class OmniAuth::Strategies::Globalid

Constants

DEFAULT_SCOPE

Public Class Methods

parse_jwt(id_token) click to toggle source
# File lib/omniauth/strategies/globalid.rb, line 16
def self.parse_jwt(id_token)
  JWT.decode(id_token, nil, false).first
end

Public Instance Methods

authorize_params() click to toggle source
Calls superclass method
# File lib/omniauth/strategies/globalid.rb, line 25
def authorize_params
  auth_params = super # Get the OAuth2 omniauth params
  # Add the acrc_id if configured
  auth_params[:acrc_id] = options[:acrc_id] if options[:acrc_id]
  # If we are getting pii sharing, we need to have the openid scope
  if pii_sharing?
    auth_params[:scope] = "openid"
  end
  # If we are in the openid scope, we need a nonce
  if options[:scope]&.match?("openid")
    auth_params[:nonce] ||= SecureRandom.hex(24)
  end
  return auth_params unless acrc_id_in_request?
  auth_params.merge(acrc_id: request.params["acrc_id"] || request.params[:acrc_id])
end
callback_url() click to toggle source

github.com/omniauth/omniauth-oauth2/issues/81

# File lib/omniauth/strategies/globalid.rb, line 21
def callback_url
  full_host + script_name + callback_path
end
decrypted_pii() click to toggle source
# File lib/omniauth/strategies/globalid.rb, line 72
def decrypted_pii
  return {} unless openid_token.keys.any? && options[:decrypt_pii_on_login]
  @decrypted_pii ||= vault.decrypted_pii
end
openid_token() click to toggle source
# File lib/omniauth/strategies/globalid.rb, line 61
def openid_token
  return @openid_token if defined?(@openid_token)
  id_token = access_token["id_token"]
  if !id_token
    @openid_token = {}
  else
    @openid_token = self.class.parse_jwt(id_token)
  end
  @openid_token
end
raw_info() click to toggle source
# File lib/omniauth/strategies/globalid.rb, line 54
def raw_info
  return @raw_info if defined?(@raw_info)

  result = api_connection.get("/v1/identities/me")
  @raw_info = JSON.parse(result.body)
end

Private Instance Methods

acrc_id_in_request?() click to toggle source
# File lib/omniauth/strategies/globalid.rb, line 98
def acrc_id_in_request?
  request.params.key?("acrc_id") || request.params[:acrc_id]
end
acrc_id_provided?() click to toggle source
# File lib/omniauth/strategies/globalid.rb, line 102
def acrc_id_provided?
  options[:acrc_id] || acrc_id_in_request?
end
api_connection() click to toggle source
# File lib/omniauth/strategies/globalid.rb, line 79
def api_connection
  Faraday.new(url: "https://api.globalid.net") do |conn|
    conn.headers["Authorization"] = "Bearer #{access_token.token}"
    conn.headers["Content-Type"] = "application/json"
    conn.adapter Faraday.default_adapter
  end
end
location(raw_info) click to toggle source
# File lib/omniauth/strategies/globalid.rb, line 111
def location(raw_info)
  location = [
    raw_info["metro_name"],
    raw_info["state_name"],
    raw_info["country_code"],
  ].compact.map(&:strip).reject(&:empty?)

  return if location.empty?

  location.join(", ")
end
nickname(raw_info) click to toggle source
# File lib/omniauth/strategies/globalid.rb, line 123
def nickname(raw_info)
  return if raw_info["gid_name_moderation_status"] != "accepted"

  raw_info["gid_name"]
end
pii_sharing?() click to toggle source
# File lib/omniauth/strategies/globalid.rb, line 106
def pii_sharing?
  # TODO: make this actually check if we need PII sharing. For now, just assuming
  acrc_id_provided? && options.key?("private_key")
end
vault() click to toggle source
# File lib/omniauth/strategies/globalid.rb, line 87
def vault
  OmniAuth::Globalid::Vault.new(openid_token: openid_token,
                                token_url: options[:token_url],
                                client_id: options[:client_id],
                                client_secret: options[:client_secret],
                                acrc_id: options[:acrc_id],
                                redirect_uri: options[:redirect_uri],
                                private_key: options[:private_key],
                                private_key_pass: options[:private_key_pass])
end