Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Assertion grant extension #870

Closed
CaptainStiggz opened this issue Jul 21, 2016 · 4 comments
Closed

Assertion grant extension #870

CaptainStiggz opened this issue Jul 21, 2016 · 4 comments

Comments

@CaptainStiggz
Copy link

CaptainStiggz commented Jul 21, 2016

I found the assertion library born of #249 located at https://github.com/doorkeeper-gem/doorkeeper-grants_assertion to be out of date, and malfunctional. As such, here's a proposed extension for anyone wishing to use doorkeeper with the assertion grant_type.

After gem doorkeeper and bundle install I added/modified these files to my Rails project. I based the implementation off that of the password strategy.

Edit: This is not a comprehensive solution, and you'll probably need to implement some of your own authentication logic in resource_owner_from_assertion

#lib/doorkeeper/request/assertion.rb

module Doorkeeper
  module Request
    class Assertion < Strategy
      delegate :credentials, :resource_owner_from_assertion, :parameters, to: :server

      def request
        @request ||= OAuth::AssertionRequest.new(
          Doorkeeper.configuration,
          client,
          resource_owner_from_assertion,
          parameters
        )
      end

      private

      def client
        if credentials
          server.client
        elsif parameters[:client_id]
          server.client_via_uid
        end
      end
    end
  end
end
#lib/doorkeeper/assertion_request.rb

module Doorkeeper
  module OAuth
    class AssertionRequest
      include Validations
      include OAuth::RequestConcern
      include OAuth::Helpers

      validate :client,         error: :invalid_client
      validate :resource_owner, error: :invalid_grant
      validate :scopes,         error: :invalid_scope

      attr_accessor :server, :client, :resource_owner, :parameters,
                    :access_token

      def initialize(server, client, resource_owner_from_assertion, parameters = {})
        @server          = server
        @resource_owner  = resource_owner_from_assertion
        @client          = client
        @parameters      = parameters
        @original_scopes = parameters[:scope]
      end

      private

      def before_successful_response
        find_or_create_access_token(client, resource_owner.id, scopes, server)
      end

      def validate_scopes
        return true unless @original_scopes.present?
        ScopeChecker.valid? @original_scopes, server.scopes, client.try(:scopes)
      end

      def validate_resource_owner
        !!resource_owner
      end

      def validate_client
        !parameters[:client_id] || !!client
      end
    end
  end
end
#lib/doorkeeper/assertion_extension.rb

require 'doorkeeper/oauth/assertion_request.rb'
require 'doorkeeper/request/assertion.rb'

module Doorkeeper
  module Helpers
    module Controller
      private

      def resource_owner_from_assertion
        instance_eval(&Doorkeeper.configuration.resource_owner_from_assertion)
      end
    end
  end
end

module Doorkeeper
  class Server
    def resource_owner_from_assertion
      context.send :resource_owner_from_assertion
    end
  end
end

module Doorkeeper
  class Config
    extend Option

    option :resource_owner_from_assertion, 
      default: (lambda do |_routes|
        warn(I18n.t("doorkeeper.errors.messages.assertion_flow_not_configured"))
        nil
      end)
  end
end
#config/initializers/doorkeeper.rb
require 'doorkeeper/assertion_extension.rb'

Doorkeeper.configure do
  resource_owner_from_assertion do |routes|
    fail "TODO: resource_owner_from_assertion not configured"
  end
end
@tute
Copy link
Contributor

tute commented Jul 21, 2016

Thank you! Do you think it's good to add this to a wiki, so we can leave it as documentation that can be kept up to date?

@CaptainStiggz
Copy link
Author

No problem, thank you for maintaining doorkeeper, it's a fantastic library! You're welcome to add this to the wiki, or I'm happy to do it if you'd like me to. Alternatively, it could make sense to do a pull request on https://github.com/doorkeeper-gem/doorkeeper-grants_assertion, but I'm a little uncomfortable making the PR, since I haven't written any RSpec specs (or authored a ruby gem) yet. Let me know how I can help!

@tute
Copy link
Contributor

tute commented Jul 22, 2016

No problem, thank you for maintaining doorkeeper, it's a fantastic library!

I'm glad it's useful!

You're welcome to add this to the wiki, or I'm happy to do it if you'd like me to.

Please do! :) Create from https://github.com/doorkeeper-gem/doorkeeper/wiki/_new, and then link from https://github.com/doorkeeper-gem/doorkeeper/wiki/Home/_edit.

Alternatively, it could make sense to do a pull request on https://github.com/doorkeeper-gem/doorkeeper-grants_assertion, but I'm a little uncomfortable making the PR, since I haven't written any RSpec specs (or authored a ruby gem) yet. Let me know how I can help!

Everyone of us sent a PR to an Open Source project with it being the first time we write for a certain testing library! :) You should be fine.

This project though doesn't have any maintainer, so you won't get code reviews or merge. :-/


Thank you for your help!

@tute
Copy link
Contributor

tute commented Aug 7, 2016

Thanks!

@tute tute closed this as completed Aug 7, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants