zaikio-oauth_client 0.3.6 → 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ea835505816c2c715e98f907e37bc2af3ad5b18862de04e9eb8729c87409e949
|
4
|
+
data.tar.gz: 4ac1f29e8b3faf1faf947dae9b5c2f6e7bad14cbb5be3b437be533e4204c3c7d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '0917a11dd529acf79292807c788760dd62da68a54ccc6cdf78d5f941659490cc219066c2a6cecf40b832ddd683b65530278725704765c6fcd6fd78414fe2f3ef'
|
7
|
+
data.tar.gz: f803dc294b5c744fd4650bf2d5ca21d646d92da89b08b70deb92864c5520737cdd0e6ca21d5957772bb69b486326a57602524ec32e87b88eb82784fee9209d53
|
data/README.md
CHANGED
@@ -26,6 +26,8 @@ This will create the tables:
|
|
26
26
|
|
27
27
|
### 2. Mount routes
|
28
28
|
|
29
|
+
Add this to `config/routes.rb`:
|
30
|
+
|
29
31
|
```rb
|
30
32
|
mount Zaikio::OAuthClient::Engine => "/zaikio"
|
31
33
|
```
|
@@ -35,7 +37,7 @@ mount Zaikio::OAuthClient::Engine => "/zaikio"
|
|
35
37
|
```rb
|
36
38
|
# config/initializers/zaikio_oauth_client.rb
|
37
39
|
Zaikio::OAuthClient.configure do |config|
|
38
|
-
config.environment = :
|
40
|
+
config.environment = :sandbox
|
39
41
|
|
40
42
|
config.register_client :warehouse do |warehouse|
|
41
43
|
warehouse.client_id = "52022d7a-7ba2-41ed-8890-97d88e6472f6"
|
@@ -65,6 +67,28 @@ Zaikio::OAuthClient.configure do |config|
|
|
65
67
|
end
|
66
68
|
```
|
67
69
|
|
70
|
+
|
71
|
+
### 4. Clean up outdated access tokens (recommended)
|
72
|
+
|
73
|
+
To avoid keeping all expired oath and refresh tokens in your database, we recommend to implement their scheduled deletion. We recommend therefore to use a schedule gems such as [sidekiq](https://github.com/mperham/sidekiq) and [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler).
|
74
|
+
|
75
|
+
Simply add the following to your Gemfile:
|
76
|
+
|
77
|
+
```rb
|
78
|
+
gem "sidekiq"
|
79
|
+
gem "sidekiq-scheduler"
|
80
|
+
```
|
81
|
+
Then run `bundle install`.
|
82
|
+
|
83
|
+
Configure sidekiq scheduler in `config/sidekiq.yml`:
|
84
|
+
```yaml
|
85
|
+
:schedule:
|
86
|
+
cleanup_acces_tokens_job:
|
87
|
+
cron: '0 3 * * *' # This will delete all expired tokens every day at 3am.
|
88
|
+
class: 'Zaikio::CleanupAccessTokensJob'
|
89
|
+
```
|
90
|
+
|
91
|
+
|
68
92
|
## Usage
|
69
93
|
|
70
94
|
### OAuth Flow
|
@@ -95,6 +119,24 @@ You can then use `Current.user` anywhere.
|
|
95
119
|
|
96
120
|
For **logout** use: `zaikio_oauth_client.session_path, method: :delete` or build your own controller for deleting the cookie.
|
97
121
|
|
122
|
+
#### Multiple clients
|
123
|
+
|
124
|
+
When performing requests against directory APIs, it is important to always provide the correct client in order to use the client credentials flow correctly. Otherwise always the first client will be used. It is recommended to specify an `around_action`:
|
125
|
+
|
126
|
+
```rb
|
127
|
+
class ApplicationController < ActionController::Base
|
128
|
+
around_action :with_client
|
129
|
+
|
130
|
+
private
|
131
|
+
|
132
|
+
def with_client
|
133
|
+
Zaikio::OAuthClient.with_client Current.client_name do
|
134
|
+
yield
|
135
|
+
end
|
136
|
+
end
|
137
|
+
end
|
138
|
+
```
|
139
|
+
|
98
140
|
#### Redirecting
|
99
141
|
|
100
142
|
The `zaikio_oauth_client.new_session_path` which was used for the first initiation of the OAuth flow, accepts an optional parameter `origin` which will then be used to redirect the user at the end of a completed & successful OAuth flow.
|
@@ -26,14 +26,17 @@ module Zaikio
|
|
26
26
|
# Scopes
|
27
27
|
scope :valid, lambda {
|
28
28
|
where("expires_at > :now", now: Time.current)
|
29
|
-
.where.not(id: Zaikio::JWTAuth.
|
29
|
+
.where.not(id: Zaikio::JWTAuth.revoked_token_ids)
|
30
|
+
}
|
31
|
+
scope :with_invalid_refresh_token, lambda {
|
32
|
+
where("created_at <= ?", Time.current - Zaikio::AccessToken.refresh_token_valid_for)
|
30
33
|
}
|
31
34
|
scope :valid_refresh, lambda {
|
32
35
|
where("expires_at <= :now AND created_at > :created_at_max",
|
33
36
|
now: Time.current,
|
34
37
|
created_at_max: Time.current - refresh_token_valid_for)
|
35
38
|
.where("refresh_token IS NOT NULL")
|
36
|
-
.where.not(id: Zaikio::JWTAuth.
|
39
|
+
.where.not(id: Zaikio::JWTAuth.revoked_token_ids)
|
37
40
|
}
|
38
41
|
scope :by_bearer, lambda { |bearer_type: "Person", bearer_id:, scopes: []|
|
39
42
|
where(bearer_type: bearer_type, bearer_id: bearer_id)
|
data/lib/zaikio/oauth_client.rb
CHANGED
@@ -7,14 +7,17 @@ require "zaikio/oauth_client/authenticatable"
|
|
7
7
|
module Zaikio
|
8
8
|
module OAuthClient
|
9
9
|
class << self
|
10
|
-
attr_accessor :configuration
|
11
10
|
attr_reader :client_name
|
12
11
|
|
13
12
|
def configure
|
14
|
-
|
13
|
+
@configuration ||= Configuration.new
|
15
14
|
yield(configuration)
|
16
15
|
end
|
17
16
|
|
17
|
+
def configuration
|
18
|
+
@configuration ||= Configuration.new
|
19
|
+
end
|
20
|
+
|
18
21
|
def for(client_name = nil)
|
19
22
|
client_config_for(client_name).oauth_client
|
20
23
|
end
|
@@ -31,10 +34,11 @@ module Zaikio
|
|
31
34
|
end
|
32
35
|
|
33
36
|
def with_client(client_name)
|
37
|
+
original_client_name = @client_name || nil
|
34
38
|
@client_name = client_name
|
35
39
|
yield
|
36
40
|
ensure
|
37
|
-
@client_name =
|
41
|
+
@client_name = original_client_name
|
38
42
|
end
|
39
43
|
|
40
44
|
def with_auth(options_or_access_token, &block)
|
@@ -5,11 +5,11 @@ module Zaikio
|
|
5
5
|
module OAuthClient
|
6
6
|
class Configuration
|
7
7
|
HOSTS = {
|
8
|
-
development: "http://
|
9
|
-
test: "http://
|
10
|
-
staging: "https://
|
11
|
-
sandbox: "https://
|
12
|
-
production: "https://
|
8
|
+
development: "http://hub.zaikio.test",
|
9
|
+
test: "http://hub.zaikio.test",
|
10
|
+
staging: "https://hub.staging.zaikio.com",
|
11
|
+
sandbox: "https://hub.sandbox.zaikio.com",
|
12
|
+
production: "https://hub.zaikio.com"
|
13
13
|
}.freeze
|
14
14
|
|
15
15
|
attr_accessor :host
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: zaikio-oauth_client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Zaikio GmbH
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-08-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -42,16 +42,22 @@ dependencies:
|
|
42
42
|
name: zaikio-jwt_auth
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- - "
|
45
|
+
- - ">="
|
46
46
|
- !ruby/object:Gem::Version
|
47
47
|
version: 0.2.1
|
48
|
+
- - "<"
|
49
|
+
- !ruby/object:Gem::Version
|
50
|
+
version: 0.4.0
|
48
51
|
type: :runtime
|
49
52
|
prerelease: false
|
50
53
|
version_requirements: !ruby/object:Gem::Requirement
|
51
54
|
requirements:
|
52
|
-
- - "
|
55
|
+
- - ">="
|
53
56
|
- !ruby/object:Gem::Version
|
54
57
|
version: 0.2.1
|
58
|
+
- - "<"
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: 0.4.0
|
55
61
|
- !ruby/object:Gem::Dependency
|
56
62
|
name: pg
|
57
63
|
requirement: !ruby/object:Gem::Requirement
|
@@ -98,6 +104,7 @@ files:
|
|
98
104
|
- app/controllers/zaikio/oauth_client/sessions_controller.rb
|
99
105
|
- app/helpers/zaikio/application_helper.rb
|
100
106
|
- app/jobs/zaikio/application_job.rb
|
107
|
+
- app/jobs/zaikio/cleanup_access_tokens_job.rb
|
101
108
|
- app/models/zaikio/access_token.rb
|
102
109
|
- config/initializers/inflections.rb
|
103
110
|
- config/locales/en.yml
|
@@ -112,7 +119,7 @@ files:
|
|
112
119
|
- lib/zaikio/oauth_client/engine.rb
|
113
120
|
- lib/zaikio/oauth_client/test_helper.rb
|
114
121
|
- lib/zaikio/oauth_client/version.rb
|
115
|
-
homepage: https://
|
122
|
+
homepage: https://www.zaikio.com
|
116
123
|
licenses:
|
117
124
|
- MIT
|
118
125
|
metadata: {}
|
@@ -131,7 +138,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
131
138
|
- !ruby/object:Gem::Version
|
132
139
|
version: '0'
|
133
140
|
requirements: []
|
134
|
-
rubygems_version: 3.
|
141
|
+
rubygems_version: 3.0.3
|
135
142
|
signing_key:
|
136
143
|
specification_version: 4
|
137
144
|
summary: Zaikio Platform Connectivity
|