zaikio-oauth_client 0.14.0 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0ff245bb6a309f304b580e81ad30acc9a91916919697b2df717fdb884d3e4a25
4
- data.tar.gz: c8db756a72615d02de42a58804e23b597f095e709506a6055008a8682cc72bbd
3
+ metadata.gz: 959893e57238209160b6945a5044bbc82bdc862fb78cd69ba606356e376978a7
4
+ data.tar.gz: b73e404116786a133e3438a12ebdfc87548da89c3a581a66436a6d2c0ef63ebd
5
5
  SHA512:
6
- metadata.gz: 45d03fc98118ae5c283139628d0b8b9eaf1dd9a5ddcf22a02f1a57d8052365190907627831992976d8607329e404a021516403000b54ee072fbd9bc155bb9a89
7
- data.tar.gz: 6ecae0a7e65289cad9c6691dcdaf3179694db40df26cedefe93cecaf7b16b999617f7931cbbc112116744e418b333c787b4b5e426baf6f6db0591ff6a399e6e7
6
+ metadata.gz: 71c7597c63d0aa761754fae087a6dcbbca1c1ebcae034330d08bbcdf7dd837874901c5b343435005b97b033220609255903cbc0aae796ad7b88192c4d150fe36
7
+ data.tar.gz: 38f0f062bebf746c5e23341524d9bcf4b3b31f9a70c972b5afa7ded4f72c6ec5ec5d1d694e8515412e9118359f8f8ee6bcdc493c28e55b5716d1c7261371dc06
data/README.md CHANGED
@@ -266,6 +266,18 @@ Zaikio::OAuthClient.with_auth(bearer_type: "Organization", bearer_id: "fd61f5f5-
266
266
  end
267
267
  ```
268
268
 
269
+ If you need the token for a certain period (e.g. a long-running job which makes many
270
+ requests in sequence), you can specify the `valid_for` interval when requesting the token.
271
+ By default, it won't return an access token which was due to expire in less than 30
272
+ seconds from now. If there is an existing token, but it was due to expire before the end
273
+ of the validity period, this will go and get a fresh token anyway:
274
+
275
+ ```rb
276
+ Zaikio::OAuthClient.with_auth(..., valid_for: 10.minutes) do |access_token|
277
+ # ...
278
+ end
279
+ ```
280
+
269
281
  ## Use of dummy app
270
282
 
271
283
  You can use the included dummy app as a showcase for the workflow and to adjust your own application. To set up the dummy application properly, go into `test/dummy` and use [puma-dev](https://github.com/puma/puma-dev) like this:
@@ -26,17 +26,17 @@ module Zaikio
26
26
  end
27
27
 
28
28
  # Scopes
29
- scope :valid, lambda {
30
- where("expires_at > :now", now: Time.current)
29
+ scope :valid, lambda { |valid_until = Time.current|
30
+ where("expires_at > :valid_until", valid_until: valid_until)
31
31
  .where.not(id: Zaikio::JWTAuth.revoked_token_ids)
32
32
  }
33
33
  scope :with_invalid_refresh_token, lambda {
34
34
  where("created_at <= ?", Time.current - Zaikio::AccessToken.refresh_token_valid_for)
35
35
  }
36
- scope :valid_refresh, lambda {
37
- where("expires_at <= :now AND created_at > :created_at_max",
38
- now: Time.current,
39
- created_at_max: Time.current - refresh_token_valid_for)
36
+ scope :valid_refresh, lambda { |valid_until = Time.current|
37
+ where("expires_at <= :valid_until AND created_at > :created_at_max",
38
+ valid_until: valid_until,
39
+ created_at_max: valid_until - refresh_token_valid_for)
40
40
  .where.not(refresh_token: nil)
41
41
  .where.not(id: Zaikio::JWTAuth.revoked_token_ids)
42
42
  }
@@ -44,9 +44,10 @@ module Zaikio
44
44
  where(bearer_type: bearer_type, bearer_id: bearer_id)
45
45
  .where("requested_scopes @> ARRAY[?]::varchar[]", requested_scopes)
46
46
  }
47
- scope :usable, lambda { |options|
48
- by_bearer(**options).valid.or(by_bearer(**options).valid_refresh)
49
- .order(expires_at: :desc)
47
+ scope :usable, lambda { |valid_until: Time.current, **options|
48
+ by_bearer(**options).valid(valid_until).or(
49
+ by_bearer(**options).valid_refresh
50
+ ).order(expires_at: :desc)
50
51
  }
51
52
 
52
53
  def expired?
@@ -72,6 +73,8 @@ module Zaikio
72
73
  end
73
74
 
74
75
  def refresh!
76
+ return unless refresh_token?
77
+
75
78
  Zaikio::OAuthClient.with_oauth_scheme(:basic_auth) do
76
79
  refreshed_token = OAuth2::AccessToken.from_hash(
77
80
  Zaikio::OAuthClient.for(audience),
@@ -80,16 +83,12 @@ module Zaikio
80
83
 
81
84
  destroy
82
85
 
83
- self.class.build_from_access_token(
84
- refreshed_token,
85
- requested_scopes: requested_scopes
86
- ).tap(&:save!)
86
+ self.class.build_from_access_token(refreshed_token, requested_scopes: requested_scopes).tap(&:save!)
87
87
  end
88
88
  rescue OAuth2::Error => e
89
89
  raise unless e.code == "invalid_grant"
90
90
 
91
91
  destroy
92
-
93
92
  nil
94
93
  end
95
94
  end
@@ -4,7 +4,8 @@ module Zaikio
4
4
  extend ActiveSupport::Concern
5
5
 
6
6
  def new
7
- opts = params.permit(:client_name, :show_signup, :prompt, :force_login, :state, :lang)
7
+ opts = params.permit(:client_name, :show_signup, :prompt, :prompt_email_confirmation,
8
+ :force_login, :state, :lang)
8
9
  opts[:lang] ||= I18n.locale if defined?(I18n)
9
10
  client_name = opts.delete(:client_name)
10
11
  opts[:state] ||= session[:state] = SecureRandom.urlsafe_base64(32)
@@ -81,7 +82,7 @@ module Zaikio
81
82
 
82
83
  def client_config
83
84
  client_config = Zaikio::OAuthClient.configuration.find!(client_name)
84
- client_config = use_org_config? ? client_config.org_config : client_config
85
+ client_config = client_config.org_config if use_org_config?
85
86
 
86
87
  client_config or raise ActiveRecord::RecordNotFound
87
88
  end
@@ -1,5 +1,5 @@
1
1
  module Zaikio
2
2
  module OAuthClient
3
- VERSION = "0.14.0".freeze
3
+ VERSION = "0.16.0".freeze
4
4
  end
5
5
  end
@@ -62,14 +62,15 @@ module Zaikio
62
62
  # * If the token has expired, it will be refreshed using the refresh_token flow
63
63
  # (if this fails, we fallback to getting a new token using client_credentials)
64
64
  # * If the token does not exist, we'll get a new one using the client_credentials flow
65
- def get_access_token(bearer_id:, client_name: nil, bearer_type: "Person", scopes: nil)
65
+ def get_access_token(bearer_id:, client_name: nil, bearer_type: "Person", scopes: nil, valid_for: 30.seconds)
66
66
  client_config = client_config_for(client_name || self.client_name)
67
67
  scopes ||= client_config.default_scopes_for(bearer_type)
68
68
 
69
69
  token = find_usable_access_token(client_name: client_config.client_name,
70
70
  bearer_type: bearer_type,
71
71
  bearer_id: bearer_id,
72
- requested_scopes: scopes)
72
+ requested_scopes: scopes,
73
+ valid_for: valid_for)
73
74
 
74
75
  token = token.refresh! if token&.expired?
75
76
 
@@ -82,9 +83,9 @@ module Zaikio
82
83
 
83
84
  # Finds the best usable access token. Note that this token may have expired and
84
85
  # would require refreshing.
85
- def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:) # rubocop:disable Metrics/MethodLength
86
+ def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:, valid_for: 30.seconds) # rubocop:disable Metrics/MethodLength
86
87
  configuration.logger.debug "Try to fetch token for client_name: #{client_name}, "\
87
- "bearer #{bearer_type}/#{bearer_id}, requested_scopes: #{requested_scopes}"
88
+ "bearer #{bearer_type}/#{bearer_id}, requested_scopes: #{requested_scopes}"
88
89
 
89
90
  fetch_access_token = lambda {
90
91
  Zaikio::AccessToken
@@ -92,7 +93,8 @@ module Zaikio
92
93
  .usable(
93
94
  bearer_type: bearer_type,
94
95
  bearer_id: bearer_id,
95
- requested_scopes: requested_scopes
96
+ requested_scopes: requested_scopes,
97
+ valid_until: valid_for.from_now
96
98
  )
97
99
  .first
98
100
  }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: zaikio-oauth_client
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.14.0
4
+ version: 0.16.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Zaikio GmbH
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-18 00:00:00.000000000 Z
11
+ date: 2021-08-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionpack
@@ -187,7 +187,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
187
187
  - !ruby/object:Gem::Version
188
188
  version: '0'
189
189
  requirements: []
190
- rubygems_version: 3.2.3
190
+ rubygems_version: 3.2.22
191
191
  signing_key:
192
192
  specification_version: 4
193
193
  summary: Zaikio Platform Connectivity