zaikio-oauth_client 0.5.0 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +14 -1
- data/app/models/zaikio/access_token.rb +11 -6
- data/db/migrate/20210222135920_enhance_access_token_index.rb +7 -0
- data/db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb +6 -0
- data/lib/zaikio/oauth_client.rb +7 -2
- data/lib/zaikio/oauth_client/authenticatable.rb +9 -7
- data/lib/zaikio/oauth_client/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: faffe2dacfd78ac4049dc0cb8897bd5f479c0333959433b3613ed7ccf683c270
|
|
4
|
+
data.tar.gz: 18b59f470cc9fe488d00fab7c57ce5e72edbd916a79f9805447ebb0dd10d2310
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9700b26771536ecedbfeaf5cf48f088e83d209d169e0bf3380c2f19c76c8cd3fd93047f2c4fcbe968db94cc008130c65016842d882564267942ad1bbbdc1148f
|
|
7
|
+
data.tar.gz: 56ef475c436b106d17b5f145ea3053762414d0bc3c7a3aff87ee796322d63a06774aae1edfb0837dfde61fa49cc113095b2decacb14acdd2e2b1fcb398628db5
|
data/README.md
CHANGED
|
@@ -103,7 +103,20 @@ redirect_to zaikio_oauth_client.new_session_path(client_name: 'my_other_client')
|
|
|
103
103
|
redirect_to zaikio_oauth_client.new_connection_path(client_name: 'my_other_client')
|
|
104
104
|
```
|
|
105
105
|
|
|
106
|
-
This will redirect the user to the OAuth Authorize endpoint of the Zaikio Directory
|
|
106
|
+
This will redirect the user to the OAuth Authorize endpoint of the Zaikio Directory
|
|
107
|
+
`.../oauth/authorize` and include all necessary parameters like your client_id. You may
|
|
108
|
+
also pass `show_signup`, `force_login` and `state` parameters through, like so:
|
|
109
|
+
|
|
110
|
+
```ruby
|
|
111
|
+
# Take the user directly to the signup page
|
|
112
|
+
redirect_to zaikio_oauth_client.new_session_path(show_signup: true)
|
|
113
|
+
|
|
114
|
+
# Force the user to re-authenticate even if they have an existing session
|
|
115
|
+
redirect_to zaikio_oauth_client.new_session_path(force_login: true)
|
|
116
|
+
|
|
117
|
+
# Pass a custom Oauth 2.0 state parameter
|
|
118
|
+
redirect_to zaikio_oauth_client.new_session_path(state: "something-my-app-uses")
|
|
119
|
+
```
|
|
107
120
|
|
|
108
121
|
#### Session handling
|
|
109
122
|
|
|
@@ -5,8 +5,9 @@ module Zaikio
|
|
|
5
5
|
class AccessToken < ApplicationRecord
|
|
6
6
|
self.table_name = "zaikio_access_tokens"
|
|
7
7
|
|
|
8
|
-
def self.build_from_access_token(access_token) # rubocop:disable Metrics/AbcSize
|
|
8
|
+
def self.build_from_access_token(access_token, requested_scopes: nil) # rubocop:disable Metrics/AbcSize
|
|
9
9
|
payload = JWT.decode(access_token.token, nil, false).first rescue {} # rubocop:disable Style/RescueModifier
|
|
10
|
+
scopes = access_token.params["scope"].split(",")
|
|
10
11
|
new(
|
|
11
12
|
id: payload["jti"],
|
|
12
13
|
bearer_type: access_token.params["bearer"]["type"],
|
|
@@ -15,7 +16,8 @@ module Zaikio
|
|
|
15
16
|
token: access_token.token,
|
|
16
17
|
refresh_token: access_token.refresh_token,
|
|
17
18
|
expires_at: Time.strptime(access_token.expires_at.to_s, "%s"),
|
|
18
|
-
scopes:
|
|
19
|
+
scopes: scopes,
|
|
20
|
+
requested_scopes: requested_scopes || scopes
|
|
19
21
|
)
|
|
20
22
|
end
|
|
21
23
|
|
|
@@ -38,9 +40,9 @@ module Zaikio
|
|
|
38
40
|
.where("refresh_token IS NOT NULL")
|
|
39
41
|
.where.not(id: Zaikio::JWTAuth.revoked_token_ids)
|
|
40
42
|
}
|
|
41
|
-
scope :by_bearer, lambda { |bearer_id:,
|
|
43
|
+
scope :by_bearer, lambda { |bearer_id:, requested_scopes: [], bearer_type: "Person"|
|
|
42
44
|
where(bearer_type: bearer_type, bearer_id: bearer_id)
|
|
43
|
-
.where("
|
|
45
|
+
.where("requested_scopes @> ARRAY[?]::varchar[]", requested_scopes)
|
|
44
46
|
}
|
|
45
47
|
scope :usable, lambda { |options|
|
|
46
48
|
by_bearer(**options).valid.or(by_bearer(**options).valid_refresh)
|
|
@@ -60,7 +62,7 @@ module Zaikio
|
|
|
60
62
|
end
|
|
61
63
|
|
|
62
64
|
def bearer_klass
|
|
63
|
-
return unless Zaikio.const_defined?("
|
|
65
|
+
return unless Zaikio.const_defined?("Hub::Models", false)
|
|
64
66
|
|
|
65
67
|
if Zaikio::Hub::Models.configuration.respond_to?(:"#{bearer_type.underscore}_class_name")
|
|
66
68
|
Zaikio::Hub::Models.configuration.public_send(:"#{bearer_type.underscore}_class_name").constantize
|
|
@@ -76,7 +78,10 @@ module Zaikio
|
|
|
76
78
|
attributes.slice("token", "refresh_token")
|
|
77
79
|
).refresh!
|
|
78
80
|
|
|
79
|
-
access_token = self.class.build_from_access_token(
|
|
81
|
+
access_token = self.class.build_from_access_token(
|
|
82
|
+
refreshed_token,
|
|
83
|
+
requested_scopes: requested_scopes
|
|
84
|
+
)
|
|
80
85
|
|
|
81
86
|
transaction { destroy if access_token.save! }
|
|
82
87
|
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
class AddRequestedScopesToZaikioAccessTokens < ActiveRecord::Migration[6.1]
|
|
2
|
+
def change
|
|
3
|
+
add_column :zaikio_access_tokens, :requested_scopes, :string, array: true, default: [], null: false
|
|
4
|
+
Zaikio::AccessToken.update_all("requested_scopes = scopes, updated_at = now()")
|
|
5
|
+
end
|
|
6
|
+
end
|
data/lib/zaikio/oauth_client.rb
CHANGED
|
@@ -63,7 +63,11 @@ module Zaikio
|
|
|
63
63
|
scopes ||= client_config.default_scopes_for(bearer_type)
|
|
64
64
|
|
|
65
65
|
access_token = Zaikio::AccessToken.where(audience: client_config.client_name)
|
|
66
|
-
.usable(
|
|
66
|
+
.usable(
|
|
67
|
+
bearer_type: bearer_type,
|
|
68
|
+
bearer_id: bearer_id,
|
|
69
|
+
requested_scopes: scopes
|
|
70
|
+
)
|
|
67
71
|
.first
|
|
68
72
|
|
|
69
73
|
if access_token.blank?
|
|
@@ -72,7 +76,8 @@ module Zaikio
|
|
|
72
76
|
bearer_type: bearer_type,
|
|
73
77
|
bearer_id: bearer_id,
|
|
74
78
|
scopes: scopes
|
|
75
|
-
)
|
|
79
|
+
),
|
|
80
|
+
requested_scopes: scopes
|
|
76
81
|
)
|
|
77
82
|
access_token.save!
|
|
78
83
|
elsif access_token&.expired?
|
|
@@ -4,11 +4,13 @@ module Zaikio
|
|
|
4
4
|
extend ActiveSupport::Concern
|
|
5
5
|
|
|
6
6
|
def new
|
|
7
|
-
|
|
7
|
+
opts = params.permit(:client_name, :show_signup, :force_login, :state)
|
|
8
|
+
client_name = opts.delete(:client_name)
|
|
8
9
|
|
|
9
10
|
redirect_to oauth_client.auth_code.authorize_url(
|
|
10
|
-
redirect_uri: approve_url(
|
|
11
|
-
scope: oauth_scope
|
|
11
|
+
redirect_uri: approve_url(client_name),
|
|
12
|
+
scope: oauth_scope,
|
|
13
|
+
**opts
|
|
12
14
|
)
|
|
13
15
|
end
|
|
14
16
|
|
|
@@ -49,10 +51,10 @@ module Zaikio
|
|
|
49
51
|
def create_access_token
|
|
50
52
|
access_token_response = oauth_client.auth_code.get_token(params[:code])
|
|
51
53
|
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
54
|
+
Zaikio::AccessToken.build_from_access_token(
|
|
55
|
+
access_token_response,
|
|
56
|
+
requested_scopes: client_config.default_scopes
|
|
57
|
+
).tap(&:save!)
|
|
56
58
|
end
|
|
57
59
|
|
|
58
60
|
def client_name
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-oauth_client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Zaikio GmbH
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-03-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -111,6 +111,8 @@ files:
|
|
|
111
111
|
- config/routes.rb
|
|
112
112
|
- db/migrate/20190426155505_enable_postgres_extensions_for_uuids.rb
|
|
113
113
|
- db/migrate/20191017132048_create_zaikio_access_tokens.rb
|
|
114
|
+
- db/migrate/20210222135920_enhance_access_token_index.rb
|
|
115
|
+
- db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb
|
|
114
116
|
- lib/tasks/zaikio_tasks.rake
|
|
115
117
|
- lib/zaikio/oauth_client.rb
|
|
116
118
|
- lib/zaikio/oauth_client/authenticatable.rb
|