Class: A2A::Client::Auth::Interceptor

Inherits:

Object

• Object
• A2A::Client::Auth::Interceptor

Defined in:

lib/a2a/client/auth/interceptor.rb

Instance Attribute Summary

• #auto_retry ⇒ Object readonly

  Returns the value of attribute auto_retry.

• #strategy ⇒ Object readonly

  Returns the value of attribute strategy.

Class Method Summary

• .from_config(config) ⇒ Interceptor

  Create interceptor from configuration.

• .from_security_scheme(scheme, credentials) ⇒ Interceptor

  Create interceptor from security scheme.

Instance Method Summary

• #apply_authentication(request) ⇒ Object

  Apply authentication to a request.

• #apply_config_authentication(request, config) ⇒ Object private

  Apply configuration-based authentication.

• #authentication_error?(response) ⇒ Boolean private

  Check if response indicates authentication error.

• #call(request, context, next_middleware) ⇒ Object

  Middleware call method for Faraday.

• #handle_auth_error_retry(request, context, next_middleware) ⇒ Object private

  Handle authentication error with retry.

• #initialize(strategy, auto_retry: true) ⇒ Interceptor constructor

  Initialize authentication interceptor.

• #refresh! ⇒ Boolean

  Refresh authentication credentials.

• #status ⇒ Hash

  Get current authentication status.

• #strategy_expires_at ⇒ Time^? private

  Get strategy expiration time.

• #strategy_valid? ⇒ Boolean private

  Check if the current strategy is valid.

• #supports_refresh? ⇒ Boolean

  Check if the strategy supports token refresh.

Constructor Details

#initialize(strategy, auto_retry: true) ⇒ Interceptor

Initialize authentication interceptor

Parameters:

• Authentication strategy (OAuth2, JWT, ApiKey, etc.)

• (defaults to: true)

  Whether to automatically retry on auth failures

# File 'lib/a2a/client/auth/interceptor.rb', line 25

def initialize(strategy, auto_retry: true)
  @strategy = strategy
  @auto_retry = auto_retry
  @retry_mutex = Mutex.new
end

Instance Attribute Details

#auto_retry ⇒ Object (readonly)

Returns the value of attribute auto_retry.

# File 'lib/a2a/client/auth/interceptor.rb', line 18

def auto_retry
  @auto_retry
end

#strategy ⇒ Object (readonly)

Returns the value of attribute strategy.

# File 'lib/a2a/client/auth/interceptor.rb', line 18

def strategy
  @strategy
end

Class Method Details

.from_config(config) ⇒ Interceptor

Create interceptor from configuration

Parameters:

• Authentication configuration

Returns:

• Configured interceptor

# File 'lib/a2a/client/auth/interceptor.rb', line 80

def self.from_config(config)
  strategy = case config["type"] || config[:type]
             when "oauth2"
               OAuth2.new(
                 client_id: config["client_id"] || config[:client_id],
                 client_secret: config["client_secret"] || config[:client_secret],
                 token_url: config["token_url"] || config[:token_url],
                 scope: config["scope"] || config[:scope]
               )
             when "jwt"
               JWT.new(
                 token: config["token"] || config[:token],
                 secret: config["secret"] || config[:secret],
                 algorithm: config["algorithm"] || config[:algorithm] || "HS256",
                 payload: config["payload"] || config[:payload],
                 headers: config["headers"] || config[:headers],
                 expires_in: config["expires_in"] || config[:expires_in]
               )
             when "api_key"
               ApiKey.new(
                 key: config["key"] || config[:key],
                 name: config["name"] || config[:name] || "X-API-Key",
                 location: config["location"] || config[:location] || "header"
               )
             else
               raise ArgumentError, "Unknown authentication type: #{config['type'] || config[:type]}"
             end

  new(strategy, auto_retry: config["auto_retry"] || config[:auto_retry] || true)
end

.from_security_scheme(scheme, credentials) ⇒ Interceptor

Create interceptor from security scheme

Parameters:

• Security scheme definition

• Authentication credentials

Returns:

• Configured interceptor

# File 'lib/a2a/client/auth/interceptor.rb', line 117

def self.from_security_scheme(scheme, credentials)
  strategy = case scheme["type"]
             when "oauth2"
               OAuth2.new(
                 client_id: credentials["client_id"],
                 client_secret: credentials["client_secret"],
                 token_url: scheme["tokenUrl"],
                 scope: credentials["scope"]
               )
             when "http"
               case scheme["scheme"]
               when "bearer"
                 JWT.new(token: credentials["token"])
               when "basic"
                 # Basic auth would be handled differently
                 raise ArgumentError, "Basic auth not yet implemented"
               else
                 raise ArgumentError, "Unsupported HTTP scheme: #{scheme['scheme']}"
               end
             when "apiKey"
               ApiKey.from_security_scheme(scheme, credentials["key"])
             else
               raise ArgumentError, "Unsupported security scheme type: #{scheme['type']}"
             end

  new(strategy)
end

Instance Method Details

#apply_authentication(request) ⇒ Object

Apply authentication to a request

Parameters:

• The request to authenticate

# File 'lib/a2a/client/auth/interceptor.rb', line 63

def apply_authentication(request)
  case @strategy
  when OAuth2, JWT, ApiKey
    @strategy.apply_to_request(request)
  when Hash
    # Handle configuration-based authentication
    apply_config_authentication(request, @strategy)
  else
    raise ArgumentError, "Unsupported authentication strategy: #{@strategy.class}"
  end
end

#apply_config_authentication(request, config) ⇒ Object (private)

Apply configuration-based authentication

Parameters:

• The request to authenticate

• Authentication configuration

# File 'lib/a2a/client/auth/interceptor.rb', line 192

def apply_config_authentication(request, config)
  case config["type"] || config[:type]
  when "bearer"
    request.headers["Authorization"] = "Bearer #{config['token'] || config[:token]}"
  when "basic"
    require "base64"
    username = config["username"] || config[:username]
    password = config["password"] || config[:password]
    credentials = Base64.strict_encode64("#{username}:#{password}")
    request.headers["Authorization"] = "Basic #{credentials}"
  when "api_key"
    name = config["name"] || config[:name] || "X-API-Key"
    key = config["key"] || config[:key]
    location = config["location"] || config[:location] || "header"

    case location
    when "header"
      request.headers[name] = key
    when "query"
      request.params[name] = key
    end
  end
end

#authentication_error?(response) ⇒ Boolean (private)

Check if response indicates authentication error

Parameters:

• The response to check

Returns:

• True if authentication error

# File 'lib/a2a/client/auth/interceptor.rb', line 221

def authentication_error?(response)
  # This would depend on the response format
  # For HTTP responses, check status codes
  return [401, 403].include?(response.status) if response.respond_to?(:status)

  # For JSON-RPC responses, check error codes
  if response.respond_to?(:[]) && response["error"]
    error_code = response["error"]["code"]
    return [A2A::Protocol::JsonRpc::AUTHENTICATION_REQUIRED, A2A::Protocol::JsonRpc::AUTHORIZATION_FAILED].include?(error_code)
  end

  false
end

#call(request, context, next_middleware) ⇒ Object

Middleware call method for Faraday

Parameters:

• The request object

• Request context

• Next middleware in chain

Returns:

• Response from next middleware

# File 'lib/a2a/client/auth/interceptor.rb', line 38

def call(request, context, next_middleware)
  # Apply authentication to the request
  apply_authentication(request)

  # Execute the request
  begin
    response = next_middleware.call(request, context)

    # Check for authentication errors and retry if configured
    if authentication_error?(response) && @auto_retry
      handle_auth_error_retry(request, context, next_middleware)
    else
      response
    end
  rescue A2A::Errors::AuthenticationError, A2A::Errors::AuthorizationFailed => e
    raise e unless @auto_retry

    handle_auth_error_retry(request, context, next_middleware)
  end
end

#handle_auth_error_retry(request, context, next_middleware) ⇒ Object (private)

Handle authentication error with retry

Parameters:

• The original request

• Request context

• Next middleware in chain

Returns:

• Response from retry attempt

Raises:

# File 'lib/a2a/client/auth/interceptor.rb', line 242

def handle_auth_error_retry(request, context, next_middleware)
  @retry_mutex.synchronize do
    # Try to refresh credentials
    if refresh!
      # Reapply authentication and retry
      apply_authentication(request)
      return next_middleware.call(request, context)
    end
  end

  # If refresh failed, raise the original error
  raise A2A::Errors::AuthenticationError, "Authentication failed and refresh unsuccessful"
end

#refresh! ⇒ Boolean

Refresh authentication credentials

Returns:

• True if refresh was successful

# File 'lib/a2a/client/auth/interceptor.rb', line 157

def refresh!
  return false unless supports_refresh?

  begin
    if @strategy.respond_to?(:refresh_token!)
      @strategy.refresh_token!
    elsif @strategy.respond_to?(:regenerate_token!)
      @strategy.regenerate_token!
    end
    true
  rescue StandardError
    false
  end
end

#status ⇒ Hash

Get current authentication status

Returns:

• Status information

# File 'lib/a2a/client/auth/interceptor.rb', line 176

def status
  {
    strategy: @strategy.class.name,
    valid: strategy_valid?,
    supports_refresh: supports_refresh?,
    expires_at: strategy_expires_at
  }
end

#strategy_expires_at ⇒ Time^? (private)

Get strategy expiration time

Returns:

• Expiration time if available

# File 'lib/a2a/client/auth/interceptor.rb', line 277

def strategy_expires_at
  case @strategy
  when OAuth2
    @strategy.expires_at
  when JWT
    @strategy.expires_at
  end
end

#strategy_valid? ⇒ Boolean (private)

Check if the current strategy is valid

Returns:

• True if strategy is valid

# File 'lib/a2a/client/auth/interceptor.rb', line 260

def strategy_valid?
  case @strategy
  when OAuth2
    @strategy.token_valid?
  when JWT
    !@strategy.token_expired?
  when ApiKey
    @strategy.valid?
  else
    true # Assume valid for unknown strategies
  end
end

#supports_refresh? ⇒ Boolean

Check if the strategy supports token refresh

Returns:

• True if strategy supports refresh

# File 'lib/a2a/client/auth/interceptor.rb', line 149

def supports_refresh?
  @strategy.respond_to?(:refresh_token!) || @strategy.respond_to?(:regenerate_token!)
end