zaikio-oauth_client 0.3.5 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 18ff86a2a9302a3e1b9b1d26713b63c95d0c88835760d0fd10be57167154d5ec
-  data.tar.gz: 1cefd5a0abb861d6a9d2dbdb45c80d9f6ba592b250be72527be9bbaacc924a39
+  metadata.gz: a0941f7172aa5d44ab3548647ddb08818ba3f49b3d16b6362c4763056da0ce81
+  data.tar.gz: d8354f0e4f1e4a29c3340f9db82e6b257f8cd0af611aa856da5c7db35e6d9101
 SHA512:
-  metadata.gz: 9d4623a440c5ecb8d989df4757f77fd890d15272d2a8e1af077ec0da77292f488c24f239926072c517803cba22ef750a8f14c66f9f5e765e076136081813f8d6
-  data.tar.gz: 1e77a452cc6fa4a2b40be38ede7c5115d36e0e113a682e165c7c7a0ca57c758077644a50d9bbd034275d0ba002344ebd1b5e9b9702f2618712b4801a00498900
+  metadata.gz: 8239d18c9d17d868190adb4d6430241684fb6f8b9333c3b56e28161f9bfe2127a1a6284165559244e507dec7bef4904d4497c100d964057f5fde051e16e754fc
+  data.tar.gz: ba022530c742210508279d61937a3d0f330ecea230682e2d54373dc2479cf1016d95428df33429bafa03dafe8b1cb461f6a3ae5c41c1ffc6ddc8b9eef33257cd

data/README.md

@@ -26,6 +26,8 @@ This will create the tables:
 
 ### 2. Mount routes
 
+Add this to `config/routes.rb`:
+
 ```rb
 mount Zaikio::OAuthClient::Engine => "/zaikio"
 ```
@@ -35,7 +37,7 @@ mount Zaikio::OAuthClient::Engine => "/zaikio"
 ```rb
 # config/initializers/zaikio_oauth_client.rb
 Zaikio::OAuthClient.configure do |config|
-  config.environment = :test
+  config.environment = :sandbox
 
   config.register_client :warehouse do |warehouse|
     warehouse.client_id       = "52022d7a-7ba2-41ed-8890-97d88e6472f6"
@@ -65,6 +67,28 @@ Zaikio::OAuthClient.configure do |config|
 end
 ```
 
+
+### 4. Clean up outdated access tokens (recommended)
+
+To avoid keeping all expired oath and refresh tokens in your database, we recommend to implement their scheduled deletion. We recommend therefore to use a schedule gems such as [sidekiq](https://github.com/mperham/sidekiq) and [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler).
+
+Simply add the following to your Gemfile:
+
+```rb
+gem "sidekiq"
+gem "sidekiq-scheduler"
+```
+Then run `bundle install`.
+
+Configure sidekiq scheduler in `config/sidekiq.yml`:
+```yaml
+:schedule:
+  cleanup_acces_tokens_job:
+    cron: '0 3 * * *'               # This will delete all expired tokens every day at 3am.
+    class: 'Zaikio::CleanupAccessTokensJob'
+```
+
+
 ## Usage
 
 ### OAuth Flow
@@ -95,6 +119,24 @@ You can then use `Current.user` anywhere.
 
 For **logout** use: `zaikio_oauth_client.session_path, method: :delete` or build your own controller for deleting the cookie.
 
+#### Multiple clients
+
+When performing requests against directory APIs, it is important to always provide the correct client in order to use the client credentials flow correctly. Otherwise always the first client will be used. It is recommended to specify an `around_action`:
+
+```rb
+class ApplicationController < ActionController::Base
+  around_action :with_client
+
+  private
+
+  def with_client
+    Zaikio::OAuthClient.with_client Current.client_name do
+      yield
+    end
+  end
+end
+```
+
 #### Redirecting
 
 The `zaikio_oauth_client.new_session_path` which was used for the first initiation of the OAuth flow, accepts an optional parameter `origin` which will then be used to redirect the user at the end of a completed & successful OAuth flow.

data/app/jobs/zaikio/cleanup_access_tokens_job.rb

@@ -0,0 +1,7 @@
+module Zaikio
+  class CleanupAccessTokensJob < ApplicationJob
+    def perform
+      Zaikio::AccessToken.with_invalid_refresh_token.delete_all
+    end
+  end
+end

data/app/models/zaikio/access_token.rb

@@ -28,10 +28,14 @@ module Zaikio
       where("expires_at > :now", now: Time.current)
         .where.not(id: Zaikio::JWTAuth.blacklisted_token_ids)
     }
+    scope :with_invalid_refresh_token, lambda {
+      where("created_at <= ?", Time.current - Zaikio::AccessToken.refresh_token_valid_for)
+    }
     scope :valid_refresh, lambda {
       where("expires_at <= :now AND created_at > :created_at_max",
             now: Time.current,
             created_at_max: Time.current - refresh_token_valid_for)
+        .where("refresh_token IS NOT NULL")
         .where.not(id: Zaikio::JWTAuth.blacklisted_token_ids)
     }
     scope :by_bearer, lambda { |bearer_type: "Person", bearer_id:, scopes: []|

data/lib/zaikio/oauth_client.rb

@@ -7,14 +7,17 @@ require "zaikio/oauth_client/authenticatable"
 module Zaikio
   module OAuthClient
     class << self
-      attr_accessor :configuration
       attr_reader :client_name
 
       def configure
-        self.configuration ||= Configuration.new
+        @configuration ||= Configuration.new
         yield(configuration)
       end
 
+      def configuration
+        @configuration ||= Configuration.new
+      end
+
       def for(client_name = nil)
         client_config_for(client_name).oauth_client
       end
@@ -31,10 +34,11 @@ module Zaikio
       end
 
       def with_client(client_name)
+        original_client_name = @client_name || nil
         @client_name = client_name
         yield
       ensure
-        @client_name = nil
+        @client_name = original_client_name
       end
 
       def with_auth(options_or_access_token, &block)

data/lib/zaikio/oauth_client/configuration.rb

@@ -5,11 +5,11 @@ module Zaikio
   module OAuthClient
     class Configuration
       HOSTS = {
-        development: "http://directory.zaikio.test",
-        test: "http://directory.zaikio.test",
-        staging: "https://directory.staging.zaikio.com",
-        sandbox: "https://directory.sandbox.zaikio.com",
-        production: "https://directory.zaikio.com"
+        development: "http://hub.zaikio.test",
+        test: "http://hub.zaikio.test",
+        staging: "https://hub.staging.zaikio.com",
+        sandbox: "https://hub.sandbox.zaikio.com",
+        production: "https://hub.zaikio.com"
       }.freeze
 
       attr_accessor :host

data/lib/zaikio/oauth_client/version.rb

@@ -1,5 +1,5 @@
 module Zaikio
   module OAuthClient
-    VERSION = "0.3.5".freeze
+    VERSION = "0.4.0".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zaikio-oauth_client
 version: !ruby/object:Gem::Version
-  version: 0.3.5
+  version: 0.4.0
 platform: ruby
 authors:
 - Zaikio GmbH
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-28 00:00:00.000000000 Z
+date: 2020-08-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -42,16 +42,22 @@ dependencies:
   name: zaikio-jwt_auth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.2.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 0.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.2.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 0.4.0
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -98,6 +104,7 @@ files:
 - app/controllers/zaikio/oauth_client/sessions_controller.rb
 - app/helpers/zaikio/application_helper.rb
 - app/jobs/zaikio/application_job.rb
+- app/jobs/zaikio/cleanup_access_tokens_job.rb
 - app/models/zaikio/access_token.rb
 - config/initializers/inflections.rb
 - config/locales/en.yml
@@ -112,7 +119,7 @@ files:
 - lib/zaikio/oauth_client/engine.rb
 - lib/zaikio/oauth_client/test_helper.rb
 - lib/zaikio/oauth_client/version.rb
-homepage: https://crispymtn.com
+homepage: https://www.zaikio.com
 licenses:
 - MIT
 metadata: {}
@@ -131,7 +138,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Zaikio Platform Connectivity