module Riddl::Utils::OAuth2::Helper

Public Class Methods

access_payload(client_id, dur) click to toggle source
# File lib/ruby/riddl/utils/oauth2-helper.rb, line 132
def self::access_payload(client_id, dur) #{{{
  {
    :iss => client_id,
    :sub => nonce,
    :aud => client_id,
    :exp => Time.now.to_i + dur
  }.to_json
end
decrypt_with_shared_secret(data, secret) click to toggle source
# File lib/ruby/riddl/utils/oauth2-helper.rb, line 174
def self::decrypt_with_shared_secret(data, secret) #{{{
  # extract initialization vector from encrypted data for further shenanigans
  iv, encr = data[0...16], data[16..-1]

  decipher = OpenSSL::Cipher::Cipher.new 'aes-256-cbc'
  decipher.decrypt

  decipher.key = Digest::SHA256.hexdigest(secret)[0...32]
  decipher.iv = iv

  decipher.update(encr) + decipher.final rescue nil
end
encrypt_with_shared_secret(data, secret) click to toggle source
# File lib/ruby/riddl/utils/oauth2-helper.rb, line 186
def self::encrypt_with_shared_secret(data, secret) #{{{
  cipher = OpenSSL::Cipher::Cipher.new 'aes-256-cbc'
  cipher.encrypt

  key = Digest::SHA256.hexdigest secret
  iv = cipher.random_iv
  cipher.key = key
  cipher.iv = iv

  Base64::urlsafe_encode64(iv + cipher.update(data) + cipher.final) rescue nil
end
generate_access_token(client_id, secret, dur) click to toggle source
# File lib/ruby/riddl/utils/oauth2-helper.rb, line 157
def self::generate_access_token(client_id, secret, dur)# {{{
  h = Base64::urlsafe_encode64 header
  p = Base64::urlsafe_encode64 access_payload(client_id,dur)
  s = sign(secret, "#{h}.#{p}")
  "#{h}.#{p}.#{s}"
end
generate_optimistic_token(client_id, secret, adur, rdur) click to toggle source
# File lib/ruby/riddl/utils/oauth2-helper.rb, line 168
def self::generate_optimistic_token(client_id, secret, adur, rdur) #{{{
  t = generate_access_token(client_id, secret, adur)
  r = generate_refresh_token(client_id, secret, rdur)
  [t, r]
end
generate_refresh_token(client_id, secret, dur) click to toggle source
# File lib/ruby/riddl/utils/oauth2-helper.rb, line 163
def self::generate_refresh_token(client_id, secret, dur) # {{{
  p = Base64::urlsafe_encode64 refresh_payload(client_id,dur)
  s = sign(secret, p)
  "#{p}.#{s}"
end
header() click to toggle source
# File lib/ruby/riddl/utils/oauth2-helper.rb, line 125
def self::header #{{{
  {
    :alg => 'HS256',
    :typ => 'JWT'
  }.to_json
end
nonce() click to toggle source
# File lib/ruby/riddl/utils/oauth2-helper.rb, line 149
def self::nonce #{{{
  SecureRandom::hex(32)
end
refresh_payload(client_id, dur) click to toggle source
# File lib/ruby/riddl/utils/oauth2-helper.rb, line 141
def self::refresh_payload(client_id, dur) #{{{
  {
    :iss => client_id,
    :sub => nonce,
    :exp => Time.now.to_i + dur
  }.to_json
end
sign(secret, what) click to toggle source
# File lib/ruby/riddl/utils/oauth2-helper.rb, line 153
def self::sign(secret, what) #{{{
  Base64::urlsafe_encode64 OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), secret, what)
end