Class: Authlete::Api
Instance Attribute Summary collapse
-
#extra_headers ⇒ Object
Returns the value of attribute extra_headers.
-
#host ⇒ Object
Returns the value of attribute host.
-
#service_api_key ⇒ Object
Returns the value of attribute service_api_key.
-
#service_api_secret ⇒ Object
Returns the value of attribute service_api_secret.
-
#service_owner_api_key ⇒ Object
Returns the value of attribute service_owner_api_key.
-
#service_owner_api_secret ⇒ Object
Returns the value of attribute service_owner_api_secret.
Instance Method Summary collapse
- #authorization(request) ⇒ Object
- #authorization_fail(request) ⇒ Object
- #authorization_issue(request) ⇒ Object
- #backchannel_authentication(request) ⇒ Object
- #backchannel_authentication_complete(request) ⇒ Object
- #backchannel_authentication_fail(request) ⇒ Object
- #backchannel_authentication_issue(request) ⇒ Object
- #client_create(client) ⇒ Object
- #client_delete(client_id) ⇒ Object
- #client_get(client_id) ⇒ Object
- #client_get_list(params = nil) ⇒ Object
- #client_update(client) ⇒ Object
- #delete_client_authorization(client_id, subject) ⇒ Object
- #delete_granted_scopes(client_id, subject) ⇒ Object
- #delete_requestable_scopes(client_id) ⇒ Object
- #device_authorization(request) ⇒ Object
- #device_complete(request) ⇒ Object
- #device_verification(request) ⇒ Object
- #dynamic_client_delete(request) ⇒ Object
- #dynamic_client_get(request) ⇒ Object
- #dynamic_client_register(request) ⇒ Object
- #dynamic_client_update(request) ⇒ Object
- #emit_rack_error_message(request, message) ⇒ Object
- #get_client_authorization_list(request) ⇒ Object
- #get_granted_scopes(client_id, subject) ⇒ Object
- #get_requestable_scopes(client_id) ⇒ Object
- #get_service_configuration(params = nil) ⇒ Object
- #get_service_jwks(params = nil) ⇒ Object
- #get_token_list(params = nil) ⇒ Object
- #introspection(request) ⇒ Object
-
#protect_resource(request, scopes = nil, subject = nil) ⇒ Object
Ensure that the request contains a valid access token.
- #push_authorization_request(request) ⇒ Object
- #refresh_client_secret(client_identifier) ⇒ Object
- #revocation(request) ⇒ Object
- #service_create(service) ⇒ Object
- #service_delete(api_key) ⇒ Object
- #service_get(api_key) ⇒ Object
- #service_get_list(params = nil) ⇒ Object
- #service_update(api_key, service) ⇒ Object
- #serviceowner_get_self ⇒ Object
- #set_requestable_scopes(client_id, scopes) ⇒ Object
- #standard_introspection(request) ⇒ Object
- #token(request) ⇒ Object
- #token_create(request) ⇒ Object
- #token_fail(request) ⇒ Object
- #token_issue(request) ⇒ Object
- #token_revoke(request) ⇒ Object
- #token_update(request) ⇒ Object
- #update_client_authorization(client_id, request) ⇒ Object
- #update_client_secret(client_identifier, client_secret) ⇒ Object
- #user_info(request) ⇒ Object
- #user_info_issue(request) ⇒ Object
Methods included from Utility
#extract_access_token, #get_parsed_array, #to_rack_response_json, #to_rack_response_www_authenticate
Instance Attribute Details
#extra_headers ⇒ Object
Returns the value of attribute extra_headers.
32 33 34 |
# File 'lib/authlete/api.rb', line 32 def extra_headers @extra_headers end |
#host ⇒ Object
Returns the value of attribute host.
27 28 29 |
# File 'lib/authlete/api.rb', line 27 def host @host end |
#service_api_key ⇒ Object
Returns the value of attribute service_api_key.
30 31 32 |
# File 'lib/authlete/api.rb', line 30 def service_api_key @service_api_key end |
#service_api_secret ⇒ Object
Returns the value of attribute service_api_secret.
31 32 33 |
# File 'lib/authlete/api.rb', line 31 def service_api_secret @service_api_secret end |
#service_owner_api_key ⇒ Object
Returns the value of attribute service_owner_api_key.
28 29 30 |
# File 'lib/authlete/api.rb', line 28 def service_owner_api_key @service_owner_api_key end |
#service_owner_api_secret ⇒ Object
Returns the value of attribute service_owner_api_secret.
29 30 31 |
# File 'lib/authlete/api.rb', line 29 def service_owner_api_secret @service_owner_api_secret end |
Instance Method Details
#authorization(request) ⇒ Object
201 202 203 204 205 |
# File 'lib/authlete/api.rb', line 201 def (request) hash = call_api_json_service("/api/auth/authorization", to_hash(request)) Authlete::Model::Response::AuthorizationResponse.new(hash) end |
#authorization_fail(request) ⇒ Object
213 214 215 216 217 |
# File 'lib/authlete/api.rb', line 213 def (request) hash = call_api_json_service("/api/auth/authorization/fail", to_hash(request)) Authlete::Model::Response::AuthorizationFailResponse.new(hash) end |
#authorization_issue(request) ⇒ Object
207 208 209 210 211 |
# File 'lib/authlete/api.rb', line 207 def (request) hash = call_api_json_service("/api/auth/authorization/issue", to_hash(request)) Authlete::Model::Response::AuthorizationIssueResponse.new(hash) end |
#backchannel_authentication(request) ⇒ Object
445 446 447 448 449 |
# File 'lib/authlete/api.rb', line 445 def backchannel_authentication(request) hash = call_api_json_service("/api/backchannel/authentication", to_hash(request)) Authlete::Model::Response::BackchannelAuthenticationResponse.new(hash) end |
#backchannel_authentication_complete(request) ⇒ Object
463 464 465 466 467 |
# File 'lib/authlete/api.rb', line 463 def backchannel_authentication_complete(request) hash = call_api_json_service("/api/backchannel/authentication/complete", to_hash(request)) Authlete::Model::Response::BackchannelAuthenticationCompleteResponse.new(hash) end |
#backchannel_authentication_fail(request) ⇒ Object
457 458 459 460 461 |
# File 'lib/authlete/api.rb', line 457 def backchannel_authentication_fail(request) hash = call_api_json_service("/api/backchannel/authentication/fail", to_hash(request)) Authlete::Model::Response::BackchannelAuthenticationFailResponse.new(hash) end |
#backchannel_authentication_issue(request) ⇒ Object
451 452 453 454 455 |
# File 'lib/authlete/api.rb', line 451 def backchannel_authentication_issue(request) hash = call_api_json_service("/api/backchannel/authentication/issue", to_hash(request)) Authlete::Model::Response::BackchannelAuthenticationIssueResponse.new(hash) end |
#client_create(client) ⇒ Object
277 278 279 280 281 |
# File 'lib/authlete/api.rb', line 277 def client_create(client) hash = call_api_json_service("/api/client/create", to_hash(client)) Authlete::Model::Client.new(hash) end |
#client_delete(client_id) ⇒ Object
283 284 285 |
# File 'lib/authlete/api.rb', line 283 def client_delete(client_id) call_api_service(:delete, "/api/client/delete/#{client_id}", nil, nil) end |
#client_get(client_id) ⇒ Object
287 288 289 290 291 |
# File 'lib/authlete/api.rb', line 287 def client_get(client_id) hash = call_api_service(:get, "/api/client/get/#{client_id}", nil, nil) Authlete::Model::Client.new(hash) end |
#client_get_list(params = nil) ⇒ Object
293 294 295 296 297 |
# File 'lib/authlete/api.rb', line 293 def client_get_list(params = nil) hash = call_api_service(:get, "/api/client/get/list#{to_query(params)}", nil, nil) Authlete::Model::Response::ClientListResponse.new(hash) end |
#client_update(client) ⇒ Object
299 300 301 302 303 |
# File 'lib/authlete/api.rb', line 299 def client_update(client) hash = call_api_json_service("/api/client/update/#{client.clientId}", to_hash(client)) Authlete::Model::Client.new(hash) end |
#delete_client_authorization(client_id, subject) ⇒ Object
329 330 331 332 333 |
# File 'lib/authlete/api.rb', line 329 def (client_id, subject) request = Authlete::Model::Request::ClientAuthorizationDeleteRequest.new(subject: subject) call_api_json_service("/api/client/authorization/delete/#{client_id}", request.to_hash) end |
#delete_granted_scopes(client_id, subject) ⇒ Object
399 400 401 402 403 |
# File 'lib/authlete/api.rb', line 399 def delete_granted_scopes(client_id, subject) request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject) call_api_json_service("/api/client/granted_scopes/delete/#{client_id}", to_hash(request)) end |
#delete_requestable_scopes(client_id) ⇒ Object
417 418 419 |
# File 'lib/authlete/api.rb', line 417 def delete_requestable_scopes(client_id) call_api_service(:delete, "/api/client/extension/requestable_scopes/delete/#{client_id}", nil, nil) end |
#device_authorization(request) ⇒ Object
469 470 471 472 473 |
# File 'lib/authlete/api.rb', line 469 def (request) hash = call_api_json_service("/api/device/authorization", to_hash(request)) Authlete::Model::Response::DeviceAuthorizationResponse.new(hash) end |
#device_complete(request) ⇒ Object
475 476 477 478 479 |
# File 'lib/authlete/api.rb', line 475 def device_complete(request) hash = call_api_json_service("/api/device/complete", to_hash(request)) Authlete::Model::Response::DeviceCompleteResponse.new(hash) end |
#device_verification(request) ⇒ Object
481 482 483 484 485 |
# File 'lib/authlete/api.rb', line 481 def device_verification(request) hash = call_api_json_service("/api/device/verification", to_hash(request)) Authlete::Model::Response::DeviceVerificationResponse.new(hash) end |
#dynamic_client_delete(request) ⇒ Object
439 440 441 442 443 |
# File 'lib/authlete/api.rb', line 439 def dynamic_client_delete(request) hash = call_api_json_service("/api/client/registration/delete", to_hash(request)) Authlete::Model::Response::ClientRegistrationResponse.new(hash) end |
#dynamic_client_get(request) ⇒ Object
427 428 429 430 431 |
# File 'lib/authlete/api.rb', line 427 def dynamic_client_get(request) hash = call_api_json_service("/api/client/registration/get", to_hash(request)) Authlete::Model::Response::ClientRegistrationResponse.new(hash) end |
#dynamic_client_register(request) ⇒ Object
421 422 423 424 425 |
# File 'lib/authlete/api.rb', line 421 def dynamic_client_register(request) hash = call_api_json_service("/api/client/registration", to_hash(request)) Authlete::Model::Response::ClientRegistrationResponse.new(hash) end |
#dynamic_client_update(request) ⇒ Object
433 434 435 436 437 |
# File 'lib/authlete/api.rb', line 433 def dynamic_client_update(request) hash = call_api_json_service("/api/client/registration/update", to_hash(request)) Authlete::Model::Response::ClientRegistrationResponse.new(hash) end |
#emit_rack_error_message(request, message) ⇒ Object
556 557 558 559 560 561 562 |
# File 'lib/authlete/api.rb', line 556 def (request, ) begin # Logging if possible. request.env['rack.errors'].write("ERROR: #{}\n") rescue => e end end |
#get_client_authorization_list(request) ⇒ Object
319 320 321 322 323 |
# File 'lib/authlete/api.rb', line 319 def (request) hash = call_api_json_service("/api/client/authorization/get/list", to_hash(request)) Authlete::Model::Response::AuthorizedClientListResponse.new(hash) end |
#get_granted_scopes(client_id, subject) ⇒ Object
391 392 393 394 395 396 397 |
# File 'lib/authlete/api.rb', line 391 def get_granted_scopes(client_id, subject) request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject) hash = call_api_json_service("/api/client/granted_scopes/get/#{client_id}", to_hash(request)) Authlete::Model::Response::GrantedScopesGetResponse.new(hash) end |
#get_requestable_scopes(client_id) ⇒ Object
405 406 407 408 409 |
# File 'lib/authlete/api.rb', line 405 def get_requestable_scopes(client_id) hash = call_api_service(:get, "/api/client/extension/requestable_scopes/get/#{client_id}", nil, nil) extract_requestable_scopes(hash) end |
#get_service_configuration(params = nil) ⇒ Object
369 370 371 |
# File 'lib/authlete/api.rb', line 369 def get_service_configuration(params = nil) call_api_service(:get, "/api/service/configuration#{to_query(params)}", nil, nil) end |
#get_service_jwks(params = nil) ⇒ Object
365 366 367 |
# File 'lib/authlete/api.rb', line 365 def get_service_jwks(params = nil) call_api_service(:get, "/api/service/jwks/get#{to_query(params)}", nil, nil) end |
#get_token_list(params = nil) ⇒ Object
385 386 387 388 389 |
# File 'lib/authlete/api.rb', line 385 def get_token_list(params = nil) hash = call_api_service(:get, "/api/auth/token/get/list#{to_query(params)}", nil, nil) Authlete::Model::Response::TokenListResponse.new(hash) end |
#introspection(request) ⇒ Object
335 336 337 338 339 |
# File 'lib/authlete/api.rb', line 335 def introspection(request) hash = call_api_json_service('/api/auth/introspection', to_hash(request)) Authlete::Model::Response::IntrospectionResponse.new(hash) end |
#protect_resource(request, scopes = nil, subject = nil) ⇒ Object
Ensure that the request contains a valid access token.
This method extracts an access token from the given request based on the rules described in RFC 6750 and introspects the access token by calling Authlete’s /api/auth/introspection API.
The first argument request
is a Rack request.
The second argument scopes
is an array of scope names required to access the target protected resource. This argument is optional.
The third argument subject
is a string which representing a subject which has to be associated with the access token. This argument is optional.
This method returns an instance of Authlete::Model::Response::IntrospectionResponse
. If its action
method returns ‘OK’, it means that the access token exists, has not expired, covers the requested scopes (if specified), and is associated with the requested subject (if specified). Otherwise, it means that the request does not contain any access token or that the access token does not satisfy the conditions to access the target protected resource.
515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 |
# File 'lib/authlete/api.rb', line 515 def protect_resource(request, scopes = nil, subject = nil) # Extract an access token from the request. access_token = extract_access_token(request) # If the request does not contain any access token. if access_token.nil? # The request does not contain a valid access token. return Authlete::Model::Response::IntrospectionResponse.new( action: 'BAD_REQUEST', responseContent: 'Bearer error="invalid_token",error_description="The request does not contain a valid access token."' ) end # Create a request for Authlete's /api/auth/introspection API. request = Authlete::Model::Request::IntrospectionRequest.new( token: access_token, scopes: scopes, subject: subject ) begin # Call Authlete's /api/auth/introspection API to introspect the access token. result = introspection(request) rescue => e # Error message. = ('/api/auth/introspection', e) # Emit a Rack error message. (request, ) # Failed to introspect the access token. return Authlete::Model::Response::IntrospectionResponse.new( action: 'INTERNAL_SERVER_ERROR', responseContent: "Bearer error=\"server_error\",error_description=\"#{}\"" ) end # Return the response from Authlete's /api/auth/introspection API. result end |
#push_authorization_request(request) ⇒ Object
487 488 489 490 491 |
# File 'lib/authlete/api.rb', line 487 def (request) hash = call_api_json_service("/api/pushed_auth_req", to_hash(request)) Authlete::Model::Response::PushedAuthReqResponse.new(hash) end |
#refresh_client_secret(client_identifier) ⇒ Object
305 306 307 308 309 |
# File 'lib/authlete/api.rb', line 305 def refresh_client_secret(client_identifier) hash = call_api_service(:get, "/api/client/secret/refresh/#{client_identifier}", nil, nil) Authlete::Model::Response::ClientSecretRefreshResponse.new(hash) end |
#revocation(request) ⇒ Object
347 348 349 350 351 |
# File 'lib/authlete/api.rb', line 347 def revocation(request) hash = call_api_json_service("/api/auth/revocation", to_hash(request)) Authlete::Model::Response::RevocationResponse.new(hash) end |
#service_create(service) ⇒ Object
243 244 245 246 247 |
# File 'lib/authlete/api.rb', line 243 def service_create(service) hash = call_api_json_service_owner("/api/service/create", to_hash(service)) Authlete::Model::Service.new(hash) end |
#service_delete(api_key) ⇒ Object
249 250 251 |
# File 'lib/authlete/api.rb', line 249 def service_delete(api_key) call_api_service_owner(:delete, "/api/service/delete/#{api_key}", nil, nil) end |
#service_get(api_key) ⇒ Object
253 254 255 256 257 |
# File 'lib/authlete/api.rb', line 253 def service_get(api_key) hash = call_api_service_owner(:get, "/api/service/get/#{api_key}", nil, nil) Authlete::Model::Service.new(hash) end |
#service_get_list(params = nil) ⇒ Object
259 260 261 262 263 |
# File 'lib/authlete/api.rb', line 259 def service_get_list(params = nil) hash = call_api_service_owner(:get, "/api/service/get/list#{to_query(params)}", nil, nil) Authlete::Model::Response::ServiceListResponse.new(hash) end |
#service_update(api_key, service) ⇒ Object
265 266 267 268 269 |
# File 'lib/authlete/api.rb', line 265 def service_update(api_key, service) hash = call_api_json_service_owner("/api/service/update/#{api_key}", to_hash(service)) Authlete::Model::Service.new(hash) end |
#serviceowner_get_self ⇒ Object
271 272 273 274 275 |
# File 'lib/authlete/api.rb', line 271 def serviceowner_get_self hash = call_api_service_owner(:get, "/api/serviceowner/get/self", nil, nil) Authlete::Model::ServiceOwner.new(hash) end |
#set_requestable_scopes(client_id, scopes) ⇒ Object
411 412 413 414 415 |
# File 'lib/authlete/api.rb', line 411 def set_requestable_scopes(client_id, scopes) hash = call_api_json_service("/api/client/extension/requestable_scopes/update/#{client_id}", { requestableScopes: scopes }) extract_requestable_scopes(hash) end |
#standard_introspection(request) ⇒ Object
341 342 343 344 345 |
# File 'lib/authlete/api.rb', line 341 def standard_introspection(request) hash = call_api_json_service('/api/auth/introspection/standard', to_hash(request)) Authlete::Model::Response::StandardIntrospectionResponse.new(hash) end |
#token(request) ⇒ Object
219 220 221 222 223 |
# File 'lib/authlete/api.rb', line 219 def token(request) hash = call_api_json_service("/api/auth/token", to_hash(request)) Authlete::Model::Response::TokenResponse.new(hash) end |
#token_create(request) ⇒ Object
373 374 375 376 377 |
# File 'lib/authlete/api.rb', line 373 def token_create(request) hash = call_api_json_service("/api/auth/token/create", to_hash(request)) Authlete::Model::Response::TokenCreateResponse.new(hash) end |
#token_fail(request) ⇒ Object
231 232 233 234 235 |
# File 'lib/authlete/api.rb', line 231 def token_fail(request) hash = call_api_json_service("/api/auth/token/fail", to_hash(request)) Authlete::Model::Response::TokenFailResponse.new(hash) end |
#token_issue(request) ⇒ Object
225 226 227 228 229 |
# File 'lib/authlete/api.rb', line 225 def token_issue(request) hash = call_api_json_service("/api/auth/token/issue", to_hash(request)) Authlete::Model::Response::TokenIssueResponse.new(hash) end |
#token_revoke(request) ⇒ Object
237 238 239 240 241 |
# File 'lib/authlete/api.rb', line 237 def token_revoke(request) hash = call_api_json_service("/api/auth/token/revoke", to_hash(request)) Authlete::Model::Response::TokenRevokeResponse.new(hash) end |
#token_update(request) ⇒ Object
379 380 381 382 383 |
# File 'lib/authlete/api.rb', line 379 def token_update(request) hash = call_api_json_service("/api/auth/token/update", to_hash(request)) Authlete::Model::Response::TokenUpdateResponse.new(hash) end |
#update_client_authorization(client_id, request) ⇒ Object
325 326 327 |
# File 'lib/authlete/api.rb', line 325 def (client_id, request) call_api_json_service("/api/client/authorization/update/#{client_id}", to_hash(request)) end |
#update_client_secret(client_identifier, client_secret) ⇒ Object
311 312 313 314 315 316 317 |
# File 'lib/authlete/api.rb', line 311 def update_client_secret(client_identifier, client_secret) request = Authlete::Model::Request::ClientSecretUpdateRequest.new(clientSecret: client_secret) hash = call_api_json_service("/api/client/secret/update/#{client_identifier}", request.to_hash) Authlete::Model::Response::ClientSecretUpdateResponse.new(hash) end |
#user_info(request) ⇒ Object
353 354 355 356 357 |
# File 'lib/authlete/api.rb', line 353 def user_info(request) hash = call_api_json_service("/api/auth/userinfo", to_hash(request)) Authlete::Model::Response::UserInfoResponse.new(hash) end |
#user_info_issue(request) ⇒ Object
359 360 361 362 363 |
# File 'lib/authlete/api.rb', line 359 def user_info_issue(request) hash = call_api_json_service("/api/auth/userinfo/issue", to_hash(request)) Authlete::Model::Response::UserInfoIssueResponse.new(hash) end |