module GDS::SSO::BearerToken
Public Class Methods
Source
# File lib/gds-sso/bearer_token.rb, line 8 def self.locate(token_string) user_details = GDS::SSO::Config.cache.fetch(["api-user-cache", token_string], expires_in: 5.minutes) do access_token = OAuth2::AccessToken.new(oauth_client, token_string) response_body = access_token.get("/user.json?client_id=#{CGI.escape(GDS::SSO::Config.oauth_id)}").body omniauth_style_response(response_body) end GDS::SSO::Config.user_klass.find_for_gds_oauth(user_details) rescue OAuth2::Error nil end
Source
# File lib/gds-sso/bearer_token.rb, line 20 def self.oauth_client @oauth_client ||= OAuth2::Client.new( GDS::SSO::Config.oauth_id, GDS::SSO::Config.oauth_secret, site: GDS::SSO::Config.oauth_root_url, connection_opts: { headers: { user_agent: "gds-sso/#{GDS::SSO::VERSION} (#{ENV['GOVUK_APP_NAME']})", }, }.merge(GDS::SSO::Config.connection_opts), ) end
Source
# File lib/gds-sso/bearer_token.rb, line 37 def self.omniauth_style_response(response_body) input = JSON.parse(response_body).fetch("user") { "uid" => input["uid"], "info" => { "email" => input["email"], "name" => input["name"], }, "extra" => { "user" => { "permissions" => input["permissions"], "organisation_slug" => input["organisation_slug"], "organisation_content_id" => input["organisation_content_id"], }, }, } end
Our User
code assumes we’re getting our user data back via omniauth and so receiving it in omniauth’s preferred structure. Here we’re addressing signon directly so we need to transform the response ourselves.