zaikio-oauth_client 0.14.0 → 0.16.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +12 -0
- data/app/models/zaikio/access_token.rb +13 -14
- data/lib/zaikio/oauth_client/authenticatable.rb +3 -2
- data/lib/zaikio/oauth_client/version.rb +1 -1
- data/lib/zaikio/oauth_client.rb +7 -5
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 959893e57238209160b6945a5044bbc82bdc862fb78cd69ba606356e376978a7
|
|
4
|
+
data.tar.gz: b73e404116786a133e3438a12ebdfc87548da89c3a581a66436a6d2c0ef63ebd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 71c7597c63d0aa761754fae087a6dcbbca1c1ebcae034330d08bbcdf7dd837874901c5b343435005b97b033220609255903cbc0aae796ad7b88192c4d150fe36
|
|
7
|
+
data.tar.gz: 38f0f062bebf746c5e23341524d9bcf4b3b31f9a70c972b5afa7ded4f72c6ec5ec5d1d694e8515412e9118359f8f8ee6bcdc493c28e55b5716d1c7261371dc06
|
data/README.md
CHANGED
|
@@ -266,6 +266,18 @@ Zaikio::OAuthClient.with_auth(bearer_type: "Organization", bearer_id: "fd61f5f5-
|
|
|
266
266
|
end
|
|
267
267
|
```
|
|
268
268
|
|
|
269
|
+
If you need the token for a certain period (e.g. a long-running job which makes many
|
|
270
|
+
requests in sequence), you can specify the `valid_for` interval when requesting the token.
|
|
271
|
+
By default, it won't return an access token which was due to expire in less than 30
|
|
272
|
+
seconds from now. If there is an existing token, but it was due to expire before the end
|
|
273
|
+
of the validity period, this will go and get a fresh token anyway:
|
|
274
|
+
|
|
275
|
+
```rb
|
|
276
|
+
Zaikio::OAuthClient.with_auth(..., valid_for: 10.minutes) do |access_token|
|
|
277
|
+
# ...
|
|
278
|
+
end
|
|
279
|
+
```
|
|
280
|
+
|
|
269
281
|
## Use of dummy app
|
|
270
282
|
|
|
271
283
|
You can use the included dummy app as a showcase for the workflow and to adjust your own application. To set up the dummy application properly, go into `test/dummy` and use [puma-dev](https://github.com/puma/puma-dev) like this:
|
|
@@ -26,17 +26,17 @@ module Zaikio
|
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
# Scopes
|
|
29
|
-
scope :valid, lambda {
|
|
30
|
-
where("expires_at > :
|
|
29
|
+
scope :valid, lambda { |valid_until = Time.current|
|
|
30
|
+
where("expires_at > :valid_until", valid_until: valid_until)
|
|
31
31
|
.where.not(id: Zaikio::JWTAuth.revoked_token_ids)
|
|
32
32
|
}
|
|
33
33
|
scope :with_invalid_refresh_token, lambda {
|
|
34
34
|
where("created_at <= ?", Time.current - Zaikio::AccessToken.refresh_token_valid_for)
|
|
35
35
|
}
|
|
36
|
-
scope :valid_refresh, lambda {
|
|
37
|
-
where("expires_at <= :
|
|
38
|
-
|
|
39
|
-
created_at_max:
|
|
36
|
+
scope :valid_refresh, lambda { |valid_until = Time.current|
|
|
37
|
+
where("expires_at <= :valid_until AND created_at > :created_at_max",
|
|
38
|
+
valid_until: valid_until,
|
|
39
|
+
created_at_max: valid_until - refresh_token_valid_for)
|
|
40
40
|
.where.not(refresh_token: nil)
|
|
41
41
|
.where.not(id: Zaikio::JWTAuth.revoked_token_ids)
|
|
42
42
|
}
|
|
@@ -44,9 +44,10 @@ module Zaikio
|
|
|
44
44
|
where(bearer_type: bearer_type, bearer_id: bearer_id)
|
|
45
45
|
.where("requested_scopes @> ARRAY[?]::varchar[]", requested_scopes)
|
|
46
46
|
}
|
|
47
|
-
scope :usable, lambda { |options|
|
|
48
|
-
by_bearer(**options).valid.or(
|
|
49
|
-
|
|
47
|
+
scope :usable, lambda { |valid_until: Time.current, **options|
|
|
48
|
+
by_bearer(**options).valid(valid_until).or(
|
|
49
|
+
by_bearer(**options).valid_refresh
|
|
50
|
+
).order(expires_at: :desc)
|
|
50
51
|
}
|
|
51
52
|
|
|
52
53
|
def expired?
|
|
@@ -72,6 +73,8 @@ module Zaikio
|
|
|
72
73
|
end
|
|
73
74
|
|
|
74
75
|
def refresh!
|
|
76
|
+
return unless refresh_token?
|
|
77
|
+
|
|
75
78
|
Zaikio::OAuthClient.with_oauth_scheme(:basic_auth) do
|
|
76
79
|
refreshed_token = OAuth2::AccessToken.from_hash(
|
|
77
80
|
Zaikio::OAuthClient.for(audience),
|
|
@@ -80,16 +83,12 @@ module Zaikio
|
|
|
80
83
|
|
|
81
84
|
destroy
|
|
82
85
|
|
|
83
|
-
self.class.build_from_access_token(
|
|
84
|
-
refreshed_token,
|
|
85
|
-
requested_scopes: requested_scopes
|
|
86
|
-
).tap(&:save!)
|
|
86
|
+
self.class.build_from_access_token(refreshed_token, requested_scopes: requested_scopes).tap(&:save!)
|
|
87
87
|
end
|
|
88
88
|
rescue OAuth2::Error => e
|
|
89
89
|
raise unless e.code == "invalid_grant"
|
|
90
90
|
|
|
91
91
|
destroy
|
|
92
|
-
|
|
93
92
|
nil
|
|
94
93
|
end
|
|
95
94
|
end
|
|
@@ -4,7 +4,8 @@ module Zaikio
|
|
|
4
4
|
extend ActiveSupport::Concern
|
|
5
5
|
|
|
6
6
|
def new
|
|
7
|
-
opts = params.permit(:client_name, :show_signup, :prompt, :
|
|
7
|
+
opts = params.permit(:client_name, :show_signup, :prompt, :prompt_email_confirmation,
|
|
8
|
+
:force_login, :state, :lang)
|
|
8
9
|
opts[:lang] ||= I18n.locale if defined?(I18n)
|
|
9
10
|
client_name = opts.delete(:client_name)
|
|
10
11
|
opts[:state] ||= session[:state] = SecureRandom.urlsafe_base64(32)
|
|
@@ -81,7 +82,7 @@ module Zaikio
|
|
|
81
82
|
|
|
82
83
|
def client_config
|
|
83
84
|
client_config = Zaikio::OAuthClient.configuration.find!(client_name)
|
|
84
|
-
client_config =
|
|
85
|
+
client_config = client_config.org_config if use_org_config?
|
|
85
86
|
|
|
86
87
|
client_config or raise ActiveRecord::RecordNotFound
|
|
87
88
|
end
|
data/lib/zaikio/oauth_client.rb
CHANGED
|
@@ -62,14 +62,15 @@ module Zaikio
|
|
|
62
62
|
# * If the token has expired, it will be refreshed using the refresh_token flow
|
|
63
63
|
# (if this fails, we fallback to getting a new token using client_credentials)
|
|
64
64
|
# * If the token does not exist, we'll get a new one using the client_credentials flow
|
|
65
|
-
def get_access_token(bearer_id:, client_name: nil, bearer_type: "Person", scopes: nil)
|
|
65
|
+
def get_access_token(bearer_id:, client_name: nil, bearer_type: "Person", scopes: nil, valid_for: 30.seconds)
|
|
66
66
|
client_config = client_config_for(client_name || self.client_name)
|
|
67
67
|
scopes ||= client_config.default_scopes_for(bearer_type)
|
|
68
68
|
|
|
69
69
|
token = find_usable_access_token(client_name: client_config.client_name,
|
|
70
70
|
bearer_type: bearer_type,
|
|
71
71
|
bearer_id: bearer_id,
|
|
72
|
-
requested_scopes: scopes
|
|
72
|
+
requested_scopes: scopes,
|
|
73
|
+
valid_for: valid_for)
|
|
73
74
|
|
|
74
75
|
token = token.refresh! if token&.expired?
|
|
75
76
|
|
|
@@ -82,9 +83,9 @@ module Zaikio
|
|
|
82
83
|
|
|
83
84
|
# Finds the best usable access token. Note that this token may have expired and
|
|
84
85
|
# would require refreshing.
|
|
85
|
-
def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:) # rubocop:disable Metrics/MethodLength
|
|
86
|
+
def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:, valid_for: 30.seconds) # rubocop:disable Metrics/MethodLength
|
|
86
87
|
configuration.logger.debug "Try to fetch token for client_name: #{client_name}, "\
|
|
87
|
-
|
|
88
|
+
"bearer #{bearer_type}/#{bearer_id}, requested_scopes: #{requested_scopes}"
|
|
88
89
|
|
|
89
90
|
fetch_access_token = lambda {
|
|
90
91
|
Zaikio::AccessToken
|
|
@@ -92,7 +93,8 @@ module Zaikio
|
|
|
92
93
|
.usable(
|
|
93
94
|
bearer_type: bearer_type,
|
|
94
95
|
bearer_id: bearer_id,
|
|
95
|
-
requested_scopes: requested_scopes
|
|
96
|
+
requested_scopes: requested_scopes,
|
|
97
|
+
valid_until: valid_for.from_now
|
|
96
98
|
)
|
|
97
99
|
.first
|
|
98
100
|
}
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-oauth_client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.16.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Zaikio GmbH
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-08-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: actionpack
|
|
@@ -187,7 +187,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
187
187
|
- !ruby/object:Gem::Version
|
|
188
188
|
version: '0'
|
|
189
189
|
requirements: []
|
|
190
|
-
rubygems_version: 3.2.
|
|
190
|
+
rubygems_version: 3.2.22
|
|
191
191
|
signing_key:
|
|
192
192
|
specification_version: 4
|
|
193
193
|
summary: Zaikio Platform Connectivity
|