class WmOktaHelper::AuthenticateApiRequest

Attributes

okta_client_id[RW]
okta_domain[RW]
okta_org[RW]
request[RW]

Public Class Methods

new(options) click to toggle source
# File lib/wm_okta_helper/authenticate_api_request.rb, line 9
def initialize(options)
  @request = options[:request]
  @token = nil
  @okta_org = options[:okta_org]
  @okta_domain = options[:okta_domain]
  @okta_client_id = options[:okta_client_id]
  @ignore_validations = options[:ignore_validations] || false
end

Public Instance Methods

call() click to toggle source
# File lib/wm_okta_helper/authenticate_api_request.rb, line 18
def call
  authenticate_request
end

Private Instance Methods

authenticate_request() click to toggle source
# File lib/wm_okta_helper/authenticate_api_request.rb, line 34
def authenticate_request
  @token if token_valid?
end
cache_key() click to toggle source
# File lib/wm_okta_helper/authenticate_api_request.rb, line 26
def cache_key
  'OKTA_PUBLIC_KEYS'
end
client_id() click to toggle source
# File lib/wm_okta_helper/authenticate_api_request.rb, line 38
def client_id
  okta_client_id
end
dirty_kid() click to toggle source
# File lib/wm_okta_helper/authenticate_api_request.rb, line 42
def dirty_kid
  dirty_token.last['kid']
end
dirty_token() click to toggle source
# File lib/wm_okta_helper/authenticate_api_request.rb, line 46
def dirty_token
  JWT.decode(request_token, nil, false)
end
okta_keys() click to toggle source
# File lib/wm_okta_helper/authenticate_api_request.rb, line 50
def okta_keys
  Rails.cache.fetch(cache_key, expires_in: 1.month) do
    Rails.logger.info('Okta keys cache miss')
    okta_keys = {}
    uri = URI("#{site}/oauth2/v1/keys")
    data = Net::HTTP.get(uri)
    keys = JSON.parse(data)
    keys['keys'].each { |k| okta_keys[k['kid']] = k.except('alg') }
    okta_keys
  end
end
parse_token() click to toggle source
# File lib/wm_okta_helper/authenticate_api_request.rb, line 62
def parse_token
  JSON::JWT.decode request_token, public_key
rescue JWT::ExpiredSignature => e
  if @ignore_validations
    JSON::JWT.decode request_token, :skip_verification
  else
    raise e
  end
rescue StandardError
  JSON::JWT.decode request_token, public_key(true)
end
public_key(clear_cache = false) click to toggle source
# File lib/wm_okta_helper/authenticate_api_request.rb, line 74
def public_key(clear_cache = false)
  Rails.cache.delete(cache_key) if clear_cache
  JSON::JWK.new(okta_keys[dirty_kid])
end
request_token() click to toggle source
# File lib/wm_okta_helper/authenticate_api_request.rb, line 79
def request_token
  @request.headers['Authorization']
end
site() click to toggle source
# File lib/wm_okta_helper/authenticate_api_request.rb, line 30
def site
  "https://#{okta_org}.#{okta_domain}.com"
end
token_valid?() click to toggle source
# File lib/wm_okta_helper/authenticate_api_request.rb, line 83
def token_valid?
  @token = parse_token
  @ignore_validations || (
    @token['iss'] == site &&
    @token['aud'] == client_id &&
    @token['exp'].to_i >= Time.now.utc.to_i
  )
end