Client Obtain Token - nov/openid_connect GitHub Wiki
NOTE
openid_connect gem is based on rack-oauth2 gem. The way to obtain access tokens is basically following rack-oauth2 style.
Only differences between Rack::OAuth2::Client
and OpenIDConnect::Client
are
OpenIDConnect::Client#authorization_uri
automatically addsopenid
scope if it's not givenOpenIDConnect::Client#access_token!
returnsOpenIDConnect::AccessToken
instance, instead ofRack::OAuth2::AccessToken::Bearer
Below is the sample of code flow. See Rack::OAuth2 wiki for other flows.
session[:state] = SecureRandom.hex(16)
session[:nonce] = SecureRandom.hex(16)
# Authorization Request
authorization_uri = client.authorization_uri(
scope: [:profile, :email],
state: session[:state],
nonce: session[:nonce]
)
`open "#{authorization_uri}"`
# Authorization Response
puts "# Authorization Code"
code = gets.strip
# Token Request
client.authorization_code = code
access_token = client.access_token! # => OpenIDConnect::AccessToken
id_token = OpenIDConnect::ResponseObject::IdToken.decode access_token.id_token, public_key # => OpenIDConnect::ResponseObject::IdToken
If your OAuth Server requires JWT bearer client assertion (a.k.a. private_key_jwt
) like iGov-complient IdPs, follow this gist.
https://gist.github.com/nov/98d26044e2f7c5b7d8fdba2b9bd101b4