class GdsApi::AccountApi

@api documented
@see github.com/alphagov/account-api<br><br>Adapter for the Account API

def auth_headers(govuk_account_session) 

def auth_headers(govuk_account_session)
  { AUTH_HEADER_NAME => govuk_account_session }.compact
end

def delete_user_by_subject_identifier(subject_identifier:)

Parameters:
  • subject_identifier (String) -- The identifier of the user, shared between the auth service and GOV.UK. 
def delete_user_by_subject_identifier(subject_identifier:)
  delete_json("#{endpoint}/api/oidc-users/#{subject_identifier}")
end

def get_attributes(attributes:, govuk_account_session:)

Returns:
  • (Hash) - The attribute values (if present), and a new session header

Parameters:
  • govuk_account_session (String) -- Value of the session header
  • attributes (String) -- Names of the attributes to check 
def get_attributes(attributes:, govuk_account_session:)
  querystring = nested_query_string({ attributes: }.compact)
  get_json("#{endpoint}/api/attributes?#{querystring}", auth_headers(govuk_account_session))
end

def get_end_session_url(govuk_account_session: nil)

Returns:
  • (Hash) - An end-session URL

Parameters:
  • govuk_account_session (String, nil) -- Value of the session header 
def get_end_session_url(govuk_account_session: nil)
  get_json("#{endpoint}/api/oauth2/end-session", auth_headers(govuk_account_session))
end

def get_sign_in_url(redirect_path: nil, mfa: false)

Returns:
  • (Hash) - An authentication URL and the OAuth state parameter (for CSRF protection)

Parameters:
  • mfa (Boolean, nil) -- whether to authenticate the user with MFA or not
  • redirect_path (String, nil) -- path on GOV.UK to send the user to after authentication 
def get_sign_in_url(redirect_path: nil, mfa: false)
  querystring = nested_query_string(
    {
      redirect_path:,
      mfa:,
    }.compact,
  )
  get_json("#{endpoint}/api/oauth2/sign-in?#{querystring}")
end

def get_user(govuk_account_session:)

Returns:
  • (Hash) - Information about the user and the services they've used, and a new session header

Parameters:
  • govuk_account_session (String) -- Value of the session header 
def get_user(govuk_account_session:)
  get_json("#{endpoint}/api/user", auth_headers(govuk_account_session))
end

def match_user_by_email(email:, govuk_account_session: nil)

Returns:
  • (Hash) - One field, "match", indicating whether the session matches the given email address

Parameters:
  • govuk_account_session (String, nil) -- Value of the session header, if not given just checks if the given email address exists.
  • email (String) -- The email address to search for 
def match_user_by_email(email:, govuk_account_session: nil)
  querystring = nested_query_string({ email: })
  get_json("#{endpoint}/api/user/match-by-email?#{querystring}", auth_headers(govuk_account_session))
end

def nested_query_string(params) 

def nested_query_string(params)
  Rack::Utils.build_nested_query(params)
end

def set_attributes(attributes:, govuk_account_session:)

Returns:
  • (Hash) - A new session header

Parameters:
  • govuk_account_session (String) -- Value of the session header
  • attributes (String) -- Hash of new attribute values 
def set_attributes(attributes:, govuk_account_session:)
  patch_json("#{endpoint}/api/attributes", { attributes: }, auth_headers(govuk_account_session))
end

def update_user_by_subject_identifier(subject_identifier:, email: nil, email_verified: nil)

Returns:
  • (Hash) - The user's subject identifier and email attributes

Parameters:
  • email_verified (Boolean, nil) -- Whether the user's current email address is verified
  • email (String, nil) -- The user's current email address
  • subject_identifier (String) -- The identifier of the user, shared between the auth service and GOV.UK. 
def update_user_by_subject_identifier(subject_identifier:, email: nil, email_verified: nil)
  params = {
    email:,
    email_verified:,
  }.compact
  patch_json("#{endpoint}/api/oidc-users/#{subject_identifier}", params)
end

def validate_auth_response(code:, state:)

Returns:
  • (Hash) - The value for the govuk_account_session header, the path to redirect the user to, and the GA client ID (if there is one)

Parameters:
  • state (String) -- The OAuth state parameter, from the auth server.
  • code (String) -- The OAuth code parameter, from the auth server. 
def validate_auth_response(code:, state:)
  post_json("#{endpoint}/api/oauth2/callback", code:, state:)
end