class Net::IMAP::SASL::ExternalAuthenticator

Authenticator for the “EXTERNALSASL mechanism, as specified by RFC-4422. See Net::IMAP#authenticate.

The EXTERNAL mechanism requests that the server use client credentials established external to SASL, for example by TLS certificate or IPSec.

Attributes

authzid[R]

Authorization identity: an identity to act as or on behalf of. The identity form is application protocol specific. If not provided or left blank, the server derives an authorization identity from the authentication identity. The server is responsible for verifying the client’s credentials and verifying that the identity it associates with the client’s authentication identity is allowed to act as (or on behalf of) the authorization identity.

For example, an administrator or superuser might take on another role:

imap.authenticate "PLAIN", "root", passwd, authzid: "user"
username[R]

Authorization identity: an identity to act as or on behalf of. The identity form is application protocol specific. If not provided or left blank, the server derives an authorization identity from the authentication identity. The server is responsible for verifying the client’s credentials and verifying that the identity it associates with the client’s authentication identity is allowed to act as (or on behalf of) the authorization identity.

For example, an administrator or superuser might take on another role:

imap.authenticate "PLAIN", "root", passwd, authzid: "user"

Public Class Methods

new(authzid: nil, **) → authenticator click to toggle source
new(username: nil, **) → authenticator
new(username = nil, **) → authenticator

Creates an Authenticator for the “EXTERNALSASL mechanism, as specified in RFC-4422. To use this, see Net::IMAP#authenticate or your client’s authentication method.

Parameters

  • optional authzid ― Authorization identity to act as or on behalf of.

    optional username ― An alias for authzid.

    Note that, unlike some other authenticators, username sets the authorization identity and not the authentication identity. The authentication identity is established for the client by the external credentials.

Any other keyword parameters are quietly ignored.

# File lib/net/imap/sasl/external_authenticator.rb, line 52
def initialize(user = nil, authzid: nil, username: nil, **)
  authzid ||= username || user
  @authzid = authzid&.to_str&.encode "UTF-8"
  if @authzid&.match?(/\u0000/u) # also validates UTF8 encoding
    raise ArgumentError, "contains NULL"
  end
  @done = false
end

Public Instance Methods

done? click to toggle source

Returns true when the initial client response was sent.

The authentication should not succeed unless this returns true, but it does not indicate success.

# File lib/net/imap/sasl/external_authenticator.rb, line 78
def done?; @done end
initial_response? → true click to toggle source

EXTERNAL can send an initial client response.

# File lib/net/imap/sasl/external_authenticator.rb, line 65
def initial_response?; true end
process(_) click to toggle source

Returns authzid, or an empty string if there is no authzid.

# File lib/net/imap/sasl/external_authenticator.rb, line 68
def process(_)
  authzid || ""
ensure
  @done = true
end