class Signet::OAuth2::Client
Signet::OAuth2::Client
creates an OAuth2
client
This reopens Client
to add apply
and apply!
methods which update a hash with the fetched authentication token.
Attributes
Set the universe domain
Public Instance Methods
Source
# File lib/googleauth/signet.rb, line 102 def build_default_connection if !defined?(@connection_info) nil elsif @connection_info.respond_to? :call @connection_info.call else @connection_info end end
Source
# File lib/googleauth/signet.rb, line 57 def configure_connection options @connection_info = options[:connection_builder] || options[:default_connection] self end
Source
# File lib/googleauth/signet.rb, line 142 def duplicate options = {} options = deep_hash_normalize options opts = { authorization_uri: @authorization_uri, token_credential_uri: @token_credential_uri, client_id: @client_id, client_secret: @client_secret, scope: @scope, target_audience: @target_audience, redirect_uri: @redirect_uri, username: @username, password: @password, issuer: @issuer, person: @person, sub: @sub, audience: @audience, signing_key: @signing_key, extension_parameters: @extension_parameters, additional_parameters: @additional_parameters, access_type: @access_type, universe_domain: @universe_domain, logger: @logger }.merge(options) new_client = self.class.new opts new_client.configure_connection options end
Creates a duplicate of these credentials without the Signet::OAuth2::Client
-specific transient state (e.g. cached tokens)
@param options [Hash] Overrides for the credentials parameters. @see Signet::OAuth2::Client#update!
Source
# File lib/googleauth/signet.rb, line 72 def fetch_access_token! options = {} unless options[:connection] connection = build_default_connection options = options.merge connection: connection if connection end info = retry_with_error do orig_fetch_access_token! options end notify_refresh_listeners info end
Also aliased as: orig_fetch_access_token!
Source
# File lib/googleauth/signet.rb, line 85 def generate_access_token_request options = {} parameters = googleauth_orig_generate_access_token_request options logger&.info do Google::Logging::Message.from( message: "Requesting access token from #{parameters['grant_type']}", "credentialsId" => object_id ) end logger&.debug do Google::Logging::Message.from( message: "Token fetch params: #{parameters}", "credentialsId" => object_id ) end parameters end
Also aliased as: googleauth_orig_generate_access_token_request
Alias for: generate_access_token_request
Source
# File lib/googleauth/signet.rb, line 112 def retry_with_error max_retry_count = 5 retry_count = 0 begin yield.tap { |resp| log_response resp } rescue StandardError => e if e.is_a?(Signet::AuthorizationError) || e.is_a?(Signet::ParseError) log_auth_error e raise e end if retry_count < max_retry_count log_transient_error e retry_count += 1 sleep retry_count * 0.3 retry else log_retries_exhausted e msg = "Unexpected error: #{e.inspect}" raise Signet::AuthorizationError, msg end end end
Source
# File lib/googleauth/signet.rb, line 64 def token_type target_audience ? :id_token : :access_token end
The token type as symbol, either :id_token or :access_token
Source
# File lib/googleauth/signet.rb, line 42 def update! options = {} # Normalize all keys to symbols to allow indifferent access. options = deep_hash_normalize options # This `update!` method "overide" adds the `@logger`` update and # the `universe_domain` update. # # The `universe_domain` is also updated in `update_token!` but is # included here for completeness self.universe_domain = options[:universe_domain] if options.key? :universe_domain @logger = options[:logger] if options.key? :logger update_signet_base options end
Also aliased as: update_signet_base
Source
# File lib/googleauth/signet.rb, line 32 def update_token! options = {} options = deep_hash_normalize options id_token_expires_at = expires_at_from_id_token options[:id_token] options[:expires_at] = id_token_expires_at if id_token_expires_at update_token_signet_base options self.universe_domain = options[:universe_domain] if options.key? :universe_domain self end
Also aliased as: update_token_signet_base
Private Instance Methods
Source
# File lib/googleauth/signet.rb, line 174 def expires_at_from_id_token id_token match = /^[\w=-]+\.([\w=-]+)\.[\w=-]+$/.match id_token.to_s return unless match json = JSON.parse Base64.urlsafe_decode64 match[1] return unless json.key? "exp" Time.at json["exp"].to_i rescue StandardError # Shouldn't happen unless we get a garbled ID token nil end
Source
# File lib/googleauth/signet.rb, line 201 def log_auth_error err logger&.info do Google::Logging::Message.from( message: "Auth error when fetching auth token: #{err}", "credentialsId" => object_id ) end end
Source
# File lib/googleauth/signet.rb, line 185 def log_response token_response response_hash = JSON.parse token_response rescue {} if response_hash["access_token"] digest = Digest::SHA256.hexdigest response_hash["access_token"] response_hash["access_token"] = "(sha256:#{digest})" end if response_hash["id_token"] digest = Digest::SHA256.hexdigest response_hash["id_token"] response_hash["id_token"] = "(sha256:#{digest})" end Google::Logging::Message.from( message: "Received auth token response: #{response_hash}", "credentialsId" => object_id ) end
Source
# File lib/googleauth/signet.rb, line 219 def log_retries_exhausted err logger&.info do Google::Logging::Message.from( message: "Exhausted retries when fetching auth token: #{err}", "credentialsId" => object_id ) end end
Source
# File lib/googleauth/signet.rb, line 210 def log_transient_error err logger&.info do Google::Logging::Message.from( message: "Transient error when fetching auth token: #{err}", "credentialsId" => object_id ) end end