zaikio-oauth_client 0.18.1 → 0.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 25dbc767b924d59fa2706f4d7da22fd940ff80da966856447b8027e1ebca986c
4
- data.tar.gz: 0a7dbef1ae4c475583c5958ce4320285ca32532b7f55cc7a2b33386109657e2d
3
+ metadata.gz: d82ba1e01192f3e9fac8f47bc5ded67fb2b869f724fcdcd26ec42718c4ca53f5
4
+ data.tar.gz: 48a24101ed54396c68d96077c0eaf7dc16fbd317ecbae092773ae9f29a31b9bd
5
5
  SHA512:
6
- metadata.gz: f7c542585a0f6d9b47736f587f3b4f75b4544c439f23da8013c67d2f5d27d081c649e7c62985d787956bc04363c0d27315a6cdeb6085c8d2d51b30e022f5e55c
7
- data.tar.gz: 2f418622e4ff38e2f2e3f0b9550ffc170a0278584cc2261012a2632c5e7d7de6ca472f73e0a2720e11dcc8129663377772e692085ffc28cd13cac0573e3f9d4b
6
+ metadata.gz: 46884a09302f56b53e64e8ee2cd1172c5792a1ecf82ff6e0a8b054d979f86f3b63449a4bd79633c3f95f076e11e0f3bc5669b26d8988643232c784c92f447d5b
7
+ data.tar.gz: f1e5992edef1cda3bd6b68f2089c07201264d2b1e64a4713ae0d6ec84af5e708172b9b53ceb76d38245645ec41ebf79f4da7d63a40e17a6441e4d7171f9e47e8
data/README.md CHANGED
@@ -145,12 +145,19 @@ redirect_to zaikio_oauth_client.new_subscription_path(plan: "free")
145
145
 
146
146
  #### Session handling
147
147
 
148
- The Zaikio gem engine will set a cookie for the user after a successful OAuth flow: `session[:zaikio_person_id]`.
148
+ The Zaikio gem engine will set a cookie for the access token after a successful OAuth flow: `session[:zaikio_access_token_id]`.
149
149
 
150
150
  If you are using for example `Zaikio::Hub::Models`, you can use this snippet to set the current user:
151
151
 
152
152
  ```ruby
153
- Current.user ||= Zaikio::Hub::Models::Person.find_by(id: session[:zaikio_person_id])
153
+ access_token = Zaikio::OAuthClient.find_active_access_token(session[:zaikio_access_token_id])
154
+ session[:zaikio_access_token_id] = access_token&.id
155
+ Current.user = Zaikio::Hub::Models::Person.find_by(id: access_token&.bearer_id)
156
+
157
+ unless Current.user
158
+ session[:origin] = request.fullpath
159
+ redirect_to zaikio_oauth_client.new_session_path
160
+ end
154
161
  ````
155
162
 
156
163
  You can then use `Current.user` anywhere.
@@ -9,7 +9,7 @@ module Zaikio
9
9
  encrypts :token
10
10
  encrypts :refresh_token
11
11
 
12
- def self.build_from_access_token(access_token, requested_scopes: nil)
12
+ def self.build_from_access_token(access_token, requested_scopes: nil, include_refresh_token: true)
13
13
  payload = JWT.decode(access_token.token, nil, false).first rescue {} # rubocop:disable Style/RescueModifier
14
14
  scopes = access_token.params["scope"].split(",")
15
15
  new(
@@ -18,7 +18,7 @@ module Zaikio
18
18
  bearer_id: access_token.params["bearer"]["id"],
19
19
  audience: access_token.params["audiences"].first,
20
20
  token: access_token.token,
21
- refresh_token: access_token.refresh_token,
21
+ refresh_token: (access_token.refresh_token if include_refresh_token),
22
22
  expires_at: Time.strptime(access_token.expires_at.to_s, "%s"),
23
23
  scopes: scopes,
24
24
  requested_scopes: requested_scopes || scopes
@@ -67,7 +67,7 @@ module Zaikio
67
67
  end
68
68
 
69
69
  def bearer_klass
70
- return unless Zaikio.const_defined?("Hub::Models", false) # rubocop:disable Performance/StringIdentifierArgument
70
+ return unless Zaikio.const_defined?("Hub::Models", false)
71
71
 
72
72
  if Zaikio::Hub::Models.configuration.respond_to?(:"#{bearer_type.underscore}_class_name")
73
73
  Zaikio::Hub::Models.configuration.public_send(:"#{bearer_type.underscore}_class_name").constantize
@@ -95,5 +95,15 @@ module Zaikio
95
95
  destroy
96
96
  nil
97
97
  end
98
+
99
+ def revoke!
100
+ return unless Zaikio.const_defined?("Hub::RevokedAccessToken", false)
101
+
102
+ Zaikio::Hub.with_token(token) do
103
+ Zaikio::Hub::RevokedAccessToken.create
104
+ end
105
+ rescue Zaikio::ConnectionError => e
106
+ Zaikio::OAuthClient.configuration.logger.warn "Access Token #{id} could not be revoked: #{e.message}"
107
+ end
98
108
  end
99
109
  end
@@ -55,13 +55,16 @@ module Zaikio
55
55
  end
56
56
 
57
57
  def destroy
58
- access_token_id = session[:zaikio_access_token_id]
58
+ if (access_token = Zaikio::AccessToken.valid.or(Zaikio::AccessToken.valid_refresh)
59
+ .find_by(id: session[:zaikio_access_token_id]))
60
+ access_token.revoke!
61
+ end
59
62
  session.delete(:zaikio_access_token_id)
60
63
  session.delete(:origin)
61
64
 
62
65
  redirect_to send(
63
66
  respond_to?(:after_destroy_path_for) ? :after_destroy_path_for : :default_after_destroy_path_for,
64
- access_token_id
67
+ access_token.id
65
68
  )
66
69
  end
67
70
 
@@ -1,5 +1,5 @@
1
1
  module Zaikio
2
2
  module OAuthClient
3
- VERSION = "0.18.1".freeze
3
+ VERSION = "0.19.0".freeze
4
4
  end
5
5
  end
@@ -6,7 +6,7 @@ require "zaikio/oauth_client/configuration"
6
6
  require "zaikio/oauth_client/authenticatable"
7
7
 
8
8
  module Zaikio
9
- module OAuthClient
9
+ module OAuthClient # rubocop:disable Metrics/ModuleLength
10
10
  class << self
11
11
  attr_reader :client_name
12
12
 
@@ -58,9 +58,8 @@ module Zaikio
58
58
  end
59
59
  end
60
60
 
61
- # Finds the best possible access token, using the DB or an API call
62
- # * If the token has expired, it will be refreshed using the refresh_token flow
63
- # (if this fails, we fallback to getting a new token using client_credentials)
61
+ # Finds active access token, using the DB or Client Credentials flow
62
+ # * It searches in the DB for an active access token
64
63
  # * If the token does not exist, we'll get a new one using the client_credentials flow
65
64
  def get_access_token(bearer_id:, client_name: nil, bearer_type: "Person", scopes: nil, valid_for: 30.seconds)
66
65
  client_config = client_config_for(client_name || self.client_name)
@@ -72,8 +71,6 @@ module Zaikio
72
71
  requested_scopes: scopes,
73
72
  valid_for: valid_for)
74
73
 
75
- token = token.refresh! if token&.expired?
76
-
77
74
  token ||= fetch_new_token(client_config: client_config,
78
75
  bearer_type: bearer_type,
79
76
  bearer_id: bearer_id,
@@ -81,21 +78,31 @@ module Zaikio
81
78
  token
82
79
  end
83
80
 
84
- # Finds the best usable access token. Note that this token may have expired and
85
- # would require refreshing.
86
- def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:, valid_for: 30.seconds) # rubocop:disable Metrics/MethodLength
87
- configuration.logger.debug "Try to fetch token for client_name: #{client_name}, "\
81
+ # This method can be used to find an active access token by id.
82
+ # It might refresh the access token to get an active one.
83
+ def find_active_access_token(id)
84
+ return unless id
85
+
86
+ access_token = Zaikio::AccessToken.find_by(id: id)
87
+ access_token = access_token.refresh! if access_token&.expired?
88
+
89
+ access_token
90
+ end
91
+
92
+ # Finds active access token with matching criteria for bearer and scopes.
93
+ def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:, valid_for: 30.seconds) # rubocop:disable Metrics/MethodLength
94
+ configuration.logger.debug "Try to fetch token for client_name: #{client_name}, " \
88
95
  "bearer #{bearer_type}/#{bearer_id}, requested_scopes: #{requested_scopes}"
89
96
 
90
97
  fetch_access_token = lambda {
91
98
  Zaikio::AccessToken
92
99
  .where(audience: client_name)
93
- .usable(
100
+ .by_bearer(
94
101
  bearer_type: bearer_type,
95
102
  bearer_id: bearer_id,
96
- requested_scopes: requested_scopes,
97
- valid_until: valid_for.from_now
103
+ requested_scopes: requested_scopes
98
104
  )
105
+ .valid(valid_for.from_now)
99
106
  .first
100
107
  }
101
108
 
@@ -113,7 +120,10 @@ module Zaikio
113
120
  bearer_id: bearer_id,
114
121
  scopes: scopes
115
122
  ),
116
- requested_scopes: scopes
123
+ requested_scopes: scopes,
124
+ include_refresh_token: false
125
+ # Do not store refresh token on client credentials flow
126
+ # https://docs.zaikio.com/changelog/2022-08-09_client-credentials-drop-refresh-token.html
117
127
  ).tap(&:save!)
118
128
  end
119
129
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: zaikio-oauth_client
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.18.1
4
+ version: 0.19.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Zaikio GmbH
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-04-29 00:00:00.000000000 Z
11
+ date: 2022-08-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionpack