Class: Authlete::Api
Instance Attribute Summary collapse
-
#extra_headers ⇒ Object
Returns the value of attribute extra_headers.
-
#host ⇒ Object
Returns the value of attribute host.
-
#service_api_key ⇒ Object
Returns the value of attribute service_api_key.
-
#service_api_secret ⇒ Object
Returns the value of attribute service_api_secret.
-
#service_owner_api_key ⇒ Object
Returns the value of attribute service_owner_api_key.
-
#service_owner_api_secret ⇒ Object
Returns the value of attribute service_owner_api_secret.
Instance Method Summary collapse
- #authorization(request) ⇒ Object
- #authorization_fail(request) ⇒ Object
- #authorization_issue(request) ⇒ Object
- #backchannel_authentication(request) ⇒ Object
- #backchannel_authentication_complete(request) ⇒ Object
- #backchannel_authentication_fail(request) ⇒ Object
- #backchannel_authentication_issue(request) ⇒ Object
- #client_create(client) ⇒ Object
- #client_delete(client_id) ⇒ Object
- #client_get(client_id) ⇒ Object
- #client_get_list(params = nil) ⇒ Object
- #client_update(client) ⇒ Object
- #delete_client_authorization(client_id, subject) ⇒ Object
- #delete_granted_scopes(client_id, subject) ⇒ Object
- #delete_requestable_scopes(client_id) ⇒ Object
- #device_authorization(request) ⇒ Object
- #device_complete(request) ⇒ Object
- #device_verification(request) ⇒ Object
- #dynamic_client_delete(request) ⇒ Object
- #dynamic_client_get(request) ⇒ Object
- #dynamic_client_register(request) ⇒ Object
- #dynamic_client_update(request) ⇒ Object
- #emit_rack_error_message(request, message) ⇒ Object
- #get_client_authorization_list(request) ⇒ Object
- #get_granted_scopes(client_id, subject) ⇒ Object
- #get_requestable_scopes(client_id) ⇒ Object
- #get_service_configuration(params = nil) ⇒ Object
- #get_service_jwks(params = nil) ⇒ Object
- #get_token_list(params = nil) ⇒ Object
- #introspection(request) ⇒ Object
-
#protect_resource(request, scopes = nil, subject = nil) ⇒ Object
Ensure that the request contains a valid access token.
- #push_authorization_request(request) ⇒ Object
- #refresh_client_secret(client_identifier) ⇒ Object
- #revocation(request) ⇒ Object
- #service_create(service) ⇒ Object
- #service_delete(api_key) ⇒ Object
- #service_get(api_key) ⇒ Object
- #service_get_list(params = nil) ⇒ Object
- #service_update(api_key, service) ⇒ Object
- #serviceowner_get_self ⇒ Object
- #set_requestable_scopes(client_id, scopes) ⇒ Object
- #standard_introspection(request) ⇒ Object
- #token(request) ⇒ Object
- #token_create(request) ⇒ Object
- #token_fail(request) ⇒ Object
- #token_issue(request) ⇒ Object
- #token_update(request) ⇒ Object
- #update_client_authorization(client_id, request) ⇒ Object
- #update_client_secret(client_identifier, client_secret) ⇒ Object
- #user_info(request) ⇒ Object
- #user_info_issue(request) ⇒ Object
Methods included from Utility
#extract_access_token, #get_parsed_array, #to_rack_response_json, #to_rack_response_www_authenticate
Instance Attribute Details
#extra_headers ⇒ Object
Returns the value of attribute extra_headers.
32 33 34 |
# File 'lib/authlete/api.rb', line 32 def extra_headers @extra_headers end |
#host ⇒ Object
Returns the value of attribute host.
27 28 29 |
# File 'lib/authlete/api.rb', line 27 def host @host end |
#service_api_key ⇒ Object
Returns the value of attribute service_api_key.
30 31 32 |
# File 'lib/authlete/api.rb', line 30 def service_api_key @service_api_key end |
#service_api_secret ⇒ Object
Returns the value of attribute service_api_secret.
31 32 33 |
# File 'lib/authlete/api.rb', line 31 def service_api_secret @service_api_secret end |
#service_owner_api_key ⇒ Object
Returns the value of attribute service_owner_api_key.
28 29 30 |
# File 'lib/authlete/api.rb', line 28 def service_owner_api_key @service_owner_api_key end |
#service_owner_api_secret ⇒ Object
Returns the value of attribute service_owner_api_secret.
29 30 31 |
# File 'lib/authlete/api.rb', line 29 def service_owner_api_secret @service_owner_api_secret end |
Instance Method Details
#authorization(request) ⇒ Object
184 185 186 187 188 |
# File 'lib/authlete/api.rb', line 184 def (request) hash = call_api_json_service("/api/auth/authorization", to_hash(request)) Authlete::Model::Response::AuthorizationResponse.new(hash) end |
#authorization_fail(request) ⇒ Object
196 197 198 199 200 |
# File 'lib/authlete/api.rb', line 196 def (request) hash = call_api_json_service("/api/auth/authorization/fail", to_hash(request)) Authlete::Model::Response::AuthorizationFailResponse.new(hash) end |
#authorization_issue(request) ⇒ Object
190 191 192 193 194 |
# File 'lib/authlete/api.rb', line 190 def (request) hash = call_api_json_service("/api/auth/authorization/issue", to_hash(request)) Authlete::Model::Response::AuthorizationIssueResponse.new(hash) end |
#backchannel_authentication(request) ⇒ Object
422 423 424 425 426 |
# File 'lib/authlete/api.rb', line 422 def backchannel_authentication(request) hash = call_api_json_service("/api/backchannel/authentication", to_hash(request)) Authlete::Model::Response::BackchannelAuthenticationResponse.new(hash) end |
#backchannel_authentication_complete(request) ⇒ Object
440 441 442 443 444 |
# File 'lib/authlete/api.rb', line 440 def backchannel_authentication_complete(request) hash = call_api_json_service("/api/backchannel/authentication/complete", to_hash(request)) Authlete::Model::Response::BackchannelAuthenticationCompleteResponse.new(hash) end |
#backchannel_authentication_fail(request) ⇒ Object
434 435 436 437 438 |
# File 'lib/authlete/api.rb', line 434 def backchannel_authentication_fail(request) hash = call_api_json_service("/api/backchannel/authentication/fail", to_hash(request)) Authlete::Model::Response::BackchannelAuthenticationFailResponse.new(hash) end |
#backchannel_authentication_issue(request) ⇒ Object
428 429 430 431 432 |
# File 'lib/authlete/api.rb', line 428 def backchannel_authentication_issue(request) hash = call_api_json_service("/api/backchannel/authentication/issue", to_hash(request)) Authlete::Model::Response::BackchannelAuthenticationIssueResponse.new(hash) end |
#client_create(client) ⇒ Object
254 255 256 257 258 |
# File 'lib/authlete/api.rb', line 254 def client_create(client) hash = call_api_json_service("/api/client/create", to_hash(client)) Authlete::Model::Client.new(hash) end |
#client_delete(client_id) ⇒ Object
260 261 262 |
# File 'lib/authlete/api.rb', line 260 def client_delete(client_id) call_api_service(:delete, "/api/client/delete/#{client_id}", nil, nil) end |
#client_get(client_id) ⇒ Object
264 265 266 267 268 |
# File 'lib/authlete/api.rb', line 264 def client_get(client_id) hash = call_api_service(:get, "/api/client/get/#{client_id}", nil, nil) Authlete::Model::Client.new(hash) end |
#client_get_list(params = nil) ⇒ Object
270 271 272 273 274 |
# File 'lib/authlete/api.rb', line 270 def client_get_list(params = nil) hash = call_api_service(:get, "/api/client/get/list#{to_query(params)}", nil, nil) Authlete::Model::Response::ClientListResponse.new(hash) end |
#client_update(client) ⇒ Object
276 277 278 279 280 |
# File 'lib/authlete/api.rb', line 276 def client_update(client) hash = call_api_json_service("/api/client/update/#{client.clientId}", to_hash(client)) Authlete::Model::Client.new(hash) end |
#delete_client_authorization(client_id, subject) ⇒ Object
306 307 308 309 310 |
# File 'lib/authlete/api.rb', line 306 def (client_id, subject) request = Authlete::Model::Request::ClientAuthorizationDeleteRequest.new(subject: subject) call_api_json_service("/api/client/authorization/delete/#{client_id}", request.to_hash) end |
#delete_granted_scopes(client_id, subject) ⇒ Object
376 377 378 379 380 |
# File 'lib/authlete/api.rb', line 376 def delete_granted_scopes(client_id, subject) request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject) call_api_json_service("/api/client/granted_scopes/delete/#{client_id}", to_hash(request)) end |
#delete_requestable_scopes(client_id) ⇒ Object
394 395 396 |
# File 'lib/authlete/api.rb', line 394 def delete_requestable_scopes(client_id) call_api_service(:delete, "/api/client/extension/requestable_scopes/delete/#{client_id}", nil, nil) end |
#device_authorization(request) ⇒ Object
446 447 448 449 450 |
# File 'lib/authlete/api.rb', line 446 def (request) hash = call_api_json_service("/api/device/authorization", to_hash(request)) Authlete::Model::Response::DeviceAuthorizationResponse.new(hash) end |
#device_complete(request) ⇒ Object
452 453 454 455 456 |
# File 'lib/authlete/api.rb', line 452 def device_complete(request) hash = call_api_json_service("/api/device/complete", to_hash(request)) Authlete::Model::Response::DeviceCompleteResponse.new(hash) end |
#device_verification(request) ⇒ Object
458 459 460 461 462 |
# File 'lib/authlete/api.rb', line 458 def device_verification(request) hash = call_api_json_service("/api/device/verification", to_hash(request)) Authlete::Model::Response::DeviceVerificationResponse.new(hash) end |
#dynamic_client_delete(request) ⇒ Object
416 417 418 419 420 |
# File 'lib/authlete/api.rb', line 416 def dynamic_client_delete(request) hash = call_api_json_service("/api/client/registration/delete", to_hash(request)) Authlete::Model::Response::ClientRegistrationResponse.new(hash) end |
#dynamic_client_get(request) ⇒ Object
404 405 406 407 408 |
# File 'lib/authlete/api.rb', line 404 def dynamic_client_get(request) hash = call_api_json_service("/api/client/registration/get", to_hash(request)) Authlete::Model::Response::ClientRegistrationResponse.new(hash) end |
#dynamic_client_register(request) ⇒ Object
398 399 400 401 402 |
# File 'lib/authlete/api.rb', line 398 def dynamic_client_register(request) hash = call_api_json_service("/api/client/registration", to_hash(request)) Authlete::Model::Response::ClientRegistrationResponse.new(hash) end |
#dynamic_client_update(request) ⇒ Object
410 411 412 413 414 |
# File 'lib/authlete/api.rb', line 410 def dynamic_client_update(request) hash = call_api_json_service("/api/client/registration/update", to_hash(request)) Authlete::Model::Response::ClientRegistrationResponse.new(hash) end |
#emit_rack_error_message(request, message) ⇒ Object
533 534 535 536 537 538 539 |
# File 'lib/authlete/api.rb', line 533 def (request, ) begin # Logging if possible. request.env['rack.errors'].write("ERROR: #{}\n") rescue => e end end |
#get_client_authorization_list(request) ⇒ Object
296 297 298 299 300 |
# File 'lib/authlete/api.rb', line 296 def (request) hash = call_api_json_service("/api/client/authorization/get/list", to_hash(request)) Authlete::Model::Response::AuthorizedClientListResponse.new(hash) end |
#get_granted_scopes(client_id, subject) ⇒ Object
368 369 370 371 372 373 374 |
# File 'lib/authlete/api.rb', line 368 def get_granted_scopes(client_id, subject) request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject) hash = call_api_json_service("/api/client/granted_scopes/get/#{client_id}", to_hash(request)) Authlete::Model::Response::GrantedScopesGetResponse.new(hash) end |
#get_requestable_scopes(client_id) ⇒ Object
382 383 384 385 386 |
# File 'lib/authlete/api.rb', line 382 def get_requestable_scopes(client_id) hash = call_api_service(:get, "/api/client/extension/requestable_scopes/get/#{client_id}", nil, nil) extract_requestable_scopes(hash) end |
#get_service_configuration(params = nil) ⇒ Object
346 347 348 |
# File 'lib/authlete/api.rb', line 346 def get_service_configuration(params = nil) call_api_service(:get, "/api/service/configuration#{to_query(params)}", nil, nil) end |
#get_service_jwks(params = nil) ⇒ Object
342 343 344 |
# File 'lib/authlete/api.rb', line 342 def get_service_jwks(params = nil) call_api_service(:get, "/api/service/jwks/get#{to_query(params)}", nil, nil) end |
#get_token_list(params = nil) ⇒ Object
362 363 364 365 366 |
# File 'lib/authlete/api.rb', line 362 def get_token_list(params = nil) hash = call_api_service(:get, "/api/auth/token/get/list#{to_query(params)}", nil, nil) Authlete::Model::Response::TokenListResponse.new(hash) end |
#introspection(request) ⇒ Object
312 313 314 315 316 |
# File 'lib/authlete/api.rb', line 312 def introspection(request) hash = call_api_json_service('/api/auth/introspection', to_hash(request)) Authlete::Model::Response::IntrospectionResponse.new(hash) end |
#protect_resource(request, scopes = nil, subject = nil) ⇒ Object
Ensure that the request contains a valid access token.
This method extracts an access token from the given request based on the rules described in RFC 6750 and introspects the access token by calling Authlete’s /api/auth/introspection API.
The first argument request
is a Rack request.
The second argument scopes
is an array of scope names required to access the target protected resource. This argument is optional.
The third argument subject
is a string which representing a subject which has to be associated with the access token. This argument is optional.
This method returns an instance of Authlete::Model::Response::IntrospectionResponse
. If its action
method returns ‘OK’, it means that the access token exists, has not expired, covers the requested scopes (if specified), and is associated with the requested subject (if specified). Otherwise, it means that the request does not contain any access token or that the access token does not satisfy the conditions to access the target protected resource.
492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 |
# File 'lib/authlete/api.rb', line 492 def protect_resource(request, scopes = nil, subject = nil) # Extract an access token from the request. access_token = extract_access_token(request) # If the request does not contain any access token. if access_token.nil? # The request does not contain a valid access token. return Authlete::Model::Response::IntrospectionResponse.new( action: 'BAD_REQUEST', responseContent: 'Bearer error="invalid_token",error_description="The request does not contain a valid access token."' ) end # Create a request for Authlete's /api/auth/introspection API. request = Authlete::Model::Request::IntrospectionRequest.new( token: access_token, scopes: scopes, subject: subject ) begin # Call Authlete's /api/auth/introspection API to introspect the access token. result = introspection(request) rescue => e # Error message. = ('/api/auth/introspection', e) # Emit a Rack error message. (request, ) # Failed to introspect the access token. return Authlete::Model::Response::IntrospectionResponse.new( action: 'INTERNAL_SERVER_ERROR', responseContent: "Bearer error=\"server_error\",error_description=\"#{}\"" ) end # Return the response from Authlete's /api/auth/introspection API. result end |
#push_authorization_request(request) ⇒ Object
464 465 466 467 468 |
# File 'lib/authlete/api.rb', line 464 def (request) hash = call_api_json_service("/api/pushed_auth_req", to_hash(request)) Authlete::Model::Response::PushedAuthReqResponse.new(hash) end |
#refresh_client_secret(client_identifier) ⇒ Object
282 283 284 285 286 |
# File 'lib/authlete/api.rb', line 282 def refresh_client_secret(client_identifier) hash = call_api_service(:get, "/api/client/secret/refresh/#{client_identifier}", nil, nil) Authlete::Model::Response::ClientSecretRefreshResponse.new(hash) end |
#revocation(request) ⇒ Object
324 325 326 327 328 |
# File 'lib/authlete/api.rb', line 324 def revocation(request) hash = call_api_json_service("/api/auth/revocation", to_hash(request)) Authlete::Model::Response::RevocationResponse.new(hash) end |
#service_create(service) ⇒ Object
220 221 222 223 224 |
# File 'lib/authlete/api.rb', line 220 def service_create(service) hash = call_api_json_service_owner("/api/service/create", to_hash(service)) Authlete::Model::Service.new(hash) end |
#service_delete(api_key) ⇒ Object
226 227 228 |
# File 'lib/authlete/api.rb', line 226 def service_delete(api_key) call_api_service_owner(:delete, "/api/service/delete/#{api_key}", nil, nil) end |
#service_get(api_key) ⇒ Object
230 231 232 233 234 |
# File 'lib/authlete/api.rb', line 230 def service_get(api_key) hash = call_api_service_owner(:get, "/api/service/get/#{api_key}", nil, nil) Authlete::Model::Service.new(hash) end |
#service_get_list(params = nil) ⇒ Object
236 237 238 239 240 |
# File 'lib/authlete/api.rb', line 236 def service_get_list(params = nil) hash = call_api_service_owner(:get, "/api/service/get/list#{to_query(params)}", nil, nil) Authlete::Model::Response::ServiceListResponse.new(hash) end |
#service_update(api_key, service) ⇒ Object
242 243 244 245 246 |
# File 'lib/authlete/api.rb', line 242 def service_update(api_key, service) hash = call_api_json_service_owner("/api/service/update/#{api_key}", to_hash(service)) Authlete::Model::Service.new(hash) end |
#serviceowner_get_self ⇒ Object
248 249 250 251 252 |
# File 'lib/authlete/api.rb', line 248 def serviceowner_get_self hash = call_api_service_owner(:get, "/api/serviceowner/get/self", nil, nil) Authlete::Model::ServiceOwner.new(hash) end |
#set_requestable_scopes(client_id, scopes) ⇒ Object
388 389 390 391 392 |
# File 'lib/authlete/api.rb', line 388 def set_requestable_scopes(client_id, scopes) hash = call_api_json_service("/api/client/extension/requestable_scopes/update/#{client_id}", { requestableScopes: scopes }) extract_requestable_scopes(hash) end |
#standard_introspection(request) ⇒ Object
318 319 320 321 322 |
# File 'lib/authlete/api.rb', line 318 def standard_introspection(request) hash = call_api_json_service('/api/auth/introspection/standard', to_hash(request)) Authlete::Model::Response::StandardIntrospectionResponse.new(hash) end |
#token(request) ⇒ Object
202 203 204 205 206 |
# File 'lib/authlete/api.rb', line 202 def token(request) hash = call_api_json_service("/api/auth/token", to_hash(request)) Authlete::Model::Response::TokenResponse.new(hash) end |
#token_create(request) ⇒ Object
350 351 352 353 354 |
# File 'lib/authlete/api.rb', line 350 def token_create(request) hash = call_api_json_service("/api/auth/token/create", to_hash(request)) Authlete::Model::Response::TokenCreateResponse.new(hash) end |
#token_fail(request) ⇒ Object
214 215 216 217 218 |
# File 'lib/authlete/api.rb', line 214 def token_fail(request) hash = call_api_json_service("/api/auth/token/fail", to_hash(request)) Authlete::Model::Response::TokenFailResponse.new(hash) end |
#token_issue(request) ⇒ Object
208 209 210 211 212 |
# File 'lib/authlete/api.rb', line 208 def token_issue(request) hash = call_api_json_service("/api/auth/token/issue", to_hash(request)) Authlete::Model::Response::TokenIssueResponse.new(hash) end |
#token_update(request) ⇒ Object
356 357 358 359 360 |
# File 'lib/authlete/api.rb', line 356 def token_update(request) hash = call_api_json_service("/api/auth/token/update", to_hash(request)) Authlete::Model::Response::TokenUpdateResponse.new(hash) end |
#update_client_authorization(client_id, request) ⇒ Object
302 303 304 |
# File 'lib/authlete/api.rb', line 302 def (client_id, request) call_api_json_service("/api/client/authorization/update/#{client_id}", to_hash(request)) end |
#update_client_secret(client_identifier, client_secret) ⇒ Object
288 289 290 291 292 293 294 |
# File 'lib/authlete/api.rb', line 288 def update_client_secret(client_identifier, client_secret) request = Authlete::Model::Request::ClientSecretUpdateRequest.new(clientSecret: client_secret) hash = call_api_json_service("/api/client/secret/update/#{client_identifier}", request.to_hash) Authlete::Model::Response::ClientSecretUpdateResponse.new(hash) end |
#user_info(request) ⇒ Object
330 331 332 333 334 |
# File 'lib/authlete/api.rb', line 330 def user_info(request) hash = call_api_json_service("/api/auth/userinfo", to_hash(request)) Authlete::Model::Response::UserInfoResponse.new(hash) end |
#user_info_issue(request) ⇒ Object
336 337 338 339 340 |
# File 'lib/authlete/api.rb', line 336 def user_info_issue(request) hash = call_api_json_service("/api/auth/userinfo/issue", to_hash(request)) Authlete::Model::Response::UserInfoIssueResponse.new(hash) end |