module GDS::SSO::BearerToken
Public Class Methods
locate(token_string)
click to toggle source
# File lib/gds-sso/bearer_token.rb, line 8 def self.locate(token_string) user_details = GDS::SSO::Config.cache.fetch(["api-user-cache", token_string], expires_in: 5.minutes) do access_token = OAuth2::AccessToken.new(oauth_client, token_string) response_body = access_token.get("/user.json?client_id=#{CGI.escape(GDS::SSO::Config.oauth_id)}").body omniauth_style_response(response_body) end GDS::SSO::Config.user_klass.find_for_gds_oauth(user_details) rescue OAuth2::Error nil end
oauth_client()
click to toggle source
# File lib/gds-sso/bearer_token.rb, line 20 def self.oauth_client @oauth_client ||= OAuth2::Client.new( GDS::SSO::Config.oauth_id, GDS::SSO::Config.oauth_secret, site: GDS::SSO::Config.oauth_root_url, connection_opts: { headers: { user_agent: "gds-sso/#{GDS::SSO::VERSION} (#{ENV['GOVUK_APP_NAME']})", }, }.merge(GDS::SSO::Config.connection_opts), ) end
omniauth_style_response(response_body)
click to toggle source
Our User
code assumes we’re getting our user data back via omniauth and so receiving it in omniauth’s preferred structure. Here we’re addressing signon directly so we need to transform the response ourselves.
# File lib/gds-sso/bearer_token.rb, line 37 def self.omniauth_style_response(response_body) input = JSON.parse(response_body).fetch("user") { "uid" => input["uid"], "info" => { "email" => input["email"], "name" => input["name"], }, "extra" => { "user" => { "permissions" => input["permissions"], "organisation_slug" => input["organisation_slug"], "organisation_content_id" => input["organisation_content_id"], }, }, } end