Class: Authlete::Api

Inherits:
Object
  • Object
show all
Includes:
Utility
Defined in:
lib/authlete/api.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Utility

#extract_access_token, #get_parsed_array, #to_rack_response_json, #to_rack_response_www_authenticate

Instance Attribute Details

#extra_headersObject

Returns the value of attribute extra_headers.



32
33
34
 
# File 'lib/authlete/api.rb', line 32

def extra_headers
  @extra_headers
end

#hostObject

Returns the value of attribute host.



27
28
29
 
# File 'lib/authlete/api.rb', line 27

def host
  @host
end

#service_api_keyObject

Returns the value of attribute service_api_key.



30
31
32
 
# File 'lib/authlete/api.rb', line 30

def service_api_key
  @service_api_key
end

#service_api_secretObject

Returns the value of attribute service_api_secret.



31
32
33
 
# File 'lib/authlete/api.rb', line 31

def service_api_secret
  @service_api_secret
end

#service_owner_api_keyObject

Returns the value of attribute service_owner_api_key.



28
29
30
 
# File 'lib/authlete/api.rb', line 28

def service_owner_api_key
  @service_owner_api_key
end

#service_owner_api_secretObject

Returns the value of attribute service_owner_api_secret.



29
30
31
 
# File 'lib/authlete/api.rb', line 29

def service_owner_api_secret
  @service_owner_api_secret
end

Instance Method Details

#authorization(request) ⇒ Object 



184
185
186
187
188
 
# File 'lib/authlete/api.rb', line 184

def authorization(request)
  hash = call_api_json_service("/api/auth/authorization", to_hash(request))

  Authlete::Model::Response::AuthorizationResponse.new(hash)
end

#authorization_fail(request) ⇒ Object 



196
197
198
199
200
 
# File 'lib/authlete/api.rb', line 196

def authorization_fail(request)
  hash = call_api_json_service("/api/auth/authorization/fail", to_hash(request))

  Authlete::Model::Response::AuthorizationFailResponse.new(hash)
end

#authorization_issue(request) ⇒ Object 



190
191
192
193
194
 
# File 'lib/authlete/api.rb', line 190

def authorization_issue(request)
  hash = call_api_json_service("/api/auth/authorization/issue", to_hash(request))

  Authlete::Model::Response::AuthorizationIssueResponse.new(hash)
end

#backchannel_authentication(request) ⇒ Object 



428
429
430
431
432
 
# File 'lib/authlete/api.rb', line 428

def backchannel_authentication(request)
  hash = call_api_json_service("/api/backchannel/authentication", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationResponse.new(hash)
end

#backchannel_authentication_complete(request) ⇒ Object 



446
447
448
449
450
 
# File 'lib/authlete/api.rb', line 446

def backchannel_authentication_complete(request)
  hash = call_api_json_service("/api/backchannel/authentication/complete", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationCompleteResponse.new(hash)
end

#backchannel_authentication_fail(request) ⇒ Object 



440
441
442
443
444
 
# File 'lib/authlete/api.rb', line 440

def backchannel_authentication_fail(request)
  hash = call_api_json_service("/api/backchannel/authentication/fail", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationFailResponse.new(hash)
end

#backchannel_authentication_issue(request) ⇒ Object 



434
435
436
437
438
 
# File 'lib/authlete/api.rb', line 434

def backchannel_authentication_issue(request)
  hash = call_api_json_service("/api/backchannel/authentication/issue", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationIssueResponse.new(hash)
end

#client_create(client) ⇒ Object 



260
261
262
263
264
 
# File 'lib/authlete/api.rb', line 260

def client_create(client)
  hash = call_api_json_service("/api/client/create", to_hash(client))

  Authlete::Model::Client.new(hash)
end

#client_delete(client_id) ⇒ Object 



266
267
268
 
# File 'lib/authlete/api.rb', line 266

def client_delete(client_id)
  call_api_service(:delete, "/api/client/delete/#{client_id}", nil, nil)
end

#client_get(client_id) ⇒ Object 



270
271
272
273
274
 
# File 'lib/authlete/api.rb', line 270

def client_get(client_id)
  hash = call_api_service(:get, "/api/client/get/#{client_id}", nil, nil)

  Authlete::Model::Client.new(hash)
end

#client_get_list(params = nil) ⇒ Object 



276
277
278
279
280
 
# File 'lib/authlete/api.rb', line 276

def client_get_list(params = nil)
  hash = call_api_service(:get, "/api/client/get/list#{to_query(params)}", nil, nil)

  Authlete::Model::Response::ClientListResponse.new(hash)
end

#client_update(client) ⇒ Object 



282
283
284
285
286
 
# File 'lib/authlete/api.rb', line 282

def client_update(client)
  hash = call_api_json_service("/api/client/update/#{client.clientId}", to_hash(client))

  Authlete::Model::Client.new(hash)
end

#delete_client_authorization(client_id, subject) ⇒ Object 



312
313
314
315
316
 
# File 'lib/authlete/api.rb', line 312

def delete_client_authorization(client_id, subject)
  request = Authlete::Model::Request::ClientAuthorizationDeleteRequest.new(subject: subject)

  call_api_json_service("/api/client/authorization/delete/#{client_id}", request.to_hash)
end

#delete_granted_scopes(client_id, subject) ⇒ Object 



382
383
384
385
386
 
# File 'lib/authlete/api.rb', line 382

def delete_granted_scopes(client_id, subject)
  request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject)

  call_api_json_service("/api/client/granted_scopes/delete/#{client_id}", to_hash(request))
end

#delete_requestable_scopes(client_id) ⇒ Object 



400
401
402
 
# File 'lib/authlete/api.rb', line 400

def delete_requestable_scopes(client_id)
  call_api_service(:delete, "/api/client/extension/requestable_scopes/delete/#{client_id}", nil, nil)
end

#device_authorization(request) ⇒ Object 



452
453
454
455
456
 
# File 'lib/authlete/api.rb', line 452

def device_authorization(request)
  hash = call_api_json_service("/api/device/authorization", to_hash(request))

  Authlete::Model::Response::DeviceAuthorizationResponse.new(hash)
end

#device_complete(request) ⇒ Object 



458
459
460
461
462
 
# File 'lib/authlete/api.rb', line 458

def device_complete(request)
  hash = call_api_json_service("/api/device/complete", to_hash(request))

  Authlete::Model::Response::DeviceCompleteResponse.new(hash)
end

#device_verification(request) ⇒ Object 



464
465
466
467
468
 
# File 'lib/authlete/api.rb', line 464

def device_verification(request)
  hash = call_api_json_service("/api/device/verification", to_hash(request))

  Authlete::Model::Response::DeviceVerificationResponse.new(hash)
end

#dynamic_client_delete(request) ⇒ Object 



422
423
424
425
426
 
# File 'lib/authlete/api.rb', line 422

def dynamic_client_delete(request)
  hash = call_api_json_service("/api/client/registration/delete", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end

#dynamic_client_get(request) ⇒ Object 



410
411
412
413
414
 
# File 'lib/authlete/api.rb', line 410

def dynamic_client_get(request)
  hash = call_api_json_service("/api/client/registration/get", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end

#dynamic_client_register(request) ⇒ Object 



404
405
406
407
408
 
# File 'lib/authlete/api.rb', line 404

def dynamic_client_register(request)
  hash = call_api_json_service("/api/client/registration", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end

#dynamic_client_update(request) ⇒ Object 



416
417
418
419
420
 
# File 'lib/authlete/api.rb', line 416

def dynamic_client_update(request)
  hash = call_api_json_service("/api/client/registration/update", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end

#emit_rack_error_message(request, message) ⇒ Object 



539
540
541
542
543
544
545
 
# File 'lib/authlete/api.rb', line 539

def emit_rack_error_message(request, message)
  begin
    # Logging if possible.
    request.env['rack.errors'].write("ERROR: #{message}\n")
  rescue => e
  end
end

#get_client_authorization_list(request) ⇒ Object 



302
303
304
305
306
 
# File 'lib/authlete/api.rb', line 302

def get_client_authorization_list(request)
  hash = call_api_json_service("/api/client/authorization/get/list", to_hash(request))

  Authlete::Model::Response::AuthorizedClientListResponse.new(hash)
end

#get_granted_scopes(client_id, subject) ⇒ Object 



374
375
376
377
378
379
380
 
# File 'lib/authlete/api.rb', line 374

def get_granted_scopes(client_id, subject)
  request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject)

  hash = call_api_json_service("/api/client/granted_scopes/get/#{client_id}", to_hash(request))

  Authlete::Model::Response::GrantedScopesGetResponse.new(hash)
end

#get_requestable_scopes(client_id) ⇒ Object 



388
389
390
391
392
 
# File 'lib/authlete/api.rb', line 388

def get_requestable_scopes(client_id)
  hash = call_api_service(:get, "/api/client/extension/requestable_scopes/get/#{client_id}", nil, nil)

  extract_requestable_scopes(hash)
end

#get_service_configuration(params = nil) ⇒ Object 



352
353
354
 
# File 'lib/authlete/api.rb', line 352

def get_service_configuration(params = nil)
  call_api_service(:get, "/api/service/configuration#{to_query(params)}", nil, nil)
end

#get_service_jwks(params = nil) ⇒ Object 



348
349
350
 
# File 'lib/authlete/api.rb', line 348

def get_service_jwks(params = nil)
  call_api_service(:get, "/api/service/jwks/get#{to_query(params)}", nil, nil)
end

#get_token_list(params = nil) ⇒ Object 



368
369
370
371
372
 
# File 'lib/authlete/api.rb', line 368

def get_token_list(params = nil)
  hash = call_api_service(:get, "/api/auth/token/get/list#{to_query(params)}", nil, nil)

  Authlete::Model::Response::TokenListResponse.new(hash)
end

#introspection(request) ⇒ Object 



318
319
320
321
322
 
# File 'lib/authlete/api.rb', line 318

def introspection(request)
  hash = call_api_json_service('/api/auth/introspection', to_hash(request))

  Authlete::Model::Response::IntrospectionResponse.new(hash)
end

#protect_resource(request, scopes = nil, subject = nil) ⇒ Object

Ensure that the request contains a valid access token.

This method extracts an access token from the given request based on the rules described in RFC 6750 and introspects the access token by calling Authlete’s /api/auth/introspection API.

The first argument request is a Rack request.

The second argument scopes is an array of scope names required to access the target protected resource. This argument is optional.

The third argument subject is a string which representing a subject which has to be associated with the access token. This argument is optional.

This method returns an instance of Authlete::Model::Response::IntrospectionResponse. If its action method returns ‘OK’, it means that the access token exists, has not expired, covers the requested scopes (if specified), and is associated with the requested subject (if specified). Otherwise, it means that the request does not contain any access token or that the access token does not satisfy the conditions to access the target protected resource.



498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
 
# File 'lib/authlete/api.rb', line 498

def protect_resource(request, scopes = nil, subject = nil)
  # Extract an access token from the request.
  access_token = extract_access_token(request)

  # If the request does not contain any access token.
  if access_token.nil?
    # The request does not contain a valid access token.
    return Authlete::Model::Response::IntrospectionResponse.new(
      action:          'BAD_REQUEST',
      responseContent: 'Bearer error="invalid_token",error_description="The request does not contain a valid access token."'
    )
  end

  # Create a request for Authlete's /api/auth/introspection API.
  request = Authlete::Model::Request::IntrospectionRequest.new(
    token:   access_token,
    scopes:  scopes,
    subject: subject
  )

  begin
    # Call Authlete's /api/auth/introspection API to introspect the access token.
    result = introspection(request)
  rescue => e
    # Error message.
    message = build_error_message('/api/auth/introspection', e)

    # Emit a Rack error message.
    emit_rack_error_message(request, message)

    # Failed to introspect the access token.
    return Authlete::Model::Response::IntrospectionResponse.new(
      action:          'INTERNAL_SERVER_ERROR',
      responseContent: "Bearer error=\"server_error\",error_description=\"#{message}\""
    )
  end

  # Return the response from Authlete's /api/auth/introspection API.
  result
end

#push_authorization_request(request) ⇒ Object 



470
471
472
473
474
 
# File 'lib/authlete/api.rb', line 470

def push_authorization_request(request)
  hash = call_api_json_service("/api/pushed_auth_req", to_hash(request))

  Authlete::Model::Response::PushedAuthReqResponse.new(hash)
end

#refresh_client_secret(client_identifier) ⇒ Object 



288
289
290
291
292
 
# File 'lib/authlete/api.rb', line 288

def refresh_client_secret(client_identifier)
  hash = call_api_service(:get, "/api/client/secret/refresh/#{client_identifier}", nil, nil)

  Authlete::Model::Response::ClientSecretRefreshResponse.new(hash)
end

#revocation(request) ⇒ Object 



330
331
332
333
334
 
# File 'lib/authlete/api.rb', line 330

def revocation(request)
  hash = call_api_json_service("/api/auth/revocation", to_hash(request))

  Authlete::Model::Response::RevocationResponse.new(hash)
end

#service_create(service) ⇒ Object 



226
227
228
229
230
 
# File 'lib/authlete/api.rb', line 226

def service_create(service)
  hash = call_api_json_service_owner("/api/service/create", to_hash(service))

  Authlete::Model::Service.new(hash)
end

#service_delete(api_key) ⇒ Object 



232
233
234
 
# File 'lib/authlete/api.rb', line 232

def service_delete(api_key)
  call_api_service_owner(:delete, "/api/service/delete/#{api_key}", nil, nil)
end

#service_get(api_key) ⇒ Object 



236
237
238
239
240
 
# File 'lib/authlete/api.rb', line 236

def service_get(api_key)
  hash = call_api_service_owner(:get, "/api/service/get/#{api_key}", nil, nil)

  Authlete::Model::Service.new(hash)
end

#service_get_list(params = nil) ⇒ Object 



242
243
244
245
246
 
# File 'lib/authlete/api.rb', line 242

def service_get_list(params = nil)
  hash = call_api_service_owner(:get, "/api/service/get/list#{to_query(params)}", nil, nil)

  Authlete::Model::Response::ServiceListResponse.new(hash)
end

#service_update(api_key, service) ⇒ Object 



248
249
250
251
252
 
# File 'lib/authlete/api.rb', line 248

def service_update(api_key, service)
  hash = call_api_json_service_owner("/api/service/update/#{api_key}", to_hash(service))

  Authlete::Model::Service.new(hash)
end

#serviceowner_get_selfObject 



254
255
256
257
258
 
# File 'lib/authlete/api.rb', line 254

def serviceowner_get_self
  hash = call_api_service_owner(:get, "/api/serviceowner/get/self", nil, nil)

  Authlete::Model::ServiceOwner.new(hash)
end

#set_requestable_scopes(client_id, scopes) ⇒ Object 



394
395
396
397
398
 
# File 'lib/authlete/api.rb', line 394

def set_requestable_scopes(client_id, scopes)
  hash = call_api_json_service("/api/client/extension/requestable_scopes/update/#{client_id}", { requestableScopes: scopes })

  extract_requestable_scopes(hash)
end

#standard_introspection(request) ⇒ Object 



324
325
326
327
328
 
# File 'lib/authlete/api.rb', line 324

def standard_introspection(request)
  hash = call_api_json_service('/api/auth/introspection/standard', to_hash(request))

  Authlete::Model::Response::StandardIntrospectionResponse.new(hash)
end

#token(request) ⇒ Object 



202
203
204
205
206
 
# File 'lib/authlete/api.rb', line 202

def token(request)
  hash = call_api_json_service("/api/auth/token", to_hash(request))

  Authlete::Model::Response::TokenResponse.new(hash)
end

#token_create(request) ⇒ Object 



356
357
358
359
360
 
# File 'lib/authlete/api.rb', line 356

def token_create(request)
  hash = call_api_json_service("/api/auth/token/create", to_hash(request))

  Authlete::Model::Response::TokenCreateResponse.new(hash)
end

#token_fail(request) ⇒ Object 



214
215
216
217
218
 
# File 'lib/authlete/api.rb', line 214

def token_fail(request)
  hash = call_api_json_service("/api/auth/token/fail", to_hash(request))

  Authlete::Model::Response::TokenFailResponse.new(hash)
end

#token_issue(request) ⇒ Object 



208
209
210
211
212
 
# File 'lib/authlete/api.rb', line 208

def token_issue(request)
  hash = call_api_json_service("/api/auth/token/issue", to_hash(request))

  Authlete::Model::Response::TokenIssueResponse.new(hash)
end

#token_revoke(request) ⇒ Object 



220
221
222
223
224
 
# File 'lib/authlete/api.rb', line 220

def token_revoke(request)
  hash = call_api_json_service("/api/auth/token/revoke", to_hash(request))

  Authlete::Model::Response::TokenRevokeResponse.new(hash)
end

#token_update(request) ⇒ Object 



362
363
364
365
366
 
# File 'lib/authlete/api.rb', line 362

def token_update(request)
  hash = call_api_json_service("/api/auth/token/update", to_hash(request))

  Authlete::Model::Response::TokenUpdateResponse.new(hash)
end

#update_client_authorization(client_id, request) ⇒ Object 



308
309
310
 
# File 'lib/authlete/api.rb', line 308

def update_client_authorization(client_id, request)
  call_api_json_service("/api/client/authorization/update/#{client_id}", to_hash(request))
end

#update_client_secret(client_identifier, client_secret) ⇒ Object 



294
295
296
297
298
299
300
 
# File 'lib/authlete/api.rb', line 294

def update_client_secret(client_identifier, client_secret)
  request = Authlete::Model::Request::ClientSecretUpdateRequest.new(clientSecret: client_secret)

  hash = call_api_json_service("/api/client/secret/update/#{client_identifier}", request.to_hash)

  Authlete::Model::Response::ClientSecretUpdateResponse.new(hash)
end

#user_info(request) ⇒ Object 



336
337
338
339
340
 
# File 'lib/authlete/api.rb', line 336

def (request)
  hash = call_api_json_service("/api/auth/userinfo", to_hash(request))

  Authlete::Model::Response::UserInfoResponse.new(hash)
end

#user_info_issue(request) ⇒ Object 



342
343
344
345
346
 
# File 'lib/authlete/api.rb', line 342

def (request)
  hash = call_api_json_service("/api/auth/userinfo/issue", to_hash(request))

  Authlete::Model::Response::UserInfoIssueResponse.new(hash)
end