Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Assertion grant extension #870

Closed
zstiggz opened this issue Jul 21, 2016 · 4 comments
Closed

Assertion grant extension #870

zstiggz opened this issue Jul 21, 2016 · 4 comments

Comments

@zstiggz
Copy link

zstiggz commented Jul 21, 2016
edited
Loading

I found the assertion library born of #249 located at https://github.com/doorkeeper-gem/doorkeeper-grants_assertion to be out of date, and malfunctional. As such, here's a proposed extension for anyone wishing to use doorkeeper with the assertion grant_type.

After gem doorkeeper and bundle install I added/modified these files to my Rails project. I based the implementation off that of the password strategy.

Edit: This is not a comprehensive solution, and you'll probably need to implement some of your own authentication logic in resource_owner_from_assertion

#lib/doorkeeper/request/assertion.rb

module Doorkeeper
  module Request
    class Assertion < Strategy
      delegate :credentials, :resource_owner_from_assertion, :parameters, to: :server

      def request
        @request ||= OAuth::AssertionRequest.new(
          Doorkeeper.configuration,
          client,
          resource_owner_from_assertion,
          parameters
        )
      end

      private

      def client
        if credentials
          server.client
        elsif parameters[:client_id]
          server.client_via_uid
        end
      end
    end
  end
end
#lib/doorkeeper/assertion_request.rb

module Doorkeeper
  module OAuth
    class AssertionRequest
      include Validations
      include OAuth::RequestConcern
      include OAuth::Helpers

      validate :client,         error: :invalid_client
      validate :resource_owner, error: :invalid_grant
      validate :scopes,         error: :invalid_scope

      attr_accessor :server, :client, :resource_owner, :parameters,
                    :access_token

      def initialize(server, client, resource_owner_from_assertion, parameters = {})
        @server          = server
        @resource_owner  = resource_owner_from_assertion
        @client          = client
        @parameters      = parameters
        @original_scopes = parameters[:scope]
      end

      private

      def before_successful_response
        find_or_create_access_token(client, resource_owner.id, scopes, server)
      end

      def validate_scopes
        return true unless @original_scopes.present?
        ScopeChecker.valid? @original_scopes, server.scopes, client.try(:scopes)
      end

      def validate_resource_owner
        !!resource_owner
      end

      def validate_client
        !parameters[:client_id] || !!client
      end
    end
  end
end
#lib/doorkeeper/assertion_extension.rb

require 'doorkeeper/oauth/assertion_request.rb'
require 'doorkeeper/request/assertion.rb'

module Doorkeeper
  module Helpers
    module Controller
      private

      def resource_owner_from_assertion
        instance_eval(&Doorkeeper.configuration.resource_owner_from_assertion)
      end
    end
  end
end

module Doorkeeper
  class Server
    def resource_owner_from_assertion
      context.send :resource_owner_from_assertion
    end
  end
end

module Doorkeeper
  class Config
    extend Option

    option :resource_owner_from_assertion, 
      default: (lambda do |_routes|
        warn(I18n.t("doorkeeper.errors.messages.assertion_flow_not_configured"))
        nil
      end)
  end
end
#config/initializers/doorkeeper.rb
require 'doorkeeper/assertion_extension.rb'

Doorkeeper.configure do
  resource_owner_from_assertion do |routes|
    fail "TODO: resource_owner_from_assertion not configured"
  end
end
@tute
Copy link
Contributor

tute commented Jul 21, 2016

Thank you! Do you think it's good to add this to a wiki, so we can leave it as documentation that can be kept up to date?

@zstiggz
Copy link
Author

zstiggz commented Jul 21, 2016

No problem, thank you for maintaining doorkeeper, it's a fantastic library! You're welcome to add this to the wiki, or I'm happy to do it if you'd like me to. Alternatively, it could make sense to do a pull request on https://github.com/doorkeeper-gem/doorkeeper-grants_assertion, but I'm a little uncomfortable making the PR, since I haven't written any RSpec specs (or authored a ruby gem) yet. Let me know how I can help!

@tute
Copy link
Contributor

tute commented Jul 22, 2016

No problem, thank you for maintaining doorkeeper, it's a fantastic library!

I'm glad it's useful!

You're welcome to add this to the wiki, or I'm happy to do it if you'd like me to.

Please do! :) Create from https://github.com/doorkeeper-gem/doorkeeper/wiki/_new, and then link from https://github.com/doorkeeper-gem/doorkeeper/wiki/Home/_edit.

Alternatively, it could make sense to do a pull request on https://github.com/doorkeeper-gem/doorkeeper-grants_assertion, but I'm a little uncomfortable making the PR, since I haven't written any RSpec specs (or authored a ruby gem) yet. Let me know how I can help!

Everyone of us sent a PR to an Open Source project with it being the first time we write for a certain testing library! :) You should be fine.

This project though doesn't have any maintainer, so you won't get code reviews or merge. :-/

Thank you for your help!

@tute
Copy link
Contributor

tute commented Aug 7, 2016

Thanks!

@tute tute closed this as completed Aug 7, 2016
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tute @zstiggz