2021-11-19 10:00:04 +01:00
|
|
|
class AgentConnectService
|
2022-04-11 13:11:54 +02:00
|
|
|
include OpenIDConnect
|
|
|
|
|
2021-11-19 10:00:04 +01:00
|
|
|
def self.enabled?
|
|
|
|
ENV.fetch("AGENT_CONNECT_ENABLED", "enabled") == "enabled"
|
|
|
|
end
|
2021-11-19 10:21:47 +01:00
|
|
|
|
|
|
|
def self.authorization_uri
|
|
|
|
client = AgentConnectClient.new
|
|
|
|
|
2022-04-11 13:11:04 +02:00
|
|
|
state = SecureRandom.hex(16)
|
2022-04-11 13:11:54 +02:00
|
|
|
nonce = SecureRandom.hex(16)
|
2022-04-11 13:11:04 +02:00
|
|
|
|
|
|
|
uri = client.authorization_uri(
|
2021-11-19 10:21:47 +01:00
|
|
|
scope: [:openid, :email],
|
2022-04-11 13:11:04 +02:00
|
|
|
state: state,
|
2022-04-11 13:11:54 +02:00
|
|
|
nonce: nonce,
|
2021-11-19 10:21:47 +01:00
|
|
|
acr_values: 'eidas1'
|
|
|
|
)
|
2022-04-11 13:11:04 +02:00
|
|
|
|
2022-04-11 13:11:54 +02:00
|
|
|
[uri, state, nonce]
|
2021-11-19 10:21:47 +01:00
|
|
|
end
|
2021-11-19 15:24:54 +01:00
|
|
|
|
2022-04-11 13:11:54 +02:00
|
|
|
def self.user_info(code, nonce)
|
2021-11-19 15:24:54 +01:00
|
|
|
client = AgentConnectClient.new(code)
|
|
|
|
|
2022-04-11 13:11:54 +02:00
|
|
|
access_token = client.access_token!(client_auth_method: :secret)
|
|
|
|
|
|
|
|
discover = find_discover
|
|
|
|
id_token = ResponseObject::IdToken.decode(access_token.id_token, discover.jwks)
|
|
|
|
|
|
|
|
id_token.verify!(
|
|
|
|
client_id: AGENT_CONNECT[:identifier],
|
|
|
|
issuer: discover.issuer,
|
|
|
|
nonce: nonce
|
|
|
|
)
|
|
|
|
|
|
|
|
access_token
|
2021-11-19 15:24:54 +01:00
|
|
|
.userinfo!
|
|
|
|
.raw_attributes
|
|
|
|
end
|
2022-04-11 13:11:54 +02:00
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def self.find_discover
|
|
|
|
Discovery::Provider::Config.discover!("#{AGENT_CONNECT_BASE_URL}/api/v2")
|
|
|
|
end
|
2021-11-19 10:00:04 +01:00
|
|
|
end
|