module GDS::SSO::BearerToken

Public Class Methods

locate(token_string) click to toggle source
# File lib/gds-sso/bearer_token.rb, line 8
def self.locate(token_string)
  user_details = GDS::SSO::Config.cache.fetch(["api-user-cache", token_string], expires_in: 5.minutes) do
    access_token = OAuth2::AccessToken.new(oauth_client, token_string)
    response_body = access_token.get("/user.json?client_id=#{CGI.escape(GDS::SSO::Config.oauth_id)}").body
    omniauth_style_response(response_body)
  end

  GDS::SSO::Config.user_klass.find_for_gds_oauth(user_details)
rescue OAuth2::Error
  nil
end
oauth_client() click to toggle source
# File lib/gds-sso/bearer_token.rb, line 20
def self.oauth_client
  @oauth_client ||= OAuth2::Client.new(
    GDS::SSO::Config.oauth_id,
    GDS::SSO::Config.oauth_secret,
    site: GDS::SSO::Config.oauth_root_url,
    connection_opts: {
      headers: {
        user_agent: "gds-sso/#{GDS::SSO::VERSION} (#{ENV['GOVUK_APP_NAME']})",
      },
    }.merge(GDS::SSO::Config.connection_opts),
  )
end
omniauth_style_response(response_body) click to toggle source

Our User code assumes we’re getting our user data back via omniauth and so receiving it in omniauth’s preferred structure. Here we’re addressing signon directly so we need to transform the response ourselves.

# File lib/gds-sso/bearer_token.rb, line 37
def self.omniauth_style_response(response_body)
  input = JSON.parse(response_body).fetch("user")

  {
    "uid" => input["uid"],
    "info" => {
      "email" => input["email"],
      "name" => input["name"],
    },
    "extra" => {
      "user" => {
        "permissions" => input["permissions"],
        "organisation_slug" => input["organisation_slug"],
        "organisation_content_id" => input["organisation_content_id"],
      },
    },
  }
end