class Aspera::Oauth
Implement OAuth 2 for the REST client and generate a bearer token call get_authorization
() to get a token. bearer tokens are kept in memory and also in a file cache for later re-use if a token is expired (api returns 4xx), call again get_authorization
({:refresh=>true})
Constants
- JWT_EXPIRY_OFFSET_SEC
one hour validity (TODO: configurable?)
- JWT_NOTBEFORE_OFFSET_SEC
remove 5 minutes to account for time offset (TODO: configurable?)
- PERSIST_CATEGORY_TOKEN
a prefix for persistency of tokens (garbage collect)
- TOKEN_CACHE_EXPIRY_SEC
tokens older than 30 minutes will be discarded from cache
Attributes
used to change parameter, such as scope
Public Class Methods
for supported parameters, look in the code for @params parameters are provided all with oauth_ prefix : :base_url :client_id :client_secret :redirect_uri :jwt_audience :jwt_private_key_obj :jwt_subject :path_authorize (default: 'authorize') :path_token (default: 'token') :scope (optional) :grant (one of returned by self.auth_types) :url_token :user_name :user_pass :token_type
# File lib/aspera/oauth.rb, line 67 def initialize(auth_params) Log.log.debug "auth=#{auth_params}" @params=auth_params.clone # default values # name of field to take as token from result of call to /token @params[:token_field]||='access_token' # default endpoint for /token @params[:path_token]||='token' # default endpoint for /authorize @params[:path_authorize]||='authorize' rest_params={:base_url => @params[:base_url]} if @params.has_key?(:client_id) rest_params.merge!({:auth => { :type => :basic, :username => @params[:client_id], :password => @params[:client_secret] }}) end @token_auth_api=Rest.new(rest_params) if @params.has_key?(:redirect_uri) uri=URI.parse(@params[:redirect_uri]) raise "redirect_uri scheme must be http" unless uri.scheme.start_with?('http') raise "redirect_uri must have a port" if uri.port.nil? # we could check that host is localhost or local address end # cleanup expired tokens self.class.persist_mgr.garbage_collect(PERSIST_CATEGORY_TOKEN,TOKEN_CACHE_EXPIRY_SEC) end
Private Class Methods
OAuth methods supported
# File lib/aspera/oauth.rb, line 26 def auth_types [ :body_userpass, :header_userpass, :web, :jwt, :url_token, :ibm_apikey ] end
# File lib/aspera/oauth.rb, line 39 def delete(x);nil;end
# File lib/aspera/oauth.rb, line 45 def flush_tokens persist_mgr.garbage_collect(PERSIST_CATEGORY_TOKEN,nil) end
# File lib/aspera/oauth.rb, line 39 def garbage_collect(x,y);nil;end
# File lib/aspera/oauth.rb, line 39 def get(x);nil;end
# File lib/aspera/oauth.rb, line 34 def persist_mgr if @persist.nil? Log.log.warn('Not using persistency (use Aspera::Oauth.persist_mgr=Aspera::PersistencyFolder.new)') # create NULL persistency class @persist=Class.new do def get(x);nil;end;def delete(x);nil;end;def put(x,y);nil;end;def garbage_collect(x,y);nil;end end.new end return @persist end
# File lib/aspera/oauth.rb, line 30 def persist_mgr=(manager) @persist=manager end
# File lib/aspera/oauth.rb, line 39 def put(x,y);nil;end
Public Instance Methods
Private Instance Methods
# File lib/aspera/oauth.rb, line 110 def create_token_advanced(rest_params) return @token_auth_api.call({ :operation => 'POST', :subpath => @params[:path_token], :headers => {'Accept'=>'application/json'}}.merge(rest_params)) end
shortcut for create_token_advanced
# File lib/aspera/oauth.rb, line 118 def create_token_www_body(creation_params) return create_token_advanced({:www_body_params=>creation_params}) end
open the login page, wait for code and check_code, then return code
# File lib/aspera/oauth.rb, line 97 def goto_page_and_get_code(login_page_url,check_code) Log.log.info("login_page_url=#{login_page_url}".bg_red.gray) # start a web server to receive request code webserver=WebAuth.new(@params[:redirect_uri]) # start browser on login page OpenApplication.instance.uri(login_page_url) # wait for code in request request_params=webserver.get_request Log.log.error("state does not match") if !check_code.eql?(request_params['state']) code=request_params['code'] return code end
@return Array list of unique identifiers of token
# File lib/aspera/oauth.rb, line 123 def token_cache_ids(api_scope) oauth_uri=URI.parse(@params[:base_url]) parts=[PERSIST_CATEGORY_TOKEN,oauth_uri.host.downcase.gsub(/[^a-z]+/,'_'),oauth_uri.path.downcase.gsub(/[^a-z]+/,'_'),@params[:grant]] parts.push(api_scope) unless api_scope.nil? parts.push(@params[:jwt_subject]) if @params.has_key?(:jwt_subject) parts.push(@params[:user_name]) if @params.has_key?(:user_name) parts.push(@params[:url_token]) if @params.has_key?(:url_token) parts.push(@params[:api_key]) if @params.has_key?(:api_key) return parts end