nov · February 21, 2018 08:11
diff --git a/iGov_client.rb b/iGov_client.rb
 # NOTE:
 #  * rack-oauth gem v1.8.2+ is required. (openid_connect gem is largelly developed on top of the rack-oauth2 gem)
 #  * this feature isn't tested well yet.
 #  * you can replace `OpenIDConnect` with `Rack::OAuth2` if you don't need ID Token & UserInfo API support.

 require 'openid_connect'

 OpenIDConnect.debug!

 pem = <<-PEM
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpAIBAAKCAQEAyQCptrHnabLCNo45b/0PLqXlCb6JyEq1Ggc042s8zWiSITNt 
 :
 +uQXtYh42jIQObLQ40EJUO3u2IzRlmcCfbUDNpeieXZuv+7jAxQgaA==
 -----END RSA PRIVATE KEY-----
 PEM

 client = OpenIDConnect::Client.new(
  identifier: 'client_id',
  private_key: OpenSSL::PKey::RSA.new(pem),
  host: 'idp.int.login.gov',
  authorization_endpoint: '/openid_connect/authorize',
  token_endpoint: '/api/openid_connect/token',
  userinfo_endpoint: '/api/openid_connect/userinfo',
  redirect_uri: 'https://client.example.com/callback'
 )

 code_verifier = SecureRandom.hex(16)
 nonce = SecureRandom.hex(16)
 state = SecureRandom.hex(16)

 authorization_uri = client.authorization_uri(
  scope: [:email, :profile],
  nonce: nonce,
  state: state,
  code_challenge: UrlSafeBase64.encode64(OpenSSL::Digest::SHA256.digest(code_verifier)),
  code_challenge_method: :S256
 )
 puts authorization_uri
 `open "#{authorization_uri}"`

 print 'code: ' and STDOUT.flush
 code = gets.chop

 client.authorization_code = code
 token = client.access_token!(
  :jwt_bearer, # NOTE: this triggers auto JWT asserion generation for client authn using `Client#secret` or `Client#private_key` with auto signature algorithm detection (ES256, RSA256 or HS256).
  code_verifier: code_verifier
 )

 token.userinfo!
	# NOTE:
	# * rack-oauth gem v1.8.2+ is required. (openid_connect gem is largelly developed on top of the rack-oauth2 gem)
	# * this feature isn't tested well yet.
	# * you can replace `OpenIDConnect` with `Rack::OAuth2` if you don't need ID Token & UserInfo API support.

	require 'openid_connect'

	OpenIDConnect.debug!

	pem = <<-PEM
	-----BEGIN RSA PRIVATE KEY-----
	MIIEpAIBAAKCAQEAyQCptrHnabLCNo45b/0PLqXlCb6JyEq1Ggc042s8zWiSITNt
	:
	+uQXtYh42jIQObLQ40EJUO3u2IzRlmcCfbUDNpeieXZuv+7jAxQgaA==
	-----END RSA PRIVATE KEY-----
	PEM

	client = OpenIDConnect::Client.new(
	identifier: 'client_id',
	private_key: OpenSSL::PKey::RSA.new(pem),
	host: 'idp.int.login.gov',
	authorization_endpoint: '/openid_connect/authorize',
	token_endpoint: '/api/openid_connect/token',
	userinfo_endpoint: '/api/openid_connect/userinfo',
	redirect_uri: 'https://client.example.com/callback'
	)

	code_verifier = SecureRandom.hex(16)
	nonce = SecureRandom.hex(16)
	state = SecureRandom.hex(16)

	authorization_uri = client.authorization_uri(
	scope: [:email, :profile],
	nonce: nonce,
	state: state,
	code_challenge: UrlSafeBase64.encode64(OpenSSL::Digest::SHA256.digest(code_verifier)),
	code_challenge_method: :S256
	)
	puts authorization_uri
	`open "#{authorization_uri}"`

	print 'code: ' and STDOUT.flush
	code = gets.chop

	client.authorization_code = code
	token = client.access_token!(
	:jwt_bearer, # NOTE: this triggers auto JWT asserion generation for client authn using `Client#secret` or `Client#private_key` with auto signature algorithm detection (ES256, RSA256 or HS256).
	code_verifier: code_verifier
	)

	token.userinfo!