self_issued_device_token.rb

require 'openid_connect'

private_key = OpenSSL::PKey::RSA.generate(2048)

client = Rack::OAuth2::Client.new(
  identifier: 'client.example.com',
  host: 'server.example.com',
  redirect_uri: 'myapp://callback'
)

def client.server_root_uri
  absolute_uri_for ''
end

device_token_claims = OpenIDConnect::ResponseObject::IdToken.self_issued(
  iss: client.identifier,
  aud: client.server_root_uri,
  iat: Time.now,
  exp: 10.minutes.from_now,
  public_key: private_key.public_key
).as_json

device_token = JSON::JWT.new(device_token_claims).sign(private_key, :RS256)

authorization_request = client.authorization_uri(
  response_type: [:code, :token],
  scope: [:device_registration, :profile, :email],
  state: SecureRandom.hex(16),
  device_token: device_token.to_s
)
request_uri = URI.parse authorization_request

puts <<-OUTPUT
## JWT Payload
#{JSON.pretty_generate device_token.as_json}

## Authorization Request Params
#{JSON.pretty_generate Rack::Utils.parse_nested_query(request_uri.query)}

## Authorization Request URI
#{request_uri}
OUTPUT