Module: SMARTAppLaunch::TokenPayloadValidation

Included in:

OpenIDTokenPayloadTest, TokenRefreshBodyTest, TokenRefreshTest, TokenResponseBodyTest

Defined in:

lib/smart_app_launch/token_payload_validation.rb

Constant Summary

STRING_FIELDS =

['access_token', 'token_type', 'scope', 'refresh_token'].freeze

NUMERIC_FIELDS =

['expires_in'].freeze

Instance Method Summary

• #check_for_missing_scopes(requested_scopes, body) ⇒ Object
• #validate_required_fields_present(body, required_fields) ⇒ Object
• #validate_scope_subset(received_scopes, original_scopes) ⇒ Object
• #validate_token_field_types(body) ⇒ Object
• #validate_token_type(body) ⇒ Object

Instance Method Details

#check_for_missing_scopes(requested_scopes, body) ⇒ Object

# File 'lib/smart_app_launch/token_payload_validation.rb', line 17

def check_for_missing_scopes(requested_scopes, body)
  expected_scopes = requested_scopes.split
  new_scopes = body['scope'].split
  missing_scopes = expected_scopes - new_scopes

  warning do
    missing_scopes_string = missing_scopes.map { |scope| "`#{scope}`" }.join(', ')
    assert missing_scopes.empty?, %(
      Token exchange response did not include all requested scopes.
      These may have been denied by user: #{missing_scopes_string}.
    )
  end
end

#validate_required_fields_present(body, required_fields) ⇒ Object

# File 'lib/smart_app_launch/token_payload_validation.rb', line 6

def validate_required_fields_present(body, required_fields)
  missing_fields = required_fields.select { |field| body[field].blank? }
  missing_fields_string = missing_fields.map { |field| "`#{field}`" }.join(', ')
  assert missing_fields.empty?,
         "Token exchange response did not include all required fields: #{missing_fields_string}."
end

#validate_scope_subset(received_scopes, original_scopes) ⇒ Object

# File 'lib/smart_app_launch/token_payload_validation.rb', line 31

def validate_scope_subset(received_scopes, original_scopes)
  extra_scopes = received_scopes.split - original_scopes.split
  assert extra_scopes.empty?, "Token response contained scopes which are not a subset of the scope granted to the "\
                              "original access token: #{extra_scopes.join(', ')}"
end

#validate_token_field_types(body) ⇒ Object

# File 'lib/smart_app_launch/token_payload_validation.rb', line 37

def validate_token_field_types(body)
  STRING_FIELDS
    .select { |field| body[field].present? }
    .each do |field|
    assert body[field].is_a?(String),
           "Expected `#{field}` to be a String, but found #{body[field].class.name}"
  end

  NUMERIC_FIELDS
    .select { |field| body[field].present? }
    .each do |field|
      assert body[field].is_a?(Numeric),
             "Expected `#{field}` to be a Numeric, but found #{body[field].class.name}"
    end
end

#validate_token_type(body) ⇒ Object

# File 'lib/smart_app_launch/token_payload_validation.rb', line 13

def validate_token_type(body)
  assert body['token_type'].casecmp('bearer').zero?, '`token_type` must be `bearer`'
end