Class: Net::IMAP::SASL::ExternalAuthenticator
Relationships & Source Files | |
Inherits: | Object |
Defined in: | lib/net/imap/sasl/external_authenticator.rb |
Overview
Authenticator for the “EXTERNAL
” ::Net::IMAP::SASL
mechanism, as specified by RFC-4422. See Net::IMAP#authenticate.
The EXTERNAL mechanism requests that the server use client credentials established external to ::Net::IMAP::SASL
, for example by TLS certificate or IPSec.
Class Method Summary
-
.new(authzid: nil, **) ⇒ authenticator
constructor
Creates an Authenticator for the “
EXTERNAL
”::Net::IMAP::SASL
mechanism, as specified in RFC-4422.
Instance Attribute Summary
-
#authzid
(also: #username)
readonly
Authorization identity: an identity to act as or on behalf of.
-
#done? ⇒ Boolean
readonly
Returns true when the initial client response was sent.
-
#initial_response? ⇒ Boolean
readonly
EXTERNAL
can send an initial client response. -
#username
readonly
Alias for #authzid.
Instance Method Summary
-
#process(_)
Returns #authzid, or an empty string if there is no authzid.
Constructor Details
.new(authzid: nil, **) ⇒ authenticator
.new(username: nil, **) ⇒ authenticator
.new(username = nil, **) ⇒ authenticator
Creates an Authenticator for the “EXTERNAL
” ::Net::IMAP::SASL
mechanism, as specified in RFC-4422. To use this, see Net::IMAP#authenticate or your client’s authentication method.
Parameters
-
optional #authzid ― Authorization identity to act as or on behalf of.
optional #username ― An alias for #authzid.
Note that, unlike some other authenticators, #username sets the authorization identity and not the authentication identity. The authentication identity is established for the client by the external credentials.
Any other keyword parameters are quietly ignored.
# File 'lib/net/imap/sasl/external_authenticator.rb', line 52
def initialize(user = nil, authzid: nil, username: nil, **) authzid ||= username || user @authzid = authzid&.to_str&.encode "UTF-8" if @authzid&.match?(/\u0000/u) # also validates UTF8 encoding raise ArgumentError, "contains NULL" end @done = false end
Instance Attribute Details
#authzid (readonly) Also known as: #username
Authorization identity: an identity to act as or on behalf of. The identity form is application protocol specific. If not provided or left blank, the server derives an authorization identity from the authentication identity. The server is responsible for verifying the client’s credentials and verifying that the identity it associates with the client’s authentication identity is allowed to act as (or on behalf of) the authorization identity.
For example, an administrator or superuser might take on another role:
imap.authenticate "PLAIN", "root", passwd, authzid: "user"
# File 'lib/net/imap/sasl/external_authenticator.rb', line 27
attr_reader :authzid
#done? ⇒ Boolean
(readonly)
Returns true when the initial client response was sent.
The authentication should not succeed unless this returns true, but it does not indicate success.
# File 'lib/net/imap/sasl/external_authenticator.rb', line 78
def done?; @done end
#initial_response? ⇒ Boolean
(readonly)
EXTERNAL
can send an initial client response.
# File 'lib/net/imap/sasl/external_authenticator.rb', line 65
def initial_response?; true end
#username (readonly)
Alias for #authzid.
# File 'lib/net/imap/sasl/external_authenticator.rb', line 28
alias username authzid
Instance Method Details
#process(_)
Returns #authzid, or an empty string if there is no authzid.
# File 'lib/net/imap/sasl/external_authenticator.rb', line 68
def process(_) authzid || "" ensure @done = true end