Class: OAuth2::Strategy::Assertion
- Defined in:
- lib/oauth2/strategy/assertion.rb
Overview
The Client Assertion Strategy
Sample usage:
  client = OAuth2::Client.new(client_id, client_secret,
                              :site => ‘http://localhost:8080’,
                              :auth_scheme => :request_body)
claim_set = {
    :iss => “http://localhost:3001”,
    :aud => “http://localhost:8080/oauth2/token”,
    :sub => “me@example.com”,
    :exp => Time.now.utc.to_i + 3600,
  }
encoding = {
    :algorithm => ‘HS256’,
    :key => ‘secret_key’,
  }
access = client.assertion.get_token(claim_set, encoding)
  access.token                 # actual access_token string
  access.get(“/api/stuff”)     # making api calls with access token in header
Instance Method Summary collapse
- 
  
    
      #authorize_url  ⇒ Object 
    
    
  
  
  
  
  
  
  
  
  
    Not used for this strategy. 
- 
  
    
      #get_token(claims, encoding_opts, request_opts = {}, response_opts = {})  ⇒ Object 
    
    
  
  
  
  
  
  
  
  
  
    Retrieve an access token given the specified client. 
Methods inherited from Base
Constructor Details
This class inherits a constructor from OAuth2::Strategy::Base
Instance Method Details
#authorize_url ⇒ Object
Not used for this strategy
| 36 37 38 | # File 'lib/oauth2/strategy/assertion.rb', line 36 def raise(NotImplementedError, "The authorization endpoint is not used in this strategy") end | 
#get_token(claims, encoding_opts, request_opts = {}, response_opts = {}) ⇒ Object
Retrieve an access token given the specified client.
For reading on JWT and claim keys:
  @see https://github.com/jwt/ruby-jwt
  @see https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
  @see https://datatracker.ietf.org/doc/html/rfc7523#section-3
  @see https://www.iana.org/assignments/jwt/jwt.xhtml
There are many possible claim keys, and applications may ask for their own custom keys.
Some typically required ones:
  :iss (issuer)
  :aud (audience)
  :sub (subject) – formerly :prn https://datatracker.ietf.org/doc/html/draft-ietf-oauth-json-web-token-06#appendix-F
  :exp, (expiration time) – in seconds, e.g. Time.now.utc.to_i + 3600
Note that this method does not validate presence of those four claim keys indicated as required by RFC 7523.
There are endpoints that may not conform with this RFC, and this gem should still work for those use cases.
These two options are passed directly to JWT.encode.  For supported encoding arguments:
  @see https://github.com/jwt/ruby-jwt#algorithms-and-usage
  @see https://datatracker.ietf.org/doc/html/rfc7518#section-3.1
The object type of :key may depend on the value of :algorithm.  Sample arguments:
  get_token(claim_set, => ‘HS256’, :key => ‘secret_key’)
  get_token(claim_set, => ‘RS256’, :key => OpenSSL::PKCS12.new(File.read(‘my_key.p12’), ‘not_secret’))
| 79 80 81 82 83 84 | # File 'lib/oauth2/strategy/assertion.rb', line 79 def get_token(claims, encoding_opts, request_opts = {}, response_opts = {}) assertion = build_assertion(claims, encoding_opts) params = build_request(assertion, request_opts) @client.get_token(params, response_opts) end |