
36
|
+
end
|
37
|
+
ERROR
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
def bad_request!(error, description = nil, options = {})
|
42
|
+
raise BadRequest.new(error, description, options)
|
43
|
+
end
|
44
|
+
|
45
|
+
def unauthorized!(error, description = nil, options = {})
|
46
|
+
raise Unauthorized.new(error, description, options)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
Request.send :include, ErrorMethods
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
module Rack
|
2
|
+
module OAuth2
|
3
|
+
module Server
|
4
|
+
class Token
|
5
|
+
module Extension
|
6
|
+
class JWT < Abstract::Handler
|
7
|
+
GRANT_TYPE_URN = 'urn:ietf:params:oauth:grant-type:jwt-bearer'
|
8
|
+
|
9
|
+
class << self
|
10
|
+
def grant_type_for?(grant_type)
|
11
|
+
grant_type == GRANT_TYPE_URN
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
def call(env)
|
16
|
+
@request = Request.new env
|
17
|
+
@response = Response.new request
|
18
|
+
super
|
19
|
+
end
|
20
|
+
|
21
|
+
class Request < Token::Request
|
22
|
+
attr_required :assertion
|
23
|
+
attr_optional :client_id
|
24
|
+
|
25
|
+
def initialize(env)
|
26
|
+
super
|
27
|
+
@grant_type = GRANT_TYPE_URN
|
28
|
+
@assertion = params['assertion']
|
29
|
+
attr_missing!
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|