class OAuth2::Strategy::Assertion

The Client Assertion Strategy

@see tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.1.3

Sample usage:

client = OAuth2::Client.new(client_id, client_secret,
                            :site => 'http://localhost:8080')

params = {:hmac_secret => "some secret",
          # or :private_key => "private key string",
          :iss => "http://localhost:3001",
          :prn => "me@here.com",
          :exp => Time.now.utc.to_i + 3600}

access = client.assertion.get_token(params)
access.token                 # actual access_token string
access.get("/api/stuff")     # making api calls with access token in header

The Client Assertion Strategy

@see tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.1.3

Sample usage:

client = OAuth2::Client.new(client_id, client_secret,
                            :site => 'http://localhost:8080')

params = {:hmac_secret => "some secret",
          # or :private_key => "private key string",
          :iss => "http://localhost:3001",
          :prn => "me@here.com",
          :exp => Time.now.utc.to_i + 3600}

access = client.assertion.get_token(params)
access.token                 # actual access_token string
access.get("/api/stuff")     # making api calls with access token in header

Public Instance Methods

authorize_url() click to toggle source

Not used for this strategy

@raise [NotImplementedError]

# File lib/oauth2/strategy/assertion.rb, line 25
def authorize_url
  fail(NotImplementedError, "The authorization endpoint is not used in this strategy")
end
build_assertion(params) click to toggle source
# File lib/oauth2-cocoa/strategy/assertion.rb, line 22
def build_assertion(params)
  claims = {
    iss: params[:iss],
    aud: params[:aud],
    prn: params[:prn],
    exp: params[:exp]
  }
  if params[:hmac_secret]
    CocoaSecurity.hmacSha256(claims.to_s, hmacKey: params[:hmac_secret]).hex
  elsif params[:private_key]
    CocoaSecurity.hmacSha256(claims.to_s, hmacKey: params[:private_key]).hex
  end
end
build_request(params) click to toggle source
# File lib/oauth2/strategy/assertion.rb, line 48
def build_request(params)
  assertion = build_assertion(params)
  {
    grant_type:     "assertion",
    assertion_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
    assertion:      assertion,
    scope:          params[:scope]
  }.merge(client_params)
end
get_token(params = {}, opts = {}) click to toggle source

Retrieve an access token given the specified client.

@param [Hash] params assertion params pass either :hmac_secret or :private_key, but not both.

params :hmac_secret, secret string.
params :private_key, private key string.

params :iss, issuer
params :aud, audience, optional
params :prn, principal, current user
params :exp, expired at, in seconds, like Time.now.utc.to_i + 3600

@param [Hash] opts options

# File lib/oauth2/strategy/assertion.rb, line 43
def get_token(params = {}, opts = {})
  hash = build_request(params)
  @client.get_token(hash, opts.merge("refresh_token" => nil))
end