class OAuth2::Authenticator
Attributes
Public Class Methods
Source
# File lib/oauth2/authenticator.rb 42 def self.encode_basic_auth(user, password) 43 "Basic #{Base64.strict_encode64("#{user}:#{password}")}" 44 end
Source
# File lib/oauth2/authenticator.rb 12 def initialize(id, secret, mode) 13 @id = id 14 @secret = secret 15 @mode = mode 16 end
Public Instance Methods
Source
# File lib/oauth2/authenticator.rb 27 def apply(params) 28 case mode.to_sym 29 when :basic_auth 30 apply_basic_auth(params) 31 when :request_body 32 apply_params_auth(params) 33 when :tls_client_auth 34 apply_client_id(params) 35 when :private_key_jwt 36 params 37 else 38 raise NotImplementedError 39 end 40 end
Apply the request credentials used to authenticate to the Authorization Server
Depending on the configuration, this might be as request params or as an Authorization header.
User-provided params and header take precedence.
@param [Hash] params a Hash of params for the token endpoint @return [Hash] params amended with appropriate authentication details
Private Instance Methods
Source
# File lib/oauth2/authenticator.rb 67 def apply_basic_auth(params) 68 headers = params.fetch(:headers, {}) 69 headers = basic_auth_header.merge(headers) 70 params.merge(headers: headers) 71 end
Adds an ‘Authorization` header with Basic Auth credentials if and only if it is not already set in the params.
Source
# File lib/oauth2/authenticator.rb 59 def apply_client_id(params) 60 result = {} 61 result["client_id"] = id unless id.nil? 62 result.merge(params) 63 end
When using schemes that don’t require the client_secret to be passed i.e TLS Client
Auth, we don’t want to send the secret
Source
# File lib/oauth2/authenticator.rb 50 def apply_params_auth(params) 51 result = {} 52 result["client_id"] = id unless id.nil? 53 result["client_secret"] = secret unless secret.nil? 54 result.merge(params) 55 end
Adds client_id and client_secret request parameters if they are not already set.
Source
# File lib/oauth2/authenticator.rb 74 def basic_auth_header 75 {"Authorization" => self.class.encode_basic_auth(id, secret)} 76 end