Sha256: 9702973fd41c5ab17dde9a48250f18c245b07916c5ed21d860e7b8a255c3d895
Contents?: true
Size: 1.87 KB
Versions: 3
Compression:
Stored size: 1.87 KB
Contents
# frozen_string_literal: true
require 'rack/oauth2'
module Osso
class Oauth < Sinatra::Base
include AppConfig
# Send your users here in order to being an authentication
# flow. This flow follows the authorization grant oauth
# spec with one exception - you must also pass the domain
# of the user who wants to sign in.
get '/authorize' do
@enterprise = Models::EnterpriseAccount.
includes(:saml_providers).
find_by!(domain: params[:domain])
Rack::OAuth2::Server::Authorize.new do |req, _res|
client = Models::OauthClient.find_by!(identifier: req.client_id)
req.verify_redirect_uri!(client.redirect_uri_values)
end.call(env)
if @enterprise.single_provider?
session[:oauth_state] = params[:state]
redirect "/auth/saml/#{@enterprise.provider.id}"
end
# TODO: multiple provider support
# erb :multiple_providers
rescue Rack::OAuth2::Server::Authorize::BadRequest => e
@error = e
return erb :error
end
# Exchange an authorization code token for an access token.
# In addition to the token, you must include all paramaters
# required by Oauth spec: redirect_uri, client ID, and client secret
post '/token' do
Rack::OAuth2::Server::Token.new do |req, res|
code = Models::AuthorizationCode.
find_by_token!(params[:code])
client = Models::OauthClient.find_by!(identifier: req.client_id)
req.invalid_client! if client.secret != req.client_secret
req.invalid_grant! if code.redirect_uri != req.redirect_uri
res.access_token = code.access_token.to_bearer_token
end.call(env)
end
# Use the access token to request a user profile
get '/me' do
json Models::AccessToken.
includes(:user).
valid.
find_by_token!(params[:access_token]).
user
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| osso-0.0.3.4 | lib/osso/routes/oauth.rb |
| osso-0.0.3.2 | lib/osso/routes/oauth.rb |
| osso-0.0.3.1 | lib/osso/routes/oauth.rb |