0.0
The project is in a healthy, maintained state
Wrapper for the VA SignInService API
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Runtime

~> 2.7
~> 2.8
 Project Readme

Note: This repo is managed by the VA.gov Identity team. Please reference our main product page here for contact information and questions.

SignInService Ruby Client

The SignInService Ruby client provides a simple and convenient way to interact with the SignInService API for handling OAuth flows.

Installation

Add gem to your Gemfile

gem 'sign_in_service', :git => 'git://github.com/department-of-veterans-affairs/sign-in-service-rb.git'
bundle install

Client Configuration

Configure the SignInService client with your base URL, client ID, and authentication type in an initializer:

require 'sign_in_service'

SignInService::Client.configure do |config|
  config.base_url = 'https://your_sign_in_service_url'
  config.client_id = 'your_client_id'
  config.auth_type = :cookie # or :api
end

Auth Types: Cookie vs API

The SignInService client supports two authentication types: Cookie and API.

Cookie Authentication

With Cookie authentication, tokens are returned in the Set-Cookie headers of the response. This approach is typically used in web applications where cookies can be stored and managed directly by the browser.

API Authentication

With API authentication, tokens are returned in the response body. This approach is typically used in non-web applications or scenarios where the application handles the tokens directly, such as mobile apps, desktop apps, or server-side scripts.

Endpoints

Authorization

  • Authorize - Initiate the OAuth flow
  • Token - Exchange authorization code for session tokens

Session Management

STS Configuration

SignInService::Sts.configure do |config|
  config.base_url = 'https://api.va.gov' # Sign-in service URL
  config.service_account_id = 'your_client_id'
  config.issuer = 'your_client_secret',
  config.scopes = ["https://api.va.gov/v0/some-path"]
  config.user_attributes = ['icn'] # optional
  config.private_key_path = 'path/to/private_key.pem'
end

Or create a new instance of the STS client with the configuration (overrides the global configuration):

sts_client = SignInService::Sts.new(
  base_url: 'https://api.va.gov',
  service_account_id: 'your_client_id',
  issuer: 'your_client_secret',
  scopes: ["https://api.va.gov/v0/some-path"],
  user_attributes: ['icn'], # optional
  private_key_path: 'path/to/private_key.pem'
)

Token - /v0/sign_in/token

When requesting a token you need to pass in a user_identifier to be used as the subject of the token. This can be an ICN, email, or any other unique identifier.

sts = SignInService::Sts.new(user_identifier: '1234567890') # And other configuration options not in the global configuration

token = sts.request_token