-
-
Notifications
You must be signed in to change notification settings - Fork 122
Client Obtain Token
Nov Matake edited this page Feb 21, 2018
·
4 revisions
openid_connect gem is based on rack-oauth2 gem. The way to obtain access tokens is basically following rack-oauth2 style.
Only differences between Rack::OAuth2::Client
and OpenIDConnect::Client
are
-
OpenIDConnect::Client#authorization_uri
automatically addsopenid
scope if it's not given -
OpenIDConnect::Client#access_token!
returnsOpenIDConnect::AccessToken
instance, instead ofRack::OAuth2::AccessToken::Bearer
Below is the sample of code flow. See Rack::OAuth2 wiki for other flows.
session[:state] = SecureRandom.hex(16)
session[:nonce] = SecureRandom.hex(16)
# Authorization Request
authorization_uri = client.authorization_uri(
scope: [:profile, :email],
state: session[:state],
nonce: session[:nonce]
)
`open "#{authorization_uri}"`
# Authorization Response
puts "# Authorization Code"
code = gets.strip
# Token Request
client.authorization_code = code
access_token = client.access_token! # => OpenIDConnect::AccessToken
id_token = OpenIDConnect::ResponseObject::IdToken.decode access_token.id_token, public_key # => OpenIDConnect::ResponseObject::IdToken
If your OAuth Server requires JWT bearer client assertion (a.k.a. private_key_jwt
) like iGov-complient IdPs, follow this gist.
https://gist.github.com/nov/98d26044e2f7c5b7d8fdba2b9bd101b4