Class: Authlete::Api
Instance Attribute Summary collapse
-
#extra_headers ⇒ Object
Returns the value of attribute extra_headers.
-
#host ⇒ Object
Returns the value of attribute host.
-
#service_api_key ⇒ Object
Returns the value of attribute service_api_key.
-
#service_api_secret ⇒ Object
Returns the value of attribute service_api_secret.
-
#service_owner_api_key ⇒ Object
Returns the value of attribute service_owner_api_key.
-
#service_owner_api_secret ⇒ Object
Returns the value of attribute service_owner_api_secret.
Instance Method Summary collapse
- #authorization(request) ⇒ Object
- #authorization_fail(request) ⇒ Object
- #authorization_issue(request) ⇒ Object
- #backchannel_authentication(request) ⇒ Object
- #backchannel_authentication_complete(request) ⇒ Object
- #backchannel_authentication_fail(request) ⇒ Object
- #backchannel_authentication_issue(request) ⇒ Object
- #client_create(client) ⇒ Object
- #client_delete(client_id) ⇒ Object
- #client_get(client_id) ⇒ Object
- #client_get_list(params = nil) ⇒ Object
- #client_update(client) ⇒ Object
- #delete_client_authorization(client_id, subject) ⇒ Object
- #delete_granted_scopes(client_id, subject) ⇒ Object
- #delete_requestable_scopes(client_id) ⇒ Object
- #device_authorization(request) ⇒ Object
- #device_complete(request) ⇒ Object
- #device_verification(request) ⇒ Object
- #dynamic_client_delete(request) ⇒ Object
- #dynamic_client_get(request) ⇒ Object
- #dynamic_client_register(request) ⇒ Object
- #dynamic_client_update(request) ⇒ Object
- #emit_rack_error_message(request, message) ⇒ Object
- #get_client_authorization_list(request) ⇒ Object
- #get_granted_scopes(client_id, subject) ⇒ Object
- #get_requestable_scopes(client_id) ⇒ Object
- #get_service_configuration(params = nil) ⇒ Object
- #get_service_jwks(params = nil) ⇒ Object
- #get_token_list(params = nil) ⇒ Object
- #introspection(request) ⇒ Object
-
#protect_resource(request, scopes = nil, subject = nil) ⇒ Object
Ensure that the request contains a valid access token.
- #push_authorization_request(request) ⇒ Object
- #refresh_client_secret(client_identifier) ⇒ Object
- #revocation(request) ⇒ Object
- #service_create(service) ⇒ Object
- #service_delete(api_key) ⇒ Object
- #service_get(api_key) ⇒ Object
- #service_get_list(params = nil) ⇒ Object
- #service_update(api_key, service) ⇒ Object
- #serviceowner_get_self ⇒ Object
- #set_requestable_scopes(client_id, scopes) ⇒ Object
- #standard_introspection(request) ⇒ Object
- #token(request) ⇒ Object
- #token_create(request) ⇒ Object
- #token_fail(request) ⇒ Object
- #token_issue(request) ⇒ Object
- #token_revoke(request) ⇒ Object
- #token_update(request) ⇒ Object
- #update_client_authorization(client_id, request) ⇒ Object
- #update_client_secret(client_identifier, client_secret) ⇒ Object
- #user_info(request) ⇒ Object
- #user_info_issue(request) ⇒ Object
Methods included from Utility
#extract_access_token, #get_parsed_array, #to_rack_response_json, #to_rack_response_www_authenticate
Instance Attribute Details
#extra_headers ⇒ Object
Returns the value of attribute extra_headers.
32 33 34 |
# File 'lib/authlete/api.rb', line 32 def extra_headers @extra_headers end |
#host ⇒ Object
Returns the value of attribute host.
27 28 29 |
# File 'lib/authlete/api.rb', line 27 def host @host end |
#service_api_key ⇒ Object
Returns the value of attribute service_api_key.
30 31 32 |
# File 'lib/authlete/api.rb', line 30 def service_api_key @service_api_key end |
#service_api_secret ⇒ Object
Returns the value of attribute service_api_secret.
31 32 33 |
# File 'lib/authlete/api.rb', line 31 def service_api_secret @service_api_secret end |
#service_owner_api_key ⇒ Object
Returns the value of attribute service_owner_api_key.
28 29 30 |
# File 'lib/authlete/api.rb', line 28 def service_owner_api_key @service_owner_api_key end |
#service_owner_api_secret ⇒ Object
Returns the value of attribute service_owner_api_secret.
29 30 31 |
# File 'lib/authlete/api.rb', line 29 def service_owner_api_secret @service_owner_api_secret end |
Instance Method Details
#authorization(request) ⇒ Object
[View source]
201 202 203 204 205 |
# File 'lib/authlete/api.rb', line 201 def (request) hash = call_api_json_service("/api/auth/authorization", to_hash(request)) Authlete::Model::Response::AuthorizationResponse.new(hash) end |
#authorization_fail(request) ⇒ Object
[View source]
213 214 215 216 217 |
# File 'lib/authlete/api.rb', line 213 def (request) hash = call_api_json_service("/api/auth/authorization/fail", to_hash(request)) Authlete::Model::Response::AuthorizationFailResponse.new(hash) end |
#authorization_issue(request) ⇒ Object
[View source]
207 208 209 210 211 |
# File 'lib/authlete/api.rb', line 207 def (request) hash = call_api_json_service("/api/auth/authorization/issue", to_hash(request)) Authlete::Model::Response::AuthorizationIssueResponse.new(hash) end |
#backchannel_authentication(request) ⇒ Object
[View source]
445 446 447 448 449 |
# File 'lib/authlete/api.rb', line 445 def backchannel_authentication(request) hash = call_api_json_service("/api/backchannel/authentication", to_hash(request)) Authlete::Model::Response::BackchannelAuthenticationResponse.new(hash) end |
#backchannel_authentication_complete(request) ⇒ Object
[View source]
463 464 465 466 467 |
# File 'lib/authlete/api.rb', line 463 def backchannel_authentication_complete(request) hash = call_api_json_service("/api/backchannel/authentication/complete", to_hash(request)) Authlete::Model::Response::BackchannelAuthenticationCompleteResponse.new(hash) end |
#backchannel_authentication_fail(request) ⇒ Object
[View source]
457 458 459 460 461 |
# File 'lib/authlete/api.rb', line 457 def backchannel_authentication_fail(request) hash = call_api_json_service("/api/backchannel/authentication/fail", to_hash(request)) Authlete::Model::Response::BackchannelAuthenticationFailResponse.new(hash) end |
#backchannel_authentication_issue(request) ⇒ Object
[View source]
451 452 453 454 455 |
# File 'lib/authlete/api.rb', line 451 def backchannel_authentication_issue(request) hash = call_api_json_service("/api/backchannel/authentication/issue", to_hash(request)) Authlete::Model::Response::BackchannelAuthenticationIssueResponse.new(hash) end |
#client_create(client) ⇒ Object
[View source]
277 278 279 280 281 |
# File 'lib/authlete/api.rb', line 277 def client_create(client) hash = call_api_json_service("/api/client/create", to_hash(client)) Authlete::Model::Client.new(hash) end |
#client_delete(client_id) ⇒ Object
[View source]
283 284 285 |
# File 'lib/authlete/api.rb', line 283 def client_delete(client_id) call_api_service(:delete, "/api/client/delete/#{client_id}", nil, nil) end |
#client_get(client_id) ⇒ Object
[View source]
287 288 289 290 291 |
# File 'lib/authlete/api.rb', line 287 def client_get(client_id) hash = call_api_service(:get, "/api/client/get/#{client_id}", nil, nil) Authlete::Model::Client.new(hash) end |
#client_get_list(params = nil) ⇒ Object
[View source]
293 294 295 296 297 |
# File 'lib/authlete/api.rb', line 293 def client_get_list(params = nil) hash = call_api_service(:get, "/api/client/get/list#{to_query(params)}", nil, nil) Authlete::Model::Response::ClientListResponse.new(hash) end |
#client_update(client) ⇒ Object
[View source]
299 300 301 302 303 |
# File 'lib/authlete/api.rb', line 299 def client_update(client) hash = call_api_json_service("/api/client/update/#{client.clientId}", to_hash(client)) Authlete::Model::Client.new(hash) end |
#delete_client_authorization(client_id, subject) ⇒ Object
[View source]
329 330 331 332 333 |
# File 'lib/authlete/api.rb', line 329 def (client_id, subject) request = Authlete::Model::Request::ClientAuthorizationDeleteRequest.new(subject: subject) call_api_json_service("/api/client/authorization/delete/#{client_id}", request.to_hash) end |
#delete_granted_scopes(client_id, subject) ⇒ Object
[View source]
399 400 401 402 403 |
# File 'lib/authlete/api.rb', line 399 def delete_granted_scopes(client_id, subject) request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject) call_api_json_service("/api/client/granted_scopes/delete/#{client_id}", to_hash(request)) end |
#delete_requestable_scopes(client_id) ⇒ Object
[View source]
417 418 419 |
# File 'lib/authlete/api.rb', line 417 def delete_requestable_scopes(client_id) call_api_service(:delete, "/api/client/extension/requestable_scopes/delete/#{client_id}", nil, nil) end |
#device_authorization(request) ⇒ Object
[View source]
469 470 471 472 473 |
# File 'lib/authlete/api.rb', line 469 def (request) hash = call_api_json_service("/api/device/authorization", to_hash(request)) Authlete::Model::Response::DeviceAuthorizationResponse.new(hash) end |
#device_complete(request) ⇒ Object
[View source]
475 476 477 478 479 |
# File 'lib/authlete/api.rb', line 475 def device_complete(request) hash = call_api_json_service("/api/device/complete", to_hash(request)) Authlete::Model::Response::DeviceCompleteResponse.new(hash) end |
#device_verification(request) ⇒ Object
[View source]
481 482 483 484 485 |
# File 'lib/authlete/api.rb', line 481 def device_verification(request) hash = call_api_json_service("/api/device/verification", to_hash(request)) Authlete::Model::Response::DeviceVerificationResponse.new(hash) end |
#dynamic_client_delete(request) ⇒ Object
[View source]
439 440 441 442 443 |
# File 'lib/authlete/api.rb', line 439 def dynamic_client_delete(request) hash = call_api_json_service("/api/client/registration/delete", to_hash(request)) Authlete::Model::Response::ClientRegistrationResponse.new(hash) end |
#dynamic_client_get(request) ⇒ Object
[View source]
427 428 429 430 431 |
# File 'lib/authlete/api.rb', line 427 def dynamic_client_get(request) hash = call_api_json_service("/api/client/registration/get", to_hash(request)) Authlete::Model::Response::ClientRegistrationResponse.new(hash) end |
#dynamic_client_register(request) ⇒ Object
[View source]
421 422 423 424 425 |
# File 'lib/authlete/api.rb', line 421 def dynamic_client_register(request) hash = call_api_json_service("/api/client/registration", to_hash(request)) Authlete::Model::Response::ClientRegistrationResponse.new(hash) end |
#dynamic_client_update(request) ⇒ Object
[View source]
433 434 435 436 437 |
# File 'lib/authlete/api.rb', line 433 def dynamic_client_update(request) hash = call_api_json_service("/api/client/registration/update", to_hash(request)) Authlete::Model::Response::ClientRegistrationResponse.new(hash) end |
#emit_rack_error_message(request, message) ⇒ Object
[View source]
556 557 558 559 560 561 562 |
# File 'lib/authlete/api.rb', line 556 def (request, ) begin # Logging if possible. request.env['rack.errors'].write("ERROR: #{}\n") rescue => e end end |
#get_client_authorization_list(request) ⇒ Object
[View source]
319 320 321 322 323 |
# File 'lib/authlete/api.rb', line 319 def (request) hash = call_api_json_service("/api/client/authorization/get/list", to_hash(request)) Authlete::Model::Response::AuthorizedClientListResponse.new(hash) end |
#get_granted_scopes(client_id, subject) ⇒ Object
[View source]
391 392 393 394 395 396 397 |
# File 'lib/authlete/api.rb', line 391 def get_granted_scopes(client_id, subject) request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject) hash = call_api_json_service("/api/client/granted_scopes/get/#{client_id}", to_hash(request)) Authlete::Model::Response::GrantedScopesGetResponse.new(hash) end |
#get_requestable_scopes(client_id) ⇒ Object
[View source]
405 406 407 408 409 |
# File 'lib/authlete/api.rb', line 405 def get_requestable_scopes(client_id) hash = call_api_service(:get, "/api/client/extension/requestable_scopes/get/#{client_id}", nil, nil) extract_requestable_scopes(hash) end |
#get_service_configuration(params = nil) ⇒ Object
[View source]
369 370 371 |
# File 'lib/authlete/api.rb', line 369 def get_service_configuration(params = nil) call_api_service(:get, "/api/service/configuration#{to_query(params)}", nil, nil) end |
#get_service_jwks(params = nil) ⇒ Object
[View source]
365 366 367 |
# File 'lib/authlete/api.rb', line 365 def get_service_jwks(params = nil) call_api_service(:get, "/api/service/jwks/get#{to_query(params)}", nil, nil) end |
#get_token_list(params = nil) ⇒ Object
[View source]
385 386 387 388 389 |
# File 'lib/authlete/api.rb', line 385 def get_token_list(params = nil) hash = call_api_service(:get, "/api/auth/token/get/list#{to_query(params)}", nil, nil) Authlete::Model::Response::TokenListResponse.new(hash) end |
#introspection(request) ⇒ Object
[View source]
335 336 337 338 339 |
# File 'lib/authlete/api.rb', line 335 def introspection(request) hash = call_api_json_service('/api/auth/introspection', to_hash(request)) Authlete::Model::Response::IntrospectionResponse.new(hash) end |
#protect_resource(request, scopes = nil, subject = nil) ⇒ Object
Ensure that the request contains a valid access token.
This method extracts an access token from the given request based on the rules described in RFC 6750 and introspects the access token by calling Authlete’s /api/auth/introspection API.
The first argument request
is a Rack request.
The second argument scopes
is an array of scope names required to access the target protected resource. This argument is optional.
The third argument subject
is a string which representing a subject which has to be associated with the access token. This argument is optional.
This method returns an instance of Authlete::Model::Response::IntrospectionResponse
. If its action
method returns ‘OK’, it means that the access token exists, has not expired, covers the requested scopes (if specified), and is associated with the requested subject (if specified). Otherwise, it means that the request does not contain any access token or that the access token does not satisfy the conditions to access the target protected resource.
515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 |
# File 'lib/authlete/api.rb', line 515 def protect_resource(request, scopes = nil, subject = nil) # Extract an access token from the request. access_token = extract_access_token(request) # If the request does not contain any access token. if access_token.nil? # The request does not contain a valid access token. return Authlete::Model::Response::IntrospectionResponse.new( action: 'BAD_REQUEST', responseContent: 'Bearer error="invalid_token",error_description="The request does not contain a valid access token."' ) end # Create a request for Authlete's /api/auth/introspection API. request = Authlete::Model::Request::IntrospectionRequest.new( token: access_token, scopes: scopes, subject: subject ) begin # Call Authlete's /api/auth/introspection API to introspect the access token. result = introspection(request) rescue => e # Error message. = ('/api/auth/introspection', e) # Emit a Rack error message. (request, ) # Failed to introspect the access token. return Authlete::Model::Response::IntrospectionResponse.new( action: 'INTERNAL_SERVER_ERROR', responseContent: "Bearer error=\"server_error\",error_description=\"#{}\"" ) end # Return the response from Authlete's /api/auth/introspection API. result end |
#push_authorization_request(request) ⇒ Object
[View source]
487 488 489 490 491 |
# File 'lib/authlete/api.rb', line 487 def (request) hash = call_api_json_service("/api/pushed_auth_req", to_hash(request)) Authlete::Model::Response::PushedAuthReqResponse.new(hash) end |
#refresh_client_secret(client_identifier) ⇒ Object
[View source]
305 306 307 308 309 |
# File 'lib/authlete/api.rb', line 305 def refresh_client_secret(client_identifier) hash = call_api_service(:get, "/api/client/secret/refresh/#{client_identifier}", nil, nil) Authlete::Model::Response::ClientSecretRefreshResponse.new(hash) end |
#revocation(request) ⇒ Object
[View source]
347 348 349 350 351 |
# File 'lib/authlete/api.rb', line 347 def revocation(request) hash = call_api_json_service("/api/auth/revocation", to_hash(request)) Authlete::Model::Response::RevocationResponse.new(hash) end |
#service_create(service) ⇒ Object
[View source]
243 244 245 246 247 |
# File 'lib/authlete/api.rb', line 243 def service_create(service) hash = call_api_json_service_owner("/api/service/create", to_hash(service)) Authlete::Model::Service.new(hash) end |
#service_delete(api_key) ⇒ Object
[View source]
249 250 251 |
# File 'lib/authlete/api.rb', line 249 def service_delete(api_key) call_api_service_owner(:delete, "/api/service/delete/#{api_key}", nil, nil) end |
#service_get(api_key) ⇒ Object
[View source]
253 254 255 256 257 |
# File 'lib/authlete/api.rb', line 253 def service_get(api_key) hash = call_api_service_owner(:get, "/api/service/get/#{api_key}", nil, nil) Authlete::Model::Service.new(hash) end |
#service_get_list(params = nil) ⇒ Object
[View source]
259 260 261 262 263 |
# File 'lib/authlete/api.rb', line 259 def service_get_list(params = nil) hash = call_api_service_owner(:get, "/api/service/get/list#{to_query(params)}", nil, nil) Authlete::Model::Response::ServiceListResponse.new(hash) end |
#service_update(api_key, service) ⇒ Object
[View source]
265 266 267 268 269 |
# File 'lib/authlete/api.rb', line 265 def service_update(api_key, service) hash = call_api_json_service_owner("/api/service/update/#{api_key}", to_hash(service)) Authlete::Model::Service.new(hash) end |
#serviceowner_get_self ⇒ Object
[View source]
271 272 273 274 275 |
# File 'lib/authlete/api.rb', line 271 def serviceowner_get_self hash = call_api_service_owner(:get, "/api/serviceowner/get/self", nil, nil) Authlete::Model::ServiceOwner.new(hash) end |
#set_requestable_scopes(client_id, scopes) ⇒ Object
[View source]
411 412 413 414 415 |
# File 'lib/authlete/api.rb', line 411 def set_requestable_scopes(client_id, scopes) hash = call_api_json_service("/api/client/extension/requestable_scopes/update/#{client_id}", { requestableScopes: scopes }) extract_requestable_scopes(hash) end |
#standard_introspection(request) ⇒ Object
[View source]
341 342 343 344 345 |
# File 'lib/authlete/api.rb', line 341 def standard_introspection(request) hash = call_api_json_service('/api/auth/introspection/standard', to_hash(request)) Authlete::Model::Response::StandardIntrospectionResponse.new(hash) end |
#token(request) ⇒ Object
[View source]
219 220 221 222 223 |
# File 'lib/authlete/api.rb', line 219 def token(request) hash = call_api_json_service("/api/auth/token", to_hash(request)) Authlete::Model::Response::TokenResponse.new(hash) end |
#token_create(request) ⇒ Object
[View source]
373 374 375 376 377 |
# File 'lib/authlete/api.rb', line 373 def token_create(request) hash = call_api_json_service("/api/auth/token/create", to_hash(request)) Authlete::Model::Response::TokenCreateResponse.new(hash) end |
#token_fail(request) ⇒ Object
[View source]
231 232 233 234 235 |
# File 'lib/authlete/api.rb', line 231 def token_fail(request) hash = call_api_json_service("/api/auth/token/fail", to_hash(request)) Authlete::Model::Response::TokenFailResponse.new(hash) end |
#token_issue(request) ⇒ Object
[View source]
225 226 227 228 229 |
# File 'lib/authlete/api.rb', line 225 def token_issue(request) hash = call_api_json_service("/api/auth/token/issue", to_hash(request)) Authlete::Model::Response::TokenIssueResponse.new(hash) end |
#token_revoke(request) ⇒ Object
[View source]
237 238 239 240 241 |
# File 'lib/authlete/api.rb', line 237 def token_revoke(request) hash = call_api_json_service("/api/auth/token/revoke", to_hash(request)) Authlete::Model::Response::TokenRevokeResponse.new(hash) end |
#token_update(request) ⇒ Object
[View source]
379 380 381 382 383 |
# File 'lib/authlete/api.rb', line 379 def token_update(request) hash = call_api_json_service("/api/auth/token/update", to_hash(request)) Authlete::Model::Response::TokenUpdateResponse.new(hash) end |
#update_client_authorization(client_id, request) ⇒ Object
[View source]
325 326 327 |
# File 'lib/authlete/api.rb', line 325 def (client_id, request) call_api_json_service("/api/client/authorization/update/#{client_id}", to_hash(request)) end |
#update_client_secret(client_identifier, client_secret) ⇒ Object
[View source]
311 312 313 314 315 316 317 |
# File 'lib/authlete/api.rb', line 311 def update_client_secret(client_identifier, client_secret) request = Authlete::Model::Request::ClientSecretUpdateRequest.new(clientSecret: client_secret) hash = call_api_json_service("/api/client/secret/update/#{client_identifier}", request.to_hash) Authlete::Model::Response::ClientSecretUpdateResponse.new(hash) end |
#user_info(request) ⇒ Object
[View source]
353 354 355 356 357 |
# File 'lib/authlete/api.rb', line 353 def user_info(request) hash = call_api_json_service("/api/auth/userinfo", to_hash(request)) Authlete::Model::Response::UserInfoResponse.new(hash) end |
#user_info_issue(request) ⇒ Object
[View source]
359 360 361 362 363 |
# File 'lib/authlete/api.rb', line 359 def user_info_issue(request) hash = call_api_json_service("/api/auth/userinfo/issue", to_hash(request)) Authlete::Model::Response::UserInfoIssueResponse.new(hash) end |