RubyGems - zaikio-oauth_client - Versions diffs - 0.6.1 → 0.8.1 - Mend

zaikio-oauth_client 0.6.1 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/README.md +14 -1
data/app/models/zaikio/access_token.rb +10 -6
data/lib/zaikio/oauth_client.rb +40 -24
data/lib/zaikio/oauth_client/authenticatable.rb +5 -3
data/lib/zaikio/oauth_client/version.rb +1 -1
metadata +45 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f73993c6e346ad227b9591f3978d5e8df70f3cbe02a123da0880581c90877090
-  data.tar.gz: 78a28c37466e1c1f572c4691c43b86dd0dcc583089ea04ea53adf546727529fd
+  metadata.gz: 32791412d8324e894c609e9ba73c1bc2fabb756117b91d81012d208730dfd5c2
+  data.tar.gz: a1af7430748c3bce9e0d8058de85edcbdf0e2ecc3b568b389184e13b8945753d
 SHA512:
-  metadata.gz: 4ead8b3e3d2576cefd9067633f02b814362cb2d8f8b912ffeb25e5d6165a9e980ccb76614c1373e8bf4a4954b6f087632982bd5eaace58d8bc6f3f726206ea1f
-  data.tar.gz: 1979f2d0c8da9a6fdb813dbb02c48b229dd308b742aedf93c63f28545e5d1d11dbcf658f2c35c9e20b2cee5369348ae48cf346f24ba4d3fe5732aff9ba17153d
+  metadata.gz: 6a33fdbb048a31fb157b006606ecbebbe69ac7950e17a25e1c3817f02485b15d8e7726c10fc8277ca57b6ea0a4781264d3055f188a0883613b053605e9a990a6
+  data.tar.gz: 6e404b985ce76339e9edf1612b2db4d0d686c9b75f67ae8f4ff131c80e806a5911a223681d2abbbbbf03b72c3e155c66a891e45a696da403cdac095c2b1513f2

data/README.md CHANGED Viewed

@@ -103,7 +103,20 @@ redirect_to zaikio_oauth_client.new_session_path(client_name: 'my_other_client')
 redirect_to zaikio_oauth_client.new_connection_path(client_name: 'my_other_client')
 ```
-This will redirect the user to the OAuth Authorize endpoint of the Zaikio Directory `.../oauth/authorize` and include all necessary parameters like your client_id.
+This will redirect the user to the OAuth Authorize endpoint of the Zaikio Directory
+`.../oauth/authorize` and include all necessary parameters like your client_id. You may
+also pass `show_signup`, `force_login` and `state` parameters through, like so:
+```ruby
+# Take the user directly to the signup page
+redirect_to zaikio_oauth_client.new_session_path(show_signup: true)
+# Force the user to re-authenticate even if they have an existing session
+redirect_to zaikio_oauth_client.new_session_path(force_login: true)
+# Pass a custom Oauth 2.0 state parameter
+redirect_to zaikio_oauth_client.new_session_path(state: "something-my-app-uses")
+```
 #### Session handling

data/app/models/zaikio/access_token.rb CHANGED Viewed

@@ -62,7 +62,7 @@ module Zaikio
     end
     def bearer_klass
-      return unless Zaikio.const_defined?("Hub::Models")
+      return unless Zaikio.const_defined?("Hub::Models", false)
       if Zaikio::Hub::Models.configuration.respond_to?(:"#{bearer_type.underscore}_class_name")
         Zaikio::Hub::Models.configuration.public_send(:"#{bearer_type.underscore}_class_name").constantize
@@ -78,15 +78,19 @@ module Zaikio
           attributes.slice("token", "refresh_token")
         ).refresh!
-        access_token = self.class.build_from_access_token(
+        destroy
+        self.class.build_from_access_token(
           refreshed_token,
           requested_scopes: requested_scopes
-        )
+        ).tap(&:save!)
+      end
+    rescue OAuth2::Error => e
+      raise unless e.code == "invalid_grant"
-        transaction { destroy if access_token.save! }
+      destroy
-        access_token
-      end
+      nil
     end
   end
 end

data/lib/zaikio/oauth_client.rb CHANGED Viewed

@@ -57,34 +57,50 @@ module Zaikio
         end
       end
-      def get_access_token(client_name: nil, bearer_type: "Person", bearer_id: nil, scopes: nil) # rubocop:disable Metrics/MethodLength
-        client_name ||= self.client_name
-        client_config = client_config_for(client_name)
+      # Finds the best possible access token, using the DB or an API call
+      #   * If the token has expired, it will be refreshed using the refresh_token flow
+      #     (if this fails, we fallback to getting a new token using client_credentials)
+      #   * If the token does not exist, we'll get a new one using the client_credentials flow
+      def get_access_token(bearer_id:, client_name: nil, bearer_type: "Person", scopes: nil)
+        client_config = client_config_for(client_name || self.client_name)
         scopes ||= client_config.default_scopes_for(bearer_type)
-        access_token = Zaikio::AccessToken.where(audience: client_config.client_name)
-                                          .usable(
-                                            bearer_type: bearer_type,
-                                            bearer_id: bearer_id,
-                                            requested_scopes: scopes
-                                          )
-                                          .first
-        if access_token.blank?
-          access_token = Zaikio::AccessToken.build_from_access_token(
-            client_config.token_by_client_credentials(
-              bearer_type: bearer_type,
-              bearer_id: bearer_id,
-              scopes: scopes
-            ),
-            requested_scopes: scopes
+        token = find_usable_access_token(client_name: client_config.client_name,
+                                         bearer_type: bearer_type,
+                                         bearer_id: bearer_id,
+                                         requested_scopes: scopes)
+        token = token.refresh! if token&.expired?
+        token ||= fetch_new_token(client_config: client_config,
+                                  bearer_type: bearer_type,
+                                  bearer_id: bearer_id,
+                                  scopes: scopes)
+        token
+      end
+      # Finds the best usable access token. Note that this token may have expired and
+      # would require refreshing.
+      def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:)
+        Zaikio::AccessToken
+          .where(audience: client_name)
+          .usable(
+            bearer_type: bearer_type,
+            bearer_id: bearer_id,
+            requested_scopes: requested_scopes
           )
-          access_token.save!
-        elsif access_token&.expired?
-          access_token = access_token.refresh!
-        end
+          .first
+      end
-        access_token
+      def fetch_new_token(client_config:, bearer_type:, bearer_id:, scopes:)
+        Zaikio::AccessToken.build_from_access_token(
+          client_config.token_by_client_credentials(
+            bearer_type: bearer_type,
+            bearer_id: bearer_id,
+            scopes: scopes
+          ),
+          requested_scopes: scopes
+        ).tap(&:save!)
       end
       def get_plain_scopes(scopes)

data/lib/zaikio/oauth_client/authenticatable.rb CHANGED Viewed

@@ -4,11 +4,13 @@ module Zaikio
       extend ActiveSupport::Concern
       def new
-        cookies.encrypted[:origin] = params[:origin]
+        opts = params.permit(:client_name, :show_signup, :force_login, :state)
+        client_name = opts.delete(:client_name)
         redirect_to oauth_client.auth_code.authorize_url(
-          redirect_uri: approve_url(params[:client_name]),
-          scope: oauth_scope
+          redirect_uri: approve_url(client_name),
+          scope: oauth_scope,
+          **opts
         )
       end

data/lib/zaikio/oauth_client/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Zaikio
   module OAuthClient
-    VERSION = "0.6.1".freeze
+    VERSION = "0.8.1".freeze
   end
 end

metadata CHANGED Viewed

@@ -1,17 +1,59 @@
 --- !ruby/object:Gem::Specification
 name: zaikio-oauth_client
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.8.1
 platform: ruby
 authors:
 - Zaikio GmbH
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-25 00:00:00.000000000 Z
+date: 2021-03-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rails
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+- !ruby/object:Gem::Dependency
+  name: railties
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="