standard_id 0.2.6 → 0.2.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dbef18f1449e29f9a2634d4ac069294555d068b0c645e187935bd88133649d49
|
|
4
|
+
data.tar.gz: fceb6cf31ca8a240ea7969255b3d6954547bfc5f69f620ba4cae1d301b6c6981
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9f2ee859ac9c6a41f6fc5839cb597e2940d95ae0919e0a86233202f34ecc0f99d94ca4e574b6c9b790ee31e4c42003d358dc0fc5a997a3874f2de0b1b72f57fe
|
|
7
|
+
data.tar.gz: fab39f1f052246162a6fece0aa612bc8871fccb54e095d58f7d52d0b62b8307c927444043fcddf7b3b54a07da0ffcbceacb0be419379097261eeae8c59c45b24
|
|
@@ -2,6 +2,8 @@ module StandardId
|
|
|
2
2
|
module Api
|
|
3
3
|
module Oauth
|
|
4
4
|
class TokensController < BaseController
|
|
5
|
+
skip_before_action :validate_content_type!
|
|
6
|
+
|
|
5
7
|
FLOW_STRATEGIES = {
|
|
6
8
|
"client_credentials" => StandardId::Oauth::ClientCredentialsFlow,
|
|
7
9
|
"authorization_code" => StandardId::Oauth::AuthorizationCodeFlow,
|
|
@@ -10,6 +12,8 @@ module StandardId
|
|
|
10
12
|
"passwordless_otp" => StandardId::Oauth::PasswordlessOtpFlow
|
|
11
13
|
}.freeze
|
|
12
14
|
|
|
15
|
+
before_action :extract_client_credentials_from_basic_auth
|
|
16
|
+
|
|
13
17
|
def create
|
|
14
18
|
response_data = flow_strategy_class.new(flow_strategy_params, request).execute
|
|
15
19
|
render json: response_data, status: :ok
|
|
@@ -17,6 +21,26 @@ module StandardId
|
|
|
17
21
|
|
|
18
22
|
private
|
|
19
23
|
|
|
24
|
+
# Support HTTP Basic authentication for client credentials (RFC 6749 Section 2.3.1)
|
|
25
|
+
def extract_client_credentials_from_basic_auth
|
|
26
|
+
auth_header = request.headers["Authorization"]
|
|
27
|
+
return unless auth_header&.start_with?("Basic ")
|
|
28
|
+
|
|
29
|
+
# RFC 6749 Section 2.3: client MUST NOT use more than one authentication method
|
|
30
|
+
if params[:client_id].present? || params[:client_secret].present?
|
|
31
|
+
raise StandardId::InvalidRequestError,
|
|
32
|
+
"Client credentials must be sent via Authorization header OR request body, not both"
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
decoded = Base64.strict_decode64(auth_header.split(" ", 2).last)
|
|
36
|
+
client_id, client_secret = decoded.split(":", 2)
|
|
37
|
+
|
|
38
|
+
params[:client_id] = CGI.unescape(client_id)
|
|
39
|
+
params[:client_secret] = CGI.unescape(client_secret)
|
|
40
|
+
rescue ArgumentError
|
|
41
|
+
raise StandardId::InvalidClientError, "Invalid Basic authentication encoding"
|
|
42
|
+
end
|
|
43
|
+
|
|
20
44
|
def grant_type
|
|
21
45
|
@grant_type ||= params[:grant_type]
|
|
22
46
|
end
|
data/lib/standard_id/version.rb
CHANGED