Class: Auth::ClientCredentials::Service

Inherits:
Common::Client::Base show all
Defined in:
lib/lighthouse/auth/client_credentials/service.rb

Instance Method Summary collapse

Methods inherited from Common::Client::Base

#config, configuration, #connection, #delete, #get, #perform, #post, #put, #raise_backend_exception, #raise_not_authenticated, #request, #sanitize_headers!, #service_name

Methods included from SentryLogging

#log_exception_to_sentry, #log_message_to_sentry, #non_nil_hash?, #normalize_level, #rails_logger, #set_sentry_metadata

Constructor Details

#initialize(token_url, api_scopes, client_id, aud_claim_url, rsa_key, service_name = nil) ⇒ Service

rubocop:disable Metrics/ParameterLists

Parameters:

  • token_url (String)

    • URL of the token endpoint

  • api_scopes (Array)

    • List of requested API scopes

  • client_id (String)

    • ID used to identify the application

  • aud_claim_url (String)

    • The claim URL used as the ‘aud’ portion of the JWT

  • rsa_key (String)

    • RSA key used to encode the authentication JWT

  • service_name (String) (defaults to: nil)

    • name to use when caching access token in Redis (Optional)



22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/lighthouse/auth/client_credentials/service.rb', line 22

def initialize(token_url, api_scopes, client_id, aud_claim_url, rsa_key, service_name = nil)
  @url = token_url
  @scopes = api_scopes
  @client_id = client_id
  @aud = aud_claim_url
  @rsa_key = rsa_key
  @service_name = service_name

  @tracker = AccessTokenTracker
  super()
end

Instance Method Details

#build_assertionString (private)

Returns new JWT token.

Returns:

  • (String)

    new JWT token



79
80
81
 
# File 'lib/lighthouse/auth/client_credentials/service.rb', line 79

def build_assertion
  Auth::ClientCredentials::JWTGenerator.generate_token(@client_id, @aud, @rsa_key)
end

#build_request_body(assertion, scopes, auth_params = {}) ⇒ Hash (private)

Returns body of request to get access token.

Returns:

  • (Hash)

    body of request to get access token



86
87
88
89
90
91
92
93
94
 
# File 'lib/lighthouse/auth/client_credentials/service.rb', line 86

def build_request_body(assertion, scopes, auth_params = {})
  auth_params = {} if auth_params.nil?
  {
    grant_type: 'client_credentials',
    client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
    client_assertion: assertion,
    scope: scopes.join(' ')
  }.merge(auth_params)
end

#get_new_token(auth_params = {}) ⇒ Object (private) 



66
67
68
69
70
 
# File 'lib/lighthouse/auth/client_credentials/service.rb', line 66

def get_new_token(auth_params = {})
  assertion = build_assertion
  request_body = build_request_body(assertion, @scopes, auth_params)
  config.get_access_token(@url, request_body)
end

#get_token(auth_params = {}) ⇒ String

Request an access token

Returns:

  • (String)

    the access token needed to make requests



40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/lighthouse/auth/client_credentials/service.rb', line 40

def get_token(auth_params = {})
  if @service_name.nil?
    res = get_new_token(auth_params)
    return res.body['access_token']
  end

  access_token = @tracker.get_access_token(@service_name)

  if access_token.nil?
    uuid = SecureRandom.uuid
    log_info(message: 'Access token expired. Fetching new token', service_name: @service_name, uuid:)

    res = get_new_token(auth_params)
    access_token = res.body['access_token']
    ttl = res.body['expires_in']
    @tracker.set_access_token(@service_name, access_token, ttl)

    log_info(message: "New access token deposited in Redis store with TTL: #{ttl}",
             service_name: @service_name, uuid:)
  end

  access_token
end

#log_info(message:, service_name:, uuid:) ⇒ Object (private) 



72
73
74
 
# File 'lib/lighthouse/auth/client_credentials/service.rb', line 72

def log_info(message:, service_name:, uuid:)
  ::Rails.logger.info({ message_type: 'Lighthouse CCG access token', message:, service_name:, uuid: })
end