zaikio-oauth_client 0.6.0 → 0.6.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 70305a5016ca591d7275d6bf09627865e32417481047c3717099108c251a5d93
-  data.tar.gz: 8274f9034a133d510be6fc6c42e6fb7c96e807fbac4b076ce0f42f13da7b2536
+  metadata.gz: f73993c6e346ad227b9591f3978d5e8df70f3cbe02a123da0880581c90877090
+  data.tar.gz: 78a28c37466e1c1f572c4691c43b86dd0dcc583089ea04ea53adf546727529fd
 SHA512:
-  metadata.gz: 9cae8d8c1dee2d253d38764adcd245ed042017c99bc70255db2f236e11d2c77ef20b75f366a30ca59eda1c1ab9673e54b6e7117b5ab2159d78a6afbc38c214fe
-  data.tar.gz: 8cfd8a8df57d6076292ddca2253cb3cd9f79c2411fcadddc265757b5fea67c4dfabb67cd4406459e894708cee9b9d37bf6025cbb3fd455ceb575521cbb3000de
+  metadata.gz: 4ead8b3e3d2576cefd9067633f02b814362cb2d8f8b912ffeb25e5d6165a9e980ccb76614c1373e8bf4a4954b6f087632982bd5eaace58d8bc6f3f726206ea1f
+  data.tar.gz: 1979f2d0c8da9a6fdb813dbb02c48b229dd308b742aedf93c63f28545e5d1d11dbcf658f2c35c9e20b2cee5369348ae48cf346f24ba4d3fe5732aff9ba17153d

data/app/models/zaikio/access_token.rb

@@ -5,8 +5,9 @@ module Zaikio
   class AccessToken < ApplicationRecord
     self.table_name = "zaikio_access_tokens"
 
-    def self.build_from_access_token(access_token) # rubocop:disable Metrics/AbcSize
+    def self.build_from_access_token(access_token, requested_scopes: nil) # rubocop:disable Metrics/AbcSize
       payload = JWT.decode(access_token.token, nil, false).first rescue {} # rubocop:disable Style/RescueModifier
+      scopes = access_token.params["scope"].split(",")
       new(
         id: payload["jti"],
         bearer_type: access_token.params["bearer"]["type"],
@@ -15,7 +16,8 @@ module Zaikio
         token: access_token.token,
         refresh_token: access_token.refresh_token,
         expires_at: Time.strptime(access_token.expires_at.to_s, "%s"),
-        scopes: access_token.params["scope"].split(",")
+        scopes: scopes,
+        requested_scopes: requested_scopes || scopes
       )
     end
 
@@ -38,9 +40,9 @@ module Zaikio
         .where("refresh_token IS NOT NULL")
         .where.not(id: Zaikio::JWTAuth.revoked_token_ids)
     }
-    scope :by_bearer, lambda { |bearer_id:, scopes: [], bearer_type: "Person"|
+    scope :by_bearer, lambda { |bearer_id:, requested_scopes: [], bearer_type: "Person"|
       where(bearer_type: bearer_type, bearer_id: bearer_id)
-        .where("scopes @> ARRAY[?]::varchar[]", scopes)
+        .where("requested_scopes @> ARRAY[?]::varchar[]", requested_scopes)
     }
     scope :usable, lambda { |options|
       by_bearer(**options).valid.or(by_bearer(**options).valid_refresh)
@@ -76,7 +78,10 @@ module Zaikio
           attributes.slice("token", "refresh_token")
         ).refresh!
 
-        access_token = self.class.build_from_access_token(refreshed_token)
+        access_token = self.class.build_from_access_token(
+          refreshed_token,
+          requested_scopes: requested_scopes
+        )
 
         transaction { destroy if access_token.save! }
 

data/db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb

@@ -0,0 +1,6 @@
+class AddRequestedScopesToZaikioAccessTokens < ActiveRecord::Migration[6.1]
+  def change
+    add_column :zaikio_access_tokens, :requested_scopes, :string, array: true, default: [], null: false
+    Zaikio::AccessToken.update_all("requested_scopes = scopes, updated_at = now()")
+  end
+end

data/lib/zaikio/oauth_client.rb

@@ -63,7 +63,11 @@ module Zaikio
         scopes ||= client_config.default_scopes_for(bearer_type)
 
         access_token = Zaikio::AccessToken.where(audience: client_config.client_name)
-                                          .usable(bearer_type: bearer_type, bearer_id: bearer_id, scopes: scopes)
+                                          .usable(
+                                            bearer_type: bearer_type,
+                                            bearer_id: bearer_id,
+                                            requested_scopes: scopes
+                                          )
                                           .first
 
         if access_token.blank?
@@ -72,7 +76,8 @@ module Zaikio
               bearer_type: bearer_type,
               bearer_id: bearer_id,
               scopes: scopes
-            )
+            ),
+            requested_scopes: scopes
           )
           access_token.save!
         elsif access_token&.expired?

data/lib/zaikio/oauth_client/authenticatable.rb

@@ -49,10 +49,10 @@ module Zaikio
       def create_access_token
         access_token_response = oauth_client.auth_code.get_token(params[:code])
 
-        access_token = Zaikio::AccessToken.build_from_access_token(access_token_response)
-        access_token.save!
-
-        access_token
+        Zaikio::AccessToken.build_from_access_token(
+          access_token_response,
+          requested_scopes: client_config.default_scopes
+        ).tap(&:save!)
       end
 
       def client_name

data/lib/zaikio/oauth_client/version.rb

@@ -1,5 +1,5 @@
 module Zaikio
   module OAuthClient
-    VERSION = "0.6.0".freeze
+    VERSION = "0.6.1".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zaikio-oauth_client
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.6.1
 platform: ruby
 authors:
 - Zaikio GmbH
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-02-23 00:00:00.000000000 Z
+date: 2021-02-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -112,6 +112,7 @@ files:
 - db/migrate/20190426155505_enable_postgres_extensions_for_uuids.rb
 - db/migrate/20191017132048_create_zaikio_access_tokens.rb
 - db/migrate/20210222135920_enhance_access_token_index.rb
+- db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb
 - lib/tasks/zaikio_tasks.rake
 - lib/zaikio/oauth_client.rb
 - lib/zaikio/oauth_client/authenticatable.rb