class OAuth2::Strategy::Assertion
access.get(“/api/stuff”) # making api calls with access token in header
access.token # actual access_token string
access = client.assertion.get_token(claim_set, encoding)
}
:key => ‘secret_key’,
:algorithm => ‘HS256’,
encoding = {
}
:exp => Time.now.utc.to_i + 3600,
:sub => “me@example.com”,
:aud => “localhost:8080/oauth2/token”,
:iss => “localhost:3001”,
claim_set = {
:auth_scheme => :request_body)
:site => ‘localhost:8080’,
client = OAuth2::Client.new(client_id, client_secret,
Sample usage:
@see datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-10#section-4.1.3<br><br>The Client Assertion Strategy
def authorize_url
-
(NotImplementedError)-
def authorize_url raise(NotImplementedError, 'The authorization endpoint is not used in this strategy') end
def build_assertion(claims, encoding_opts)
def build_assertion(claims, encoding_opts) raise ArgumentError.new(message: 'Please provide an encoding_opts hash with :algorithm and :key') if !encoding_opts.is_a?(Hash) || (%i[algorithm key] - encoding_opts.keys).any? JWT.encode(claims, encoding_opts[:key], encoding_opts[:algorithm]) end
def build_request(assertion, request_opts = {})
def build_request(assertion, request_opts = {}) { grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer', assertion: assertion, }.merge(request_opts) end
def get_token(claims, encoding_opts, request_opts = {}, response_opts = {})
def get_token(claims, encoding_opts, request_opts = {}, response_opts = {}) assertion = build_assertion(claims, encoding_opts) params = build_request(assertion, request_opts) @client.get_token(params, response_opts) end