zaikio-oauth_client 0.18.1 → 0.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +9 -2
- data/app/models/zaikio/access_token.rb +13 -3
- data/lib/zaikio/oauth_client/authenticatable.rb +5 -2
- data/lib/zaikio/oauth_client/version.rb +1 -1
- data/lib/zaikio/oauth_client.rb +24 -14
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d82ba1e01192f3e9fac8f47bc5ded67fb2b869f724fcdcd26ec42718c4ca53f5
|
|
4
|
+
data.tar.gz: 48a24101ed54396c68d96077c0eaf7dc16fbd317ecbae092773ae9f29a31b9bd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 46884a09302f56b53e64e8ee2cd1172c5792a1ecf82ff6e0a8b054d979f86f3b63449a4bd79633c3f95f076e11e0f3bc5669b26d8988643232c784c92f447d5b
|
|
7
|
+
data.tar.gz: f1e5992edef1cda3bd6b68f2089c07201264d2b1e64a4713ae0d6ec84af5e708172b9b53ceb76d38245645ec41ebf79f4da7d63a40e17a6441e4d7171f9e47e8
|
data/README.md
CHANGED
|
@@ -145,12 +145,19 @@ redirect_to zaikio_oauth_client.new_subscription_path(plan: "free")
|
|
|
145
145
|
|
|
146
146
|
#### Session handling
|
|
147
147
|
|
|
148
|
-
The Zaikio gem engine will set a cookie for the
|
|
148
|
+
The Zaikio gem engine will set a cookie for the access token after a successful OAuth flow: `session[:zaikio_access_token_id]`.
|
|
149
149
|
|
|
150
150
|
If you are using for example `Zaikio::Hub::Models`, you can use this snippet to set the current user:
|
|
151
151
|
|
|
152
152
|
```ruby
|
|
153
|
-
|
|
153
|
+
access_token = Zaikio::OAuthClient.find_active_access_token(session[:zaikio_access_token_id])
|
|
154
|
+
session[:zaikio_access_token_id] = access_token&.id
|
|
155
|
+
Current.user = Zaikio::Hub::Models::Person.find_by(id: access_token&.bearer_id)
|
|
156
|
+
|
|
157
|
+
unless Current.user
|
|
158
|
+
session[:origin] = request.fullpath
|
|
159
|
+
redirect_to zaikio_oauth_client.new_session_path
|
|
160
|
+
end
|
|
154
161
|
````
|
|
155
162
|
|
|
156
163
|
You can then use `Current.user` anywhere.
|
|
@@ -9,7 +9,7 @@ module Zaikio
|
|
|
9
9
|
encrypts :token
|
|
10
10
|
encrypts :refresh_token
|
|
11
11
|
|
|
12
|
-
def self.build_from_access_token(access_token, requested_scopes: nil)
|
|
12
|
+
def self.build_from_access_token(access_token, requested_scopes: nil, include_refresh_token: true)
|
|
13
13
|
payload = JWT.decode(access_token.token, nil, false).first rescue {} # rubocop:disable Style/RescueModifier
|
|
14
14
|
scopes = access_token.params["scope"].split(",")
|
|
15
15
|
new(
|
|
@@ -18,7 +18,7 @@ module Zaikio
|
|
|
18
18
|
bearer_id: access_token.params["bearer"]["id"],
|
|
19
19
|
audience: access_token.params["audiences"].first,
|
|
20
20
|
token: access_token.token,
|
|
21
|
-
refresh_token: access_token.refresh_token,
|
|
21
|
+
refresh_token: (access_token.refresh_token if include_refresh_token),
|
|
22
22
|
expires_at: Time.strptime(access_token.expires_at.to_s, "%s"),
|
|
23
23
|
scopes: scopes,
|
|
24
24
|
requested_scopes: requested_scopes || scopes
|
|
@@ -67,7 +67,7 @@ module Zaikio
|
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
def bearer_klass
|
|
70
|
-
return unless Zaikio.const_defined?("Hub::Models", false)
|
|
70
|
+
return unless Zaikio.const_defined?("Hub::Models", false)
|
|
71
71
|
|
|
72
72
|
if Zaikio::Hub::Models.configuration.respond_to?(:"#{bearer_type.underscore}_class_name")
|
|
73
73
|
Zaikio::Hub::Models.configuration.public_send(:"#{bearer_type.underscore}_class_name").constantize
|
|
@@ -95,5 +95,15 @@ module Zaikio
|
|
|
95
95
|
destroy
|
|
96
96
|
nil
|
|
97
97
|
end
|
|
98
|
+
|
|
99
|
+
def revoke!
|
|
100
|
+
return unless Zaikio.const_defined?("Hub::RevokedAccessToken", false)
|
|
101
|
+
|
|
102
|
+
Zaikio::Hub.with_token(token) do
|
|
103
|
+
Zaikio::Hub::RevokedAccessToken.create
|
|
104
|
+
end
|
|
105
|
+
rescue Zaikio::ConnectionError => e
|
|
106
|
+
Zaikio::OAuthClient.configuration.logger.warn "Access Token #{id} could not be revoked: #{e.message}"
|
|
107
|
+
end
|
|
98
108
|
end
|
|
99
109
|
end
|
|
@@ -55,13 +55,16 @@ module Zaikio
|
|
|
55
55
|
end
|
|
56
56
|
|
|
57
57
|
def destroy
|
|
58
|
-
|
|
58
|
+
if (access_token = Zaikio::AccessToken.valid.or(Zaikio::AccessToken.valid_refresh)
|
|
59
|
+
.find_by(id: session[:zaikio_access_token_id]))
|
|
60
|
+
access_token.revoke!
|
|
61
|
+
end
|
|
59
62
|
session.delete(:zaikio_access_token_id)
|
|
60
63
|
session.delete(:origin)
|
|
61
64
|
|
|
62
65
|
redirect_to send(
|
|
63
66
|
respond_to?(:after_destroy_path_for) ? :after_destroy_path_for : :default_after_destroy_path_for,
|
|
64
|
-
|
|
67
|
+
access_token.id
|
|
65
68
|
)
|
|
66
69
|
end
|
|
67
70
|
|
data/lib/zaikio/oauth_client.rb
CHANGED
|
@@ -6,7 +6,7 @@ require "zaikio/oauth_client/configuration"
|
|
|
6
6
|
require "zaikio/oauth_client/authenticatable"
|
|
7
7
|
|
|
8
8
|
module Zaikio
|
|
9
|
-
module OAuthClient
|
|
9
|
+
module OAuthClient # rubocop:disable Metrics/ModuleLength
|
|
10
10
|
class << self
|
|
11
11
|
attr_reader :client_name
|
|
12
12
|
|
|
@@ -58,9 +58,8 @@ module Zaikio
|
|
|
58
58
|
end
|
|
59
59
|
end
|
|
60
60
|
|
|
61
|
-
# Finds
|
|
62
|
-
# *
|
|
63
|
-
# (if this fails, we fallback to getting a new token using client_credentials)
|
|
61
|
+
# Finds active access token, using the DB or Client Credentials flow
|
|
62
|
+
# * It searches in the DB for an active access token
|
|
64
63
|
# * If the token does not exist, we'll get a new one using the client_credentials flow
|
|
65
64
|
def get_access_token(bearer_id:, client_name: nil, bearer_type: "Person", scopes: nil, valid_for: 30.seconds)
|
|
66
65
|
client_config = client_config_for(client_name || self.client_name)
|
|
@@ -72,8 +71,6 @@ module Zaikio
|
|
|
72
71
|
requested_scopes: scopes,
|
|
73
72
|
valid_for: valid_for)
|
|
74
73
|
|
|
75
|
-
token = token.refresh! if token&.expired?
|
|
76
|
-
|
|
77
74
|
token ||= fetch_new_token(client_config: client_config,
|
|
78
75
|
bearer_type: bearer_type,
|
|
79
76
|
bearer_id: bearer_id,
|
|
@@ -81,21 +78,31 @@ module Zaikio
|
|
|
81
78
|
token
|
|
82
79
|
end
|
|
83
80
|
|
|
84
|
-
#
|
|
85
|
-
#
|
|
86
|
-
def
|
|
87
|
-
|
|
81
|
+
# This method can be used to find an active access token by id.
|
|
82
|
+
# It might refresh the access token to get an active one.
|
|
83
|
+
def find_active_access_token(id)
|
|
84
|
+
return unless id
|
|
85
|
+
|
|
86
|
+
access_token = Zaikio::AccessToken.find_by(id: id)
|
|
87
|
+
access_token = access_token.refresh! if access_token&.expired?
|
|
88
|
+
|
|
89
|
+
access_token
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
# Finds active access token with matching criteria for bearer and scopes.
|
|
93
|
+
def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:, valid_for: 30.seconds) # rubocop:disable Metrics/MethodLength
|
|
94
|
+
configuration.logger.debug "Try to fetch token for client_name: #{client_name}, " \
|
|
88
95
|
"bearer #{bearer_type}/#{bearer_id}, requested_scopes: #{requested_scopes}"
|
|
89
96
|
|
|
90
97
|
fetch_access_token = lambda {
|
|
91
98
|
Zaikio::AccessToken
|
|
92
99
|
.where(audience: client_name)
|
|
93
|
-
.
|
|
100
|
+
.by_bearer(
|
|
94
101
|
bearer_type: bearer_type,
|
|
95
102
|
bearer_id: bearer_id,
|
|
96
|
-
requested_scopes: requested_scopes
|
|
97
|
-
valid_until: valid_for.from_now
|
|
103
|
+
requested_scopes: requested_scopes
|
|
98
104
|
)
|
|
105
|
+
.valid(valid_for.from_now)
|
|
99
106
|
.first
|
|
100
107
|
}
|
|
101
108
|
|
|
@@ -113,7 +120,10 @@ module Zaikio
|
|
|
113
120
|
bearer_id: bearer_id,
|
|
114
121
|
scopes: scopes
|
|
115
122
|
),
|
|
116
|
-
requested_scopes: scopes
|
|
123
|
+
requested_scopes: scopes,
|
|
124
|
+
include_refresh_token: false
|
|
125
|
+
# Do not store refresh token on client credentials flow
|
|
126
|
+
# https://docs.zaikio.com/changelog/2022-08-09_client-credentials-drop-refresh-token.html
|
|
117
127
|
).tap(&:save!)
|
|
118
128
|
end
|
|
119
129
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-oauth_client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.19.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Zaikio GmbH
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-08-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: actionpack
|