class Signet::OAuth2::Client

Signet::OAuth2::Client creates an OAuth2 client

This reopens Client to add apply and apply! methods which update a hash with the fetched authentication token.

Attributes

universe_domain[RW]

Set the universe domain

Public Instance Methods

build_default_connection() click to toggle source
# File lib/googleauth/signet.rb, line 86
def build_default_connection
  if !defined?(@connection_info)
    nil
  elsif @connection_info.respond_to? :call
    @connection_info.call
  else
    @connection_info
  end
end
configure_connection(options) click to toggle source
# File lib/googleauth/signet.rb, line 41
def configure_connection options
  @connection_info =
    options[:connection_builder] || options[:default_connection]
  self
end
fetch_access_token!(options = {}) click to toggle source
# File lib/googleauth/signet.rb, line 56
def fetch_access_token! options = {}
  unless options[:connection]
    connection = build_default_connection
    options = options.merge connection: connection if connection
  end
  info = retry_with_error do
    orig_fetch_access_token! options
  end
  notify_refresh_listeners
  info
end
Also aliased as: orig_fetch_access_token!
generate_access_token_request(options = {}) click to toggle source
# File lib/googleauth/signet.rb, line 69
def generate_access_token_request options = {}
  parameters = googleauth_orig_generate_access_token_request options
  logger&.info do
    Google::Logging::Message.from(
      message: "Requesting access token from #{parameters['grant_type']}",
      "credentialsId" => object_id
    )
  end
  logger&.debug do
    Google::Logging::Message.from(
      message: "Token fetch params: #{parameters}",
      "credentialsId" => object_id
    )
  end
  parameters
end
googleauth_orig_generate_access_token_request(options = {})
orig_fetch_access_token!(options = {})
Alias for: fetch_access_token!
retry_with_error(max_retry_count = 5) { || ... } click to toggle source
# File lib/googleauth/signet.rb, line 96
def retry_with_error max_retry_count = 5
  retry_count = 0

  begin
    yield.tap { |resp| log_response resp }
  rescue StandardError => e
    if e.is_a?(Signet::AuthorizationError) || e.is_a?(Signet::ParseError)
      log_auth_error e
      raise e
    end

    if retry_count < max_retry_count
      log_transient_error e
      retry_count += 1
      sleep retry_count * 0.3
      retry
    else
      log_retries_exhausted e
      msg = "Unexpected error: #{e.inspect}"
      raise Signet::AuthorizationError, msg
    end
  end
end
token_type() click to toggle source

The token type as symbol, either :id_token or :access_token

# File lib/googleauth/signet.rb, line 48
def token_type
  target_audience ? :id_token : :access_token
end
update_token!(options = {}) click to toggle source
# File lib/googleauth/signet.rb, line 32
def update_token! options = {}
  options = deep_hash_normalize options
  id_token_expires_at = expires_at_from_id_token options[:id_token]
  options[:expires_at] = id_token_expires_at if id_token_expires_at
  update_token_signet_base options
  self.universe_domain = options[:universe_domain] if options.key? :universe_domain
  self
end
Also aliased as: update_token_signet_base
update_token_signet_base(options = {})
Alias for: update_token!

Private Instance Methods

expires_at_from_id_token(id_token) click to toggle source
# File lib/googleauth/signet.rb, line 122
def expires_at_from_id_token id_token
  match = /^[\w=-]+\.([\w=-]+)\.[\w=-]+$/.match id_token.to_s
  return unless match
  json = JSON.parse Base64.urlsafe_decode64 match[1]
  return unless json.key? "exp"
  Time.at json["exp"].to_i
rescue StandardError
  # Shouldn't happen unless we get a garbled ID token
  nil
end
log_auth_error(err) click to toggle source
# File lib/googleauth/signet.rb, line 149
def log_auth_error err
  logger&.info do
    Google::Logging::Message.from(
      message: "Auth error when fetching auth token: #{err}",
      "credentialsId" => object_id
    )
  end
end
log_response(token_response) click to toggle source
# File lib/googleauth/signet.rb, line 133
def log_response token_response
  response_hash = JSON.parse token_response rescue {}
  if response_hash["access_token"]
    digest = Digest::SHA256.hexdigest response_hash["access_token"]
    response_hash["access_token"] = "(sha256:#{digest})"
  end
  if response_hash["id_token"]
    digest = Digest::SHA256.hexdigest response_hash["id_token"]
    response_hash["id_token"] = "(sha256:#{digest})"
  end
  Google::Logging::Message.from(
    message: "Received auth token response: #{response_hash}",
    "credentialsId" => object_id
  )
end
log_retries_exhausted(err) click to toggle source
# File lib/googleauth/signet.rb, line 167
def log_retries_exhausted err
  logger&.info do
    Google::Logging::Message.from(
      message: "Exhausted retries when fetching auth token: #{err}",
      "credentialsId" => object_id
    )
  end
end
log_transient_error(err) click to toggle source
# File lib/googleauth/signet.rb, line 158
def log_transient_error err
  logger&.info do
    Google::Logging::Message.from(
      message: "Transient error when fetching auth token: #{err}",
      "credentialsId" => object_id
    )
  end
end