class ADAL::UserCredential

A convenience class for username and password credentials.

Attributes

password[R]
username[R]

Public Class Methods

new( username, password, authority_host = Authority::WORLD_WIDE_AUTHORITY) click to toggle source

Constructs a new UserCredential.

@param String username @param String password @optional String authority_host

The host name of the authority to verify the user against.
# File lib/adal/user_credential.rb, line 63
def initialize(
  username, password, authority_host = Authority::WORLD_WIDE_AUTHORITY)
  @username = username
  @password = password
  @authority_host = authority_host
  @discovery_path = "/common/userrealm/#{URI.escape @username}"
end

Public Instance Methods

account_type() click to toggle source

Determines the account type based on a Home Realm Discovery request.

@return UserCredential::AccountType

# File lib/adal/user_credential.rb, line 75
def account_type
  realm_discovery_response['account_type']
end
request_params() click to toggle source

The OAuth parameters that respresent this UserCredential.

@return Hash

# File lib/adal/user_credential.rb, line 83
def request_params
  case account_type
  when AccountType::MANAGED
    managed_request_params
  when AccountType::FEDERATED
    federated_request_params
  else
    fail UnsupportedAccountTypeError, account_type
  end
end
to_s() click to toggle source

:nocov:

# File lib/adal/user_credential.rb, line 95
def to_s
  "UserCredential[Username: #{@username}, AccountType: #{account_type}]"
end

Private Instance Methods

federated_request_params() click to toggle source

@return Hash

# File lib/adal/user_credential.rb, line 119
def federated_request_params
  logger.verbose("Getting OAuth parameters for Federated #{@username}.")
  wstrust_response = wstrust_request.execute(@username, @password)
  { assertion: Base64.encode64(wstrust_response.token).strip,
    grant_type: wstrust_response.grant_type,
    scope: :openid }
end
federation_metadata_url() click to toggle source

@return URI

# File lib/adal/user_credential.rb, line 128
def federation_metadata_url
  URI.parse(realm_discovery_response['federation_metadata_url'])
end
managed_request_params() click to toggle source

@return Hash

# File lib/adal/user_credential.rb, line 133
def managed_request_params
  logger.verbose("Getting OAuth parameters for Managed #{@username}.")
  { username: @username,
    password: @password,
    grant_type: TokenRequest::GrantType::PASSWORD,
    scope: :openid }
end
mex_response() click to toggle source

@return MexResponse

# File lib/adal/user_credential.rb, line 142
def mex_response
  @mex_response ||= MexRequest.new(federation_metadata_url).execute
end
realm_discovery_response() click to toggle source

Memoized response from the discovery endpoint. Since a UserCredential is read only, this should only ever need to be called once. @return Hash

# File lib/adal/user_credential.rb, line 105
def realm_discovery_response
  @realm_discovery_response ||=
    JSON.parse(Net::HTTP.get(realm_discovery_uri))
end
realm_discovery_uri() click to toggle source

@return URI

# File lib/adal/user_credential.rb, line 111
def realm_discovery_uri
  URI::HTTPS.build(
    host: @authority_host,
    path: @discovery_path,
    query: URI.encode_www_form('api-version' => '1.0'))
end
wstrust_request() click to toggle source

@return WSTrustRequest

# File lib/adal/user_credential.rb, line 147
def wstrust_request
  @wstrust_request ||=
    WSTrustRequest.new(mex_response.wstrust_url, mex_response.action)
end