Class: Signet::OAuth2::Client

Inherits:

Object

• Object
• Signet::OAuth2::Client

Includes:

Google::Auth::BaseClient

Defined in:

lib/googleauth/signet.rb

Overview

Signet::OAuth2::Client creates an OAuth2 client

This reopens Client to add #apply and #apply! methods which update a hash with the fetched authentication token.

Direct Known Subclasses

Google::Auth::GCECredentials, Google::Auth::ServiceAccountCredentials, Google::Auth::UserRefreshCredentials

Constant Summary

Constants included from Google::Auth::BaseClient

Google::Auth::BaseClient::AUTH_METADATA_KEY

Instance Attribute Summary

• #universe_domain ⇒ Object

  Set the universe domain.

Attributes included from Google::Auth::BaseClient

#logger

Instance Method Summary

• #build_default_connection ⇒ Object
• #configure_connection(options) ⇒ Object
• #duplicate(options = {}) ⇒ Object

  Creates a duplicate of these credentials without the Signet::OAuth2::Client-specific transient state (e.g. cached tokens).

• #fetch_access_token!(options = {}) ⇒ Object
• #generate_access_token_request(options = {}) ⇒ Object
• #googleauth_orig_generate_access_token_request ⇒ Object
• #orig_fetch_access_token! ⇒ Object
• #retry_with_error(max_retry_count = 5) { ... } ⇒ Object

  Retries the provided block with exponential backoff, handling and wrapping errors.

• #token_type ⇒ Object

  The token type as symbol, either :id_token or :access_token.

• #update!(options = {}) ⇒ Object
• #update_signet_base ⇒ Object
• #update_token!(options = {}) ⇒ Object
• #update_token_signet_base ⇒ Object

Methods included from Google::Auth::BaseClient

#apply, #apply!, #expires_within?, #needs_access_token?, #notify_refresh_listeners, #on_refresh, #updater_proc

Instance Attribute Details

#universe_domain ⇒ Object

Set the universe domain

# File 'lib/googleauth/signet.rb', line 70

def universe_domain
  @universe_domain
end

Instance Method Details

#build_default_connection ⇒ Object

# File 'lib/googleauth/signet.rb', line 103

def build_default_connection
  if !defined?(@connection_info)
    nil
  elsif @connection_info.respond_to? :call
    @connection_info.call
  else
    @connection_info
  end
end

#configure_connection(options) ⇒ Object

# File 'lib/googleauth/signet.rb', line 58

def configure_connection options
  @connection_info =
    options[:connection_builder] || options[:default_connection]
  self
end

#duplicate(options = {}) ⇒ Object

Creates a duplicate of these credentials without the Signet::OAuth2::Client-specific transient state (e.g. cached tokens)

Parameters:

• options (Hash) (defaults to: {}) —

  Overrides for the credentials parameters.

See Also:

• #update!

# File 'lib/googleauth/signet.rb', line 160

def duplicate options = {}
  options = deep_hash_normalize options

  opts = {
    authorization_uri: @authorization_uri,
    token_credential_uri: @token_credential_uri,
    client_id: @client_id,
    client_secret: @client_secret,
    scope: @scope,
    target_audience: @target_audience,
    redirect_uri: @redirect_uri,
    username: @username,
    password: @password,
    issuer: @issuer,
    person: @person,
    sub: @sub,
    audience: @audience,
    signing_key: @signing_key,
    extension_parameters: @extension_parameters,
    additional_parameters: @additional_parameters,
    access_type: @access_type,
    universe_domain: @universe_domain,
    logger: @logger
  }.merge(options)

  new_client = self.class.new opts

  new_client.configure_connection options
end

#fetch_access_token!(options = {}) ⇒ Object

# File 'lib/googleauth/signet.rb', line 73

def fetch_access_token! options = {}
  unless options[:connection]
    connection = build_default_connection
    options = options.merge connection: connection if connection
  end
  info = retry_with_error do
    orig_fetch_access_token! options
  end
  notify_refresh_listeners
  info
end

#generate_access_token_request(options = {}) ⇒ Object

# File 'lib/googleauth/signet.rb', line 86

def generate_access_token_request options = {}
  parameters = googleauth_orig_generate_access_token_request options
  logger&.info do
    Google::Logging::Message.from(
      message: "Requesting access token from #{parameters['grant_type']}",
      "credentialsId" => object_id
    )
  end
  logger&.debug do
    Google::Logging::Message.from(
      message: "Token fetch params: #{parameters}",
      "credentialsId" => object_id
    )
  end
  parameters
end

#googleauth_orig_generate_access_token_request ⇒ Object

# File 'lib/googleauth/signet.rb', line 85

alias googleauth_orig_generate_access_token_request generate_access_token_request

#orig_fetch_access_token! ⇒ Object

# File 'lib/googleauth/signet.rb', line 72

alias orig_fetch_access_token! fetch_access_token!

#retry_with_error(max_retry_count = 5) { ... } ⇒ Object

Retries the provided block with exponential backoff, handling and wrapping errors.

Parameters:

• max_retry_count (Integer) (defaults to: 5) —

  The maximum number of retries before giving up

Yields:

• The block to execute and potentially retry

Returns:

• (Object) —

  The result of the block if successful

Raises:

• (Google::Auth::AuthorizationError) —

  If a Signet::AuthorizationError occurs or if retries are exhausted

• (Google::Auth::ParseError) —

  If a Signet::ParseError occurs during token parsing

# File 'lib/googleauth/signet.rb', line 122

def retry_with_error max_retry_count = 5
  retry_count = 0

  begin
    yield.tap { |resp| log_response resp }
  rescue Signet::AuthorizationError, Signet::ParseError => e
    log_auth_error e
    error_class = e.is_a?(Signet::ParseError) ? Google::Auth::ParseError : Google::Auth::AuthorizationError
    raise error_class.with_details(
      e.message,
      credential_type_name: self.class.name,
      principal: respond_to?(:principal) ? principal : :signet_client
    )
  rescue StandardError => e
    if retry_count < max_retry_count
      log_transient_error e
      retry_count += 1
      sleep retry_count * 0.3
      retry
    else
      log_retries_exhausted e
      msg = "Unexpected error: #{e.inspect}"
      raise Google::Auth::AuthorizationError.with_details(
        msg,
        credential_type_name: self.class.name,
        principal: respond_to?(:principal) ? principal : :signet_client
      )
    end
  end
end

#token_type ⇒ Object

The token type as symbol, either :id_token or :access_token

# File 'lib/googleauth/signet.rb', line 65

def token_type
  target_audience ? :id_token : :access_token
end

#update!(options = {}) ⇒ Object

# File 'lib/googleauth/signet.rb', line 43

def update! options = {}
  # Normalize all keys to symbols to allow indifferent access.
  options = deep_hash_normalize options

  # This `update!` method "overide" adds the `@logger`` update and
  # the `universe_domain` update.
  #
  # The `universe_domain` is also updated in `update_token!` but is
  # included here for completeness
  self.universe_domain = options[:universe_domain] if options.key? :universe_domain
  @logger = options[:logger] if options.key? :logger

  update_signet_base options
end

#update_signet_base ⇒ Object

# File 'lib/googleauth/signet.rb', line 42

alias update_signet_base update!

#update_token!(options = {}) ⇒ Object

# File 'lib/googleauth/signet.rb', line 33

def update_token! options = {}
  options = deep_hash_normalize options
  id_token_expires_at = expires_at_from_id_token options[:id_token]
  options[:expires_at] = id_token_expires_at if id_token_expires_at
  update_token_signet_base options
  self.universe_domain = options[:universe_domain] if options.key? :universe_domain
  self
end

#update_token_signet_base ⇒ Object

# File 'lib/googleauth/signet.rb', line 31

alias update_token_signet_base update_token!