demarches-normaliennes/app/services/agent_connect_service.rb

class AgentConnectService
  include OpenIDConnect

  def self.enabled?
    ENV.fetch("AGENT_CONNECT_ENABLED", "enabled") == "enabled"
  end

  def self.authorization_uri
    client = AgentConnectClient.new

    state = SecureRandom.hex(16)
    nonce = SecureRandom.hex(16)

    uri = client.authorization_uri(
      scope: [:openid, :email],
      state: state,
      nonce: nonce,
      acr_values: 'eidas1'
    )

    [uri, state, nonce]
  end

  def self.user_info(code, nonce)
    client = AgentConnectClient.new(code)

    access_token = client.access_token!(client_auth_method: :secret)

    discover = find_discover
    id_token = ResponseObject::IdToken.decode(access_token.id_token, discover.jwks)

    id_token.verify!(
      client_id: Rails.application.secrets.agent_connect[:identifier],
      issuer: discover.issuer,
      nonce: nonce
    )

    access_token
      .userinfo!
      .raw_attributes
  end

  private

  def self.find_discover
    Discovery::Provider::Config.discover!("#{ENV.fetch('AGENT_CONNECT_BASE_URL')}/api/v2")
  end
end
AgentConnect UI 2021-11-19 10:00:04 +01:00			`class AgentConnectService`
check nonce 2022-04-11 13:11:54 +02:00			`include OpenIDConnect`

AgentConnect UI 2021-11-19 10:00:04 +01:00			`def self.enabled?`
			`ENV.fetch("AGENT_CONNECT_ENABLED", "enabled") == "enabled"`
			`end`
redirect to AgentConnect 2021-11-19 10:21:47 +01:00
			`def self.authorization_uri`
			`client = AgentConnectClient.new`

check state 2022-04-11 13:11:04 +02:00			`state = SecureRandom.hex(16)`
check nonce 2022-04-11 13:11:54 +02:00			`nonce = SecureRandom.hex(16)`
check state 2022-04-11 13:11:04 +02:00
			`uri = client.authorization_uri(`
redirect to AgentConnect 2021-11-19 10:21:47 +01:00			`scope: [:openid, :email],`
check state 2022-04-11 13:11:04 +02:00			`state: state,`
check nonce 2022-04-11 13:11:54 +02:00			`nonce: nonce,`
redirect to AgentConnect 2021-11-19 10:21:47 +01:00			`acr_values: 'eidas1'`
			`)`
check state 2022-04-11 13:11:04 +02:00
check nonce 2022-04-11 13:11:54 +02:00			`[uri, state, nonce]`
redirect to AgentConnect 2021-11-19 10:21:47 +01:00			`end`
manage AgentConnect callback 2021-11-19 15:24:54 +01:00
check nonce 2022-04-11 13:11:54 +02:00			`def self.user_info(code, nonce)`
manage AgentConnect callback 2021-11-19 15:24:54 +01:00			`client = AgentConnectClient.new(code)`

check nonce 2022-04-11 13:11:54 +02:00			`access_token = client.access_token!(client_auth_method: :secret)`

			`discover = find_discover`
			`id_token = ResponseObject::IdToken.decode(access_token.id_token, discover.jwks)`

			`id_token.verify!(`
fix(agent_connect): constant path https://sentry.io/organizations/demarches-simplifiees/issues/3248516694/?project=1429550&query=is%3Aunresolved&statsPeriod=14d 2022-08-02 19:10:19 +02:00			`client_id: Rails.application.secrets.agent_connect[:identifier],`
check nonce 2022-04-11 13:11:54 +02:00			`issuer: discover.issuer,`
			`nonce: nonce`
			`)`

			`access_token`
manage AgentConnect callback 2021-11-19 15:24:54 +01:00			`.userinfo!`
			`.raw_attributes`
			`end`
check nonce 2022-04-11 13:11:54 +02:00
			`private`

			`def self.find_discover`
fix(agent_connect): constant path https://sentry.io/organizations/demarches-simplifiees/issues/3248516694/?project=1429550&query=is%3Aunresolved&statsPeriod=14d 2022-08-02 19:10:19 +02:00			`Discovery::Provider::Config.discover!("#{ENV.fetch('AGENT_CONNECT_BASE_URL')}/api/v2")`
check nonce 2022-04-11 13:11:54 +02:00			`end`
AgentConnect UI 2021-11-19 10:00:04 +01:00			`end`