lib/rodauth/features/oauth_assertion_base.rb in rodauth-oauth-0.10.4 vs lib/rodauth/features/oauth_assertion_base.rb in rodauth-oauth-1.0.0.pre.beta1
- old
+ new
@@ -1,13 +1,11 @@
# frozen_string_literal: true
-require "rodauth/oauth/refinements"
+require "rodauth/oauth"
module Rodauth
Feature.define(:oauth_assertion_base, :OauthAssertionBase) do
- using PrefixExtensions
-
depends :oauth_base
auth_value_methods(
:assertion_grant_type?,
:client_assertion_type?,
@@ -15,11 +13,11 @@
:client_assertion_type
)
private
- def validate_oauth_token_params
+ def validate_token_params
return super unless assertion_grant_type?
redirect_response_error("invalid_grant") unless param_or_nil("assertion")
end
@@ -27,24 +25,21 @@
if assertion_grant_type?
@oauth_application = __send__(:"require_oauth_application_from_#{assertion_grant_type}_assertion_issuer", param("assertion"))
elsif client_assertion_type?
@oauth_application = __send__(:"require_oauth_application_from_#{client_assertion_type}_assertion_subject",
param("client_assertion"))
+
+ if (client_id = param_or_nil("client_id")) &&
+ client_id != @oauth_application[oauth_applications_client_id_column]
+ # If present, the value of the
+ # "client_id" parameter MUST identify the same client as is
+ # identified by the client assertion.
+ redirect_response_error("invalid_grant")
+ end
else
- return super
+ super
end
-
- redirect_response_error("invalid_grant") unless @oauth_application
-
- if client_assertion_type? &&
- (client_id = param_or_nil("client_id")) &&
- client_id != @oauth_application[oauth_applications_client_id_column]
- # If present, the value of the
- # "client_id" parameter MUST identify the same client as is
- # identified by the client assertion.
- redirect_response_error("invalid_grant")
- end
end
def account_from_bearer_assertion_subject(subject)
__insert_or_do_nothing_and_return__(
db[accounts_table],
@@ -52,30 +47,31 @@
[login_column],
login_column => subject
)
end
- def create_oauth_token(grant_type)
+ def create_token(grant_type)
return super unless assertion_grant_type?(grant_type) && supported_grant_type?(grant_type)
account = __send__(:"account_from_#{assertion_grant_type}_assertion", param("assertion"))
redirect_response_error("invalid_grant") unless account
grant_scopes = if param_or_nil("scope")
- redirect_response_error("invalid_grant") unless check_valid_scopes?
+ redirect_response_error("invalid_scope") unless check_valid_scopes?
scopes
else
@oauth_application[oauth_applications_scopes_column]
end
- create_params = {
- oauth_tokens_account_id_column => account[account_id_column],
- oauth_tokens_oauth_application_id_column => @oauth_application[oauth_applications_id_column],
- oauth_tokens_scopes_column => grant_scopes
+ grant_params = {
+ oauth_grants_type_column => grant_type,
+ oauth_grants_account_id_column => account[account_id_column],
+ oauth_grants_oauth_application_id_column => @oauth_application[oauth_applications_id_column],
+ oauth_grants_scopes_column => grant_scopes
}
- generate_oauth_token(create_params, false)
+ generate_token(grant_params, false)
end
def assertion_grant_type?(grant_type = param("grant_type"))
grant_type.start_with?("urn:ietf:params:oauth:grant-type:")
end