class ADAL::TokenRequest

A request for a token that may be fulfilled by a cache or an OAuthRequest to a token endpoint.

Public Class Methods

new(authority, client, token_cache = NoopCache.new) click to toggle source

Constructs a TokenRequest.

@param [Authority] authority

The Authority providing authorization and token endpoints.

@param ClientCredential|ClientAssertion|ClientAssertionCertificate

Used to identify the client. Provides a request_parameters method
that yields the relevant client credential parameters.

@option [TokenCache] token_cache

The cache implementation to store tokens. A NoopCache that stores no
tokens will be used by default.
# File lib/adal/token_request.rb, line 66
def initialize(authority, client, token_cache = NoopCache.new)
  @authority = authority
  @cache_driver = CacheDriver.new(authority, client, token_cache)
  @client = client
  @token_cache = token_cache
end

Public Instance Methods

get_for_client(resource) click to toggle source

Gets a token based solely on the clients credentials that were used to initialize the token request.

@param String resource

The resource for which the requested access token will provide access.

@return TokenResponse

# File lib/adal/token_request.rb, line 82
def get_for_client(resource)
  logger.verbose("TokenRequest getting token for client for #{resource}.")
  request(GRANT_TYPE => GrantType::CLIENT_CREDENTIALS,
          RESOURCE => resource)
end
get_with_authorization_code(auth_code, redirect_uri, resource = nil) click to toggle source

Gets a token based on a previously acquired authentication code.

@param String auth_code

An authentication code that was previously acquired from an
authentication endpoint.

@param String redirect_uri

The redirect uri that was passed to the authentication endpoint when the
auth code was acquired.

@optional String resource

The resource for which the requested access token will provide access.

@return TokenResponse

# File lib/adal/token_request.rb, line 100
def get_with_authorization_code(auth_code, redirect_uri, resource = nil)
  logger.verbose('TokenRequest getting token with authorization code ' \
                 "#{auth_code}, redirect_uri #{redirect_uri} and " \
                 "resource #{resource}.")
  request(CODE => auth_code,
          GRANT_TYPE => GrantType::AUTHORIZATION_CODE,
          REDIRECT_URI => URI.parse(redirect_uri.to_s),
          RESOURCE => resource)
end
get_with_refresh_token(refresh_token, resource = nil) click to toggle source

Gets a token based on a previously acquired refresh token.

@param String refresh_token

The refresh token that was previously acquired from a token response.

@optional String resource

The resource for which the requested access token will provide access.

@return TokenResponse

# File lib/adal/token_request.rb, line 118
def get_with_refresh_token(refresh_token, resource = nil)
  logger.verbose('TokenRequest getting token with refresh token digest ' \
                 "#{Digest::SHA256.hexdigest refresh_token} and resource " \
                 "#{resource}.")
  request_no_cache(GRANT_TYPE => GrantType::REFRESH_TOKEN,
                   REFRESH_TOKEN => refresh_token,
                   RESOURCE => resource)
end
get_with_user_credential(user_cred, resource = nil) click to toggle source

Gets a token based on possessing the users credentials.

@param UserCredential|UserIdentifier user_cred

Something that can be used to verify the user. Typically a username
and password. If it is a UserIdentifier, only the cache will be checked.
If a matching token is not there, it will fail.

@optional String resource

The resource for which the requested access token will provide access.

@return TokenResponse

# File lib/adal/token_request.rb, line 137
def get_with_user_credential(user_cred, resource = nil)
  logger.verbose('TokenRequest getting token with user credential ' \
                 "#{user_cred} and resource #{resource}.")
  oauth = if user_cred.is_a? UserIdentifier
            lambda do
              fail UserCredentialError,
                   'UserIdentifier can only be used once there is a ' \
                   'matching token in the cache.'
            end
          end || -> {}
  request(user_cred.request_params.merge(RESOURCE => resource), &oauth)
end

Private Instance Methods

cache_response(token_response) click to toggle source

Helper method to chain OAuthRequest and cache operation.

@param TokenResponse

The token response to cache.

@return TokenResponse

# File lib/adal/token_request.rb, line 202
def cache_response(token_response)
  @cache_driver.add(token_response)
  token_response
end
check_cache(params) click to toggle source

Attempts to fulfill the request from @token_cache.

@return TokenResponse

If the cache contains a valid response it wil be returned as a
SuccessResponse. Otherwise returns nil.
# File lib/adal/token_request.rb, line 213
def check_cache(params)
  logger.verbose("TokenRequest checking cache #{@token_cache} for token.")
  result = @cache_driver.find(params)
  logger.info("#{result ? 'Found' : 'Did not find'} token in cache.")
  result
end
client_params() click to toggle source

The OAuth parameters that are specific to the client for which tokens will be requested.

@return Hash

# File lib/adal/token_request.rb, line 157
def client_params
  @client.request_params
end
oauth_request(params) click to toggle source

Constructs an OAuthRequest from the TokenRequest instance.

@param Hash params

The OAuth parameters specific to the TokenRequest instance.

@return OAuthRequest

# File lib/adal/token_request.rb, line 226
def oauth_request(params)
  logger.verbose('Resorting to OAuth to fulfill token request.')
  OAuthRequest.new(@authority.token_endpoint, params)
end
request(params, &block) click to toggle source

Attempts to fulfill a token request, first via the token cache and then through OAuth.

@param Hash params

Any additional request parameters that should be used.

@return TokenResponse

# File lib/adal/token_request.rb, line 168
def request(params, &block)
  cached_token = check_cache(request_params(params))
  return cached_token if cached_token
  cache_response(request_no_cache(request_params(params), &block))
end
request_no_cache(params) { || ... } click to toggle source

Executes an OAuth request based on the params and returns it.

@param Hash params

Any additional request parameters that should be used.

@return TokenResponse

# File lib/adal/token_request.rb, line 180
def request_no_cache(params)
  yield if block_given?
  oauth_request(request_params(params)).execute
end
request_params(additional_params) click to toggle source

Adds client params to additional params. If there is a conflict, the value from additional_params is used. It can be called multiple times, because request_params(request_params(x)) == request_params(x).

@param Hash @return Hash

# File lib/adal/token_request.rb, line 192
def request_params(additional_params)
  client_params.merge(additional_params).select { |_, v| !v.nil? }
end